needhelp1
-
Posts
84 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by needhelp1
-
-
The computer seems to be running fine. Thanks for checking the logs!
-
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 12/31/2015 2:17:58 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SD70
Description:
Checking file system on D:
The type of the file system is NTFS.
Volume label is DATA.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
1898496 file records processed.
File verification completed.
26 large file records processed.
0 bad file records processed.
0 EA records processed.
0 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
1900368 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
1898496 file SDs/SIDs processed.
Cleaning up 126 unused index entries from index $SII of file 0x9.
Cleaning up 126 unused index entries from index $SDH of file 0x9.
Cleaning up 126 unused security descriptors.
Security descriptor verification completed.
937 data files processed.
CHKDSK is verifying Usn Journal...
37649192 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
1898480 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
56656382 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
1157235711 KB total disk space.
927811056 KB in 1897332 files.
762184 KB in 938 indexes.
0 KB in bad sectors.
2036939 KB in use by the system.
65536 KB occupied by the log file.
226625532 KB available on disk.
4096 bytes in each allocation unit.
289308927 total allocation units on disk.
56656383 allocation units available on disk.
Internal Info:
00 f8 1c 00 2a f7 1c 00 cb cc 39 00 00 00 00 00 ....*.....9.....
8c 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-12-31T08:17:58.000000000Z" />
<EventRecordID>103939</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SD70</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on D:
The type of the file system is NTFS.
Volume label is DATA.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
1898496 file records processed.
File verification completed.
26 large file records processed.
0 bad file records processed.
0 EA records processed.
0 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
1900368 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
1898496 file SDs/SIDs processed.
Cleaning up 126 unused index entries from index $SII of file 0x9.
Cleaning up 126 unused index entries from index $SDH of file 0x9.
Cleaning up 126 unused security descriptors.
Security descriptor verification completed.
937 data files processed.
CHKDSK is verifying Usn Journal...
37649192 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
1898480 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
56656382 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
1157235711 KB total disk space.
927811056 KB in 1897332 files.
762184 KB in 938 indexes.
0 KB in bad sectors.
2036939 KB in use by the system.
65536 KB occupied by the log file.
226625532 KB available on disk.
4096 bytes in each allocation unit.
289308927 total allocation units on disk.
56656383 allocation units available on disk.
Internal Info:
00 f8 1c 00 2a f7 1c 00 cb cc 39 00 00 00 00 00 ....*.....9.....
8c 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
</Data>
</EventData>
</Event>
-
Hi Advanced - I typed in the command to check D drive and the below message displayed. How would you like to proceed?
Chkdsk cannot run because the volume is in use by another process. Chkdsk may run if this volume is dismounted first. ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BY INVALID. Would you like to force a dismount on this volume? (Y/N)
-
Hi AdvancedSetup - here's the log for drive C, I will work on D later today.
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 12/29/2015 2:43:40 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: SD70
Description:Checking file system on C:
The type of the file system is NTFS.
Volume label is WIN7.A disk check has been scheduled.
Windows will now check the disk.CHKDSK is verifying files (stage 1 of 5)...
402176 file records processed.File verification completed.
1788 large file records processed.0 bad file records processed.
0 EA records processed.
59 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
490264 index entries processed.Index verification completed.
0 unindexed files scanned.0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
402176 file SDs/SIDs processed.Cleaning up 3090 unused index entries from index $SII of file 0x9.
Cleaning up 3090 unused index entries from index $SDH of file 0x9.
Cleaning up 3090 unused security descriptors.
Security descriptor verification completed.
44045 data files processed.CHKDSK is verifying Usn Journal...
34840472 USN bytes processed.Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
402160 files processed.File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
155056028 free clusters processed.Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.781404159 KB total disk space.
160435748 KB in 346629 files.
215124 KB in 44046 indexes.
0 KB in bad sectors.
529171 KB in use by the system.
65536 KB occupied by the log file.
620224116 KB available on disk.4096 bytes in each allocation unit.
195351039 total allocation units on disk.
155056029 allocation units available on disk.Internal Info:
00 23 06 00 1d f6 05 00 f1 d5 0a 00 00 00 00 00 .#..............
d2 05 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.
Please wait while your computer restarts.Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-12-29T08:43:40.000000000Z" />
<EventRecordID>103770</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>SD70</Computer>
<Security />
</System>
<EventData>
<Data>Checking file system on C:
The type of the file system is NTFS.
Volume label is WIN7.A disk check has been scheduled.
Windows will now check the disk.CHKDSK is verifying files (stage 1 of 5)...
402176 file records processed.File verification completed.
1788 large file records processed.0 bad file records processed.
0 EA records processed.
59 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
490264 index entries processed.Index verification completed.
0 unindexed files scanned.0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
402176 file SDs/SIDs processed.Cleaning up 3090 unused index entries from index $SII of file 0x9.
Cleaning up 3090 unused index entries from index $SDH of file 0x9.
Cleaning up 3090 unused security descriptors.
Security descriptor verification completed.
44045 data files processed.CHKDSK is verifying Usn Journal...
34840472 USN bytes processed.Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
402160 files processed.File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
155056028 free clusters processed.Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.781404159 KB total disk space.
160435748 KB in 346629 files.
215124 KB in 44046 indexes.
0 KB in bad sectors.
529171 KB in use by the system.
65536 KB occupied by the log file.
620224116 KB available on disk.4096 bytes in each allocation unit.
195351039 total allocation units on disk.
155056029 allocation units available on disk.Internal Info:
00 23 06 00 1d f6 05 00 f1 d5 0a 00 00 00 00 00 .#..............
d2 05 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event> -
Hi Daledoc,
FRST and Addition attached. I have a C and a D drive, should I run a Check Disk on both?
-
Hi,
Following up on a malware check, I was advised by DaleDoc that I might have a failing hard drive according to the messages below and to post to this forum. I'm new to checking a hard drive for errors so DaleDoc advised that I run a check disk first, should I go ahead and do that?
System errors:
=============
Error: (12/26/2015 01:57:21 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume WIN7.
Error: (12/26/2015 01:57:19 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume WIN7.
Error: (12/26/2015 01:57:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume WIN7.
Error: (12/26/2015 01:51:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126
Error: (12/26/2015 01:51:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:29:21 PM on 12/26/2015 was unexpected. <------our residence lost power unexpectedly
Error: (12/26/2015 11:53:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.
Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.
Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.
Error: (12/26/2015 11:53:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.
Error: (12/26/2015 11:24:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
-
Thanks for checking. No other issues at this time. I appreciate it.
-
RogueKiller V11.0.4.0 [Dec 20 2015] (Free) by Adlice SoftwareFeedback : http://forum.adlice.comBlog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : PWS [Administrator]Started from : C:\Users\X\Desktop\RogueKiller.exeMode : Scan -- Date : 12/26/2015 15:04:30¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 8 ¤¤¤[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus.msn.com/ -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found¤¤¤ Tasks : 0 ¤¤¤¤¤¤ Files : 1 ¤¤¤[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found¤¤¤ Hosts File : 2 ¤¤¤[C:\Windows\System32\drivers\etc\Hosts] 127.0.0.1 localhost[C:\Windows\System32\drivers\etc\Hosts] ::1 localhost¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD20EARX-22PASB0 ATA Device +++++--- User ---[MBR] d2716205458f24aa9a1397ad20eaac4f[bSP] b7f1af624ca415852c3eb9ae77b37bea : HP MBR CodePartition table:0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29747200 | Size: 763090 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1592555520 | Size: 1130113 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive5: HP Officejet Pro 68 USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )
-
I did use RogueKiller right afterwards and I remember that it did produce a log. But it doesn't seem to have saved it as a .log format, but rather a .json format that I can't open. Would you like me to run it again?
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015Ran by X (2015-12-26 13:56:12)Running from C:\Users\X\DesktopWindows 7 Home Premium Service Pack 1 (X64) (2011-12-18 18:24:35)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-809943335-2564626158-2276789416-500 - Administrator - Disabled)Guest (S-1-5-21-809943335-2564626158-2276789416-501 - Limited - Disabled)X (S-1-5-21-809943335-2564626158-2276789416-1001 - Limited - Enabled) => C:\Users\XX (S-1-5-21-809943335-2564626158-2276789416-1000 - Administrator - Enabled) => C:\Users\X==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) HiddenAdobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.)AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.12 - ASUSTeK)Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.)AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK)Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)Canadian Pacfic Mactier Subdivision Route (Version 1.5) (HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Canadian Pacfic Mactier Subdivision Route (Version 1.5)) (Version: - )Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenDVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)EMET (HKLM-x32\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft)ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenHP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLightScribe System Software 1.10.13.1 (x32 Version: 1.10.13.1 - hxxp://www.lightscribe.com) HiddenMalwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)MLT Greater Toronto Area (HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\MLT Greater Toronto Area) (Version: - )MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)Nero 7 Essentials (HKLM-x32\...\{8E72B982-D54F-486F-B35A-C24B6F171033}) (Version: 7.03.0581 - Nero AG)Norton Security Suite (HKLM-x32\...\N360) (Version: 20.6.0.27 - Symantec Corporation)NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)RailDriver for MSTS (HKLM-x32\...\{32C47C66-6393-413B-92D6-295E8A1D65DC}) (Version: - )RealDownloader (x32 Version: 17.0.10 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRoxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio)Run8 Amtrak01 (HKLM-x32\...\Run8 Amtrak01051813) (Version: 051813 - Run8 Studios, Ltd.)Run8 Autoracks01 AddOn (HKLM-x32\...\Run8 Autoracks01 AddOn030613) (Version: 030613 - Run8 Studios, Ltd.)Run8 Default Amtrak01 (HKLM-x32\...\Run8 Default Amtrak01051813) (Version: 051813 - Run8 Studios, Ltd.)Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.29.0 - Seagate)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)TC (HKLM-x32\...\{9D244037-7E69-4D6E-9729-0797D9294831}) (Version: 1.00.000 - )Track Builder 3 (HKLM-x32\...\{0D4999B8-3990-4026-A744-D842CE8C886A}) (Version: 3.1 - Signal Computer Consultants)Train Dispatcher 3 (HKLM-x32\...\{1306CFD5-28AE-486C-A298-90B50DA5DC5E}) (Version: 3.1 - Signal Computer Consultants)Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version: - Dovetail Games)Transfer Utility (HKLM-x32\...\{0ECE15AC-CB68-40EC-B70D-1B220717844C}) (Version: 1.00.012 - PIXELA)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenVD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)WOT for Internet Explorer (HKLM-x32\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {03FC218F-F244-4545-B117-D43BC067958B} - System32\Tasks\ReclaimerUpdateXML_PWS => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-03] (RealNetworks, Inc.)Task: {07B5E37D-0B6B-4291-BCD8-E067A249E0EE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {1820F88E-99AF-4100-8DB6-AA00EB31D85A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-05-13] (RealNetworks, Inc.)Task: {1887E18E-3FB5-4966-9D45-39DAED019A25} - System32\Tasks\PWS1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {1C1AD8BB-BF73-4125-849F-55692B6A6DE0} - System32\Tasks\hpwebreg_xxxxxxxxxx => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)Task: {1E54F33F-1F80-450C-9DD0-1DD9ED82A53A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {231AAAC3-168C-47C1-81E1-F16FD6AE206B} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)Task: {3D08450B-CCE5-4DBD-963F-9F4112B93EEB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {42329046-086D-49C1-BDD6-2CD354BCE6AF} - System32\Tasks\PLF1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {4324954A-1F61-45ED-B3F8-BF8A02671DA4} - System32\Tasks\PWS DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-05-04] (Seagate Technology LLC)Task: {4B02A1CC-5EB8-4315-904A-E2BEB042DE99} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation)Task: {55D7FC5C-AC94-4A21-A844-C969947923D5} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {58D54F20-1CD7-455C-B9F5-2886FBF9D0DE} - System32\Tasks\PLF3 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {61D0EC1D-A8BD-4C70-A137-D8AE4B272458} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)Task: {69AE8860-491D-4FC9-A8DC-76FC283030CC} - System32\Tasks\hpwebreg_CN18IDM234 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)Task: {6A72AD64-D40B-47E3-940B-34F59D9DB8B9} - System32\Tasks\PLF DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-05-04] (Seagate Technology LLC)Task: {6D93339B-8E47-46BB-B779-62A5A46E4C79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {6DCE1B62-C59F-410A-9FD1-E4242DBD7C7B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.)Task: {756F9A53-6CC4-49E1-8F30-0F56F2D1A9BA} - System32\Tasks\PWS Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {79C40808-E0C0-4378-B45A-374B4FE8DA28} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {7D8BD40A-D7D1-4656-B6E7-C70B43477A2A} - System32\Tasks\PWS3 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {7E2888DD-0BF8-4AA1-AB3F-1D950ED1EC30} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)Task: {828FDCEE-64F9-424F-8282-B2AD0AAC79F5} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)Task: {8A9D0612-3D7B-47FA-9CDF-F06E76899CCE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {946A93B8-24F7-46B2-9D6E-26E9ABFC6CD0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.)Task: {970D8C20-34F1-45BD-83EB-7D8FA282B9C0} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.)Task: {99037230-0697-473B-A026-4CCFC694084F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-21] (Google Inc.)Task: {A407DF8B-5563-4844-BAC4-5169997839DE} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation)Task: {A5806F40-5784-4D9B-BD44-E97324DD3400} - System32\Tasks\{8AB9B27D-32B0-4B41-84C6-4758B0E325BE} => pcalua.exe -a "K:\New Folder\SETUPEX.EXE" -d "K:\New Folder"Task: {ACC3A3EB-A07E-4E12-8259-0DFD0EEA2E63} - System32\Tasks\hpUtility.exe_{EADA3CBF-9B49-46E9-AB5A-0D481E360275} => C:\Program Files\HP\HP Officejet 4630 series\Bin\utils\hpUtility.exeTask: {B9570047-7A3F-44F7-A37E-97D6221FB8B6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {BB1898EB-B3A0-4BC7-8DFF-69383EA7A34E} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2012-05-04] (Seagate Technology LLC)Task: {BFB52EC2-86CB-4DA9-B87B-8F6A457D1219} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-05-13] (RealNetworks, Inc.)Task: {C1311A5A-FC53-4DB0-9E64-BDFFE4D7EF44} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)Task: {C4104C0F-C501-4D21-BB76-1813CDBE40CF} - System32\Tasks\PLF2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {CB98D9A0-799F-4149-9C15-CCDA8E7BCB10} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {D47F181C-1C51-4E7B-AD48-0D248ABFC79C} - System32\Tasks\hpUtility.exe_{3CE71C11-F78D-4C70-9366-489050E797C0} => C:\Program Files\HP\HP Officejet Pro 6830\Bin\utils\hpUtility.exe [2014-07-18] (Hewlett-Packard Development Company, LP)Task: {DB0BB800-6FBE-4C1C-A158-57DF1F4E214F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {DD4AD375-9AFA-4B20-9D8B-496CD8D9076B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)Task: {E35260E9-7E2F-4939-B384-184531C7A1DA} - System32\Tasks\PWS => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {E3CF4776-0E2E-4F1D-91DF-76B3A2656592} - System32\Tasks\PWS2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {E6C75919-20B3-4A93-AFDB-4F0E9CC087B1} - System32\Tasks\{F2F1AAB0-9618-47A7-9DC2-43BD9E03A5D4} => pcalua.exe -a C:\Users\PWS\Desktop\MLTGTAV1setup.exe -d C:\Users\PWS\DesktopTask: {EA421F14-5D56-418D-8A88-66BFEB796AF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated)Task: {ECDC7495-9C97-4AA5-A181-33832C4AF1B7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.)Task: {ECFE364E-BEF9-4F2F-AC04-F03DC6AB970B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)Task: {EFD105FE-D650-4640-847D-4D3B898BFE20} - System32\Tasks\PLF => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {F4CCFE1C-78D8-4670-85E1-6009DF8486DB} - System32\Tasks\PLF Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {F88B5FE5-5FBF-4F0B-989F-A64261E4AA0C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {FA0D0190-DDCD-4F85-B9AF-E28638291A11} - System32\Tasks\PLF4 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-05-04] (Seagate Technology LLC)Task: {FAA75705-C8F9-4416-A8B9-29501D8FFA36} - System32\Tasks\ReclaimerUpdateFiles_PWS => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-02-03] (RealNetworks, Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\hpwebreg_CN18IDM234.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exeTask: C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exeTask: C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exeTask: C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job => C:\Users\PWS\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2011-05-31 14:54 - 2010-11-03 03:30 - 00918144 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe2011-05-31 14:54 - 2010-11-19 02:56 - 00915072 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe2011-05-31 14:54 - 2010-10-21 03:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe2014-05-13 12:10 - 2014-05-13 12:10 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe2014-05-23 00:34 - 2014-05-23 00:34 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-05-31 14:54 - 2015-12-26 13:51 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll2011-05-31 14:54 - 2010-06-28 20:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll2014-06-07 12:20 - 2014-06-07 12:20 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-12-17 22:12 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON SECURITY SUITE\ENGINE\20.6.0.27\wincfi39.dll2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll2007-08-14 15:43 - 2007-08-14 15:43 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll2015-11-22 19:16 - 2010-07-01 20:29 - 00364544 ____N () C:\Program Files (x86)\PIXELA\Transfer Utility\pxl_m17n_tool.dll2014-06-07 12:20 - 2014-06-07 12:20 - 00573528 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\Users\PWS\Desktop\launch.ica.e0ocsjp.partial:icasourceAlternateDataStreams: C:\Users\PWS\Downloads\launch.ica.je0lxcn.partial:icasource==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\allstate.com -> hxxps://remotedesktop.allstate.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\008k.com -> 008k.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\00hq.com -> 00hq.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0190-dialers.com -> 0190-dialers.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\01i.info -> 01i.infoIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0411dd.com -> 0411dd.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0511zfhl.com -> 0511zfhl.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\05p.com -> 05p.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0632qyw.com -> 0632qyw.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0calories.net -> 0calories.netIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0cj.net -> 0cj.netIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\0scan.com -> 0scan.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1-domains-registrations.com -> 1-domains-registrations.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1-se.com -> 1-se.comIE restricted site: HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\1001movie.com -> 1001movie.comThere are 6091 more sites.==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 20:34 - 2012-04-21 19:42 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PWS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 75.75.75.75 - 75.75.76.76HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{2D8EBDF0-1F43-407D-87B9-1A090AD2D3A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{EF5D5A04-3D3B-4754-9E55-D084460CB7ED}] => (Allow) LPort=2869FirewallRules: [{1AC75879-8FB6-4F21-A462-F5EBC72A0399}] => (Allow) LPort=1900FirewallRules: [{5972C2C7-BC35-4EB0-AD3B-89D9A7A7CC68}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{2068568A-06F7-4238-B3AF-D11901084B8C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exeFirewallRules: [{88F3B2C5-4F8A-4771-9EB9-DF6B382B7CF5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exeFirewallRules: [{831E691C-C3F2-4B80-9B89-5511FE9D588A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exeFirewallRules: [{A01D245C-95C4-4D76-AA84-93783C3D11FE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exeFirewallRules: [{3D9FA8CA-F8BD-4A68-AEC1-62F95EDE9F28}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exeFirewallRules: [{268706B9-0CC7-42C1-B934-A15245A4A16F}] => (Allow) C:\Users\PWS\AppData\Local\Temp\7zS532E.tmp\SymNRT.exeFirewallRules: [{11E1891C-7A1C-4698-AC79-73547872B1AF}] => (Allow) C:\Users\PWS\AppData\Local\Temp\7zS532E.tmp\SymNRT.exeFirewallRules: [{5457A169-80A3-4D1E-96BB-506C7169A3F5}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exeFirewallRules: [{833309BF-CA5F-4697-8E09-483B75F2E9AE}] => (Allow) LPort=5357FirewallRules: [{F2C2C91A-C4A1-4398-B4A1-FECEF516E347}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exeFirewallRules: [{9F6B3D1F-33A0-4334-9EDA-5309FAA25741}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exeFirewallRules: [{5B749F95-A6B4-4B0E-BB6D-6A564B27C8C6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exeFirewallRules: [{3EADBF1B-719D-418B-A262-18B8EB55B8E6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exeFirewallRules: [{501B3DE3-427B-46D4-BA43-A3684B4E86F4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exeFirewallRules: [{65D0ECF8-F157-4D9F-831F-7E673B409295}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{0C326791-4FE7-403C-9AD9-D62F7B34BFBA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{0656FAE8-6D97-457B-A7FF-A4D91F6280A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{37B1A259-3AF0-4548-9F19-0F356D17AF0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{9B00130B-C497-4B3C-9826-346EC3D9FCBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exeFirewallRules: [{F81289C8-99E5-4CC2-B915-19C07D27FE1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exeFirewallRules: [{F154E8D4-107B-416D-BD3D-3161BDED15A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{8698725B-7607-4C51-AE76-AAF679AA5256}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{4A53A8C9-59E4-4E34-B7A9-7B091E4FBA9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{17FADAEB-34F2-4BEE-A471-7421D1134885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{660A2B82-BE38-4E34-BD46-0BE261E0DBA9}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{26BE8CC7-1BEB-40C7-A7CB-6B471AF12902}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [TCP Query User{7C0EB3D9-30D9-403D-9BC0-0E36CADD99F5}C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exe] => (Block) C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exeFirewallRules: [uDP Query User{3E886BDD-D2A0-459F-AA21-6DF9C1FF4404}C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exe] => (Block) C:\program files (x86)\run 8 studios\run 8 train simulator\run-8 train simulator.exe==================== Restore Points =========================17-12-2015 13:12:53 Windows Update24-12-2015 16:54:27 Norton Security Suite Registry==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (12/25/2015 09:10:28 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.Operation:Gathering Writer DataContext:Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}Writer Name: System WriterWriter Instance ID: {832521cc-0db8-4ab4-a093-4e0c1a29c3e8}Error: (12/25/2015 08:48:25 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.Operation:Gathering Writer DataContext:Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}Writer Name: System WriterWriter Instance ID: {832521cc-0db8-4ab4-a093-4e0c1a29c3e8}Error: (12/24/2015 04:35:08 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.Operation:Gathering Writer DataContext:Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}Writer Name: System WriterWriter Instance ID: {31a2886a-f41d-46f1-9c66-8443fe88cd26}Error: (12/24/2015 02:41:56 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process.Operation:Gathering Writer DataContext:Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}Writer Name: System WriterWriter Instance ID: {31a2886a-f41d-46f1-9c66-8443fe88cd26}Error: (12/23/2015 04:06:13 PM) (Source: Seagate Dashboard Services) (EventID: 0) (User: )Description: Service cannot be started. The service process could not connect to the service controllerError: (12/21/2015 07:49:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Seagate.Dashboard.Uploader.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceExceptionStack:at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])at Seagate.Dashboard.Uploader.Program.Main()Error: (12/16/2015 11:54:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: SD70)Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127Error: (12/15/2015 11:13:30 PM) (Source: MsiInstaller) (EventID: 1024) (User: SD70)Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127Error: (12/15/2015 11:05:04 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)Description: The service process could not connect to the service controller.Error: (12/15/2015 11:02:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: Seagate.Dashboard.Uploader.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: Microsoft.VisualBasic.ApplicationServices.CantStartSingleInstanceExceptionStack:at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])at Seagate.Dashboard.Uploader.Program.Main()System errors:=============Error: (12/26/2015 01:57:21 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume WIN7.Error: (12/26/2015 01:57:19 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume WIN7.Error: (12/26/2015 01:57:17 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume WIN7.Error: (12/26/2015 01:51:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Defender service terminated with the following error:%%126Error: (12/26/2015 01:51:13 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 12:29:21 PM on 12/26/2015 was unexpected.Error: (12/26/2015 11:53:31 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk6\DR7.Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk6\DR7.Error: (12/26/2015 11:53:30 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk6\DR7.Error: (12/26/2015 11:53:29 AM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk6\DR7.Error: (12/26/2015 11:24:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: The following fatal alert was received: 20.==================== Memory info ===========================Processor: Intel® Core i5-2320 CPU @ 3.00GHzPercentage of memory in use: 19%Total physical RAM: 12199.23 MBAvailable physical RAM: 9816.9 MBTotal Virtual: 24396.67 MBAvailable Virtual: 22009.6 MB==================== Drives ================================Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:593.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:218.08 GB) NTFSDrive k: (LEXAR) (Removable) (Total:0.97 GB) (Free:0.48 GB) FAT==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 1863 GB) (Disk ID: CB5BD2B2)Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)Partition 2: (Active) - (Size=745.2 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=1103.6 GB) - (Type=07 NTFS)========================================================Disk: 6 (MBR Code: Windows XP) (Size: 991.5 MB) (Disk ID: C3072E18)Partition 1: (Not Active) - (Size=991 MB) - (Type=04)==================== End of Addition.txt ============================
-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015Ran by X (administrator) on X (26-12-2015 13:54:50)Running from C:\Users\X\DesktopLoaded Profiles: X (Available Profiles: X & X)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe() C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe(Citrix Systems, Inc.) C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe(Citrix Systems, Inc.) C:\Users\PWS\AppData\Local\Citrix\ICA Client\wfcrun32.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-06-07] (RealNetworks, Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454184 2012-05-04] (Seagate Technology LLC)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [119440 2012-05-04] (Seagate Technology LLC)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)HKU\S-1-5-21-809943335-2564626158-2276789416-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\asusvibelauncher.lnk [2012-12-25]ShortcutTarget: asusvibelauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-06-07]ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk [2015-11-22]ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)Startup: C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk [2015-12-26]ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)GroupPolicy: Restriction - Chrome <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{B572E52D-654C-4037-A505-6BF565430247}: [DhcpNameServer] 75.75.75.75 75.75.76.76Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-809943335-2564626158-2276789416-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-809943335-2564626158-2276789416-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-05-13] (RealDownloader)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] ()BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-05-13] (RealDownloader)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL [2012-08-10] (Symantec Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-07] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-07] (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\confmgr.dll [2008-08-16] ()FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2008-08-16] ()FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\npicaN.dll [2008-08-16] ()FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\PWS\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not foundFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-12-26]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgnFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-03-28] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-07] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgnChrome:=======CHR Profile: C:\Users\PWS\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-26]CHR Extension: (Google Docs) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-26]CHR Extension: (Google Drive) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26]CHR Extension: (Norton Security Toolbar) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-12-26]CHR Extension: (YouTube) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-26]CHR Extension: (Google Search) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26]CHR Extension: (Google Sheets) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-26]CHR Extension: (Google Docs Offline) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-26]CHR Extension: (RealPlayer Downloader) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-12-26]CHR Extension: (Norton Identity Safe) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-26]CHR Extension: (Chrome Web Store Payments) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-26]CHR Extension: (Gmail) - C:\Users\PWS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-26]CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] ()R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-07] (RealNetworks, Inc.)R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation)R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14496 2012-05-04] (Seagate Technology LLC)S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-26] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\ENG64.SYS [138488 2015-11-24] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\EX64.SYS [2148080 2015-11-24] (Symantec Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation)R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-24] ()S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-26 13:54 - 2015-12-26 13:55 - 00032172 _____ C:\Users\PWS\Desktop\FRST.txt2015-12-26 13:53 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\PWS\Desktop\FRST64.exe2015-12-26 12:03 - 2015-12-26 12:03 - 00047457 _____ C:\Users\PLF\Desktop\FRST1.txt2015-12-26 12:00 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\PLF\Desktop\FRST64.exe2015-12-26 11:57 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\PWS\Downloads\frst64.exe2015-12-26 11:52 - 2015-12-26 11:52 - 00000000 ____D C:\Users\PWS\AppData\Local\Steam2015-12-26 11:52 - 2015-12-26 11:52 - 00000000 ____D C:\Users\PWS\AppData\Local\GWX2015-12-26 11:52 - 2015-12-26 11:52 - 00000000 ____D C:\Users\PWS\AppData\Local\CEF2015-12-24 14:30 - 2015-12-24 14:30 - 00003760 _____ C:\{2DB8C4FA-A9AF-439D-A901-139351B7273F}2015-12-24 12:17 - 2015-12-24 12:17 - 00011930 _____ C:\Users\PWS\Desktop\rk_B26D.tmp.txt2015-12-22 17:21 - 2015-12-26 12:22 - 00003328 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-10012015-12-21 20:39 - 2015-12-21 20:39 - 00000000 ____D C:\Users\PWS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Run8 Version 12.16.2015 Upgrade2015-12-21 20:36 - 2015-12-21 20:37 - 231134445 _____ C:\Users\PLF\Desktop\run8_upgrade_121615.exe2015-12-11 12:38 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-12-11 12:38 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-12-11 12:38 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-12-11 12:38 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-12-11 12:38 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-12-11 12:38 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-12-11 12:38 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-12-11 12:38 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll2015-12-11 12:38 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll2015-12-11 12:38 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll2015-12-11 12:38 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll2015-12-11 12:38 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-12-11 12:38 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-12-11 12:38 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-12-11 12:38 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-12-11 12:38 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-12-11 12:38 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-12-11 12:38 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2015-12-11 12:38 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-12-11 12:38 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2015-12-11 12:38 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-12-11 12:38 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-12-11 12:38 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-12-11 12:38 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-12-11 12:38 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-12-11 12:38 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-12-11 12:38 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-12-11 12:38 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-12-11 12:38 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-12-11 12:38 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-12-11 12:38 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-12-11 12:38 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-12-11 12:38 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-12-11 12:38 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-12-11 12:38 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-12-11 12:38 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-12-11 12:38 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-12-11 12:38 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2015-12-11 12:38 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-12-11 12:38 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-12-11 12:38 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-12-11 12:38 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-12-11 12:38 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-12-11 12:38 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-12-11 12:38 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-12-11 12:38 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-12-11 12:38 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-12-11 12:38 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-12-11 12:38 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-12-11 12:38 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-12-11 12:38 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-12-11 12:38 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-12-11 12:38 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-12-11 12:38 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-12-11 12:38 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-12-11 12:38 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-12-11 12:38 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-12-11 12:38 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-12-11 12:38 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-12-11 12:38 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-12-11 12:38 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-12-11 12:38 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-12-11 12:38 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-12-11 12:38 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2015-12-11 12:38 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-12-11 12:38 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-12-11 12:38 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-12-11 12:38 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-12-11 12:38 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-12-11 12:38 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-12-11 12:38 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-12-11 12:38 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-12-11 12:38 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-12-11 12:38 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll2015-12-11 12:38 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll2015-12-11 12:38 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-12-11 12:38 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2015-12-11 12:38 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys2015-12-11 12:38 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2015-12-11 12:38 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll2015-12-11 12:38 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2015-12-11 12:38 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll2015-11-26 16:30 - 2015-12-25 18:27 - 00003350 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-1001==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-26 13:54 - 2015-08-01 09:34 - 00000000 ____D C:\Windows\System32\Tasks\Remediation2015-12-26 13:54 - 2012-04-21 02:03 - 00000000 ____D C:\FRST2015-12-26 13:53 - 2015-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Steam2015-12-26 13:52 - 2015-02-21 00:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-26 13:52 - 2015-02-03 18:37 - 00003350 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-809943335-2564626158-2276789416-10002015-12-26 13:52 - 2014-06-07 12:21 - 00003212 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-10002015-12-26 13:52 - 2014-04-24 21:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-12-26 13:51 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-12-26 12:27 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-26 12:27 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-26 12:22 - 2015-08-03 17:11 - 00003190 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-10012015-12-26 12:05 - 2012-03-30 08:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-12-26 12:01 - 2015-02-08 23:39 - 00047457 _____ C:\Users\PLF\Desktop\FRST.txt2015-12-26 11:56 - 2015-02-21 00:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-26 11:55 - 2009-07-13 23:13 - 00797890 _____ C:\Windows\system32\PerfStringBackup.INI2015-12-26 11:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf2015-12-26 11:53 - 2013-02-25 21:20 - 00002028 _____ C:\Windows\Sandboxie.ini2015-12-26 11:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows2015-12-25 19:32 - 2011-12-29 13:47 - 00005840 _____ C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job2015-12-25 18:27 - 2014-06-07 12:07 - 00003212 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-809943335-2564626158-2276789416-10012015-12-25 13:33 - 2011-12-18 13:43 - 00000000 ____D C:\ProgramData\Norton2015-12-25 13:15 - 2015-02-22 19:20 - 00000000 ____D C:\Users\PLF\Desktop\FB pics2015-12-24 16:52 - 2015-02-08 16:51 - 00000358 _____ C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job2015-12-24 14:53 - 2015-02-08 16:51 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job2015-12-24 12:17 - 2014-07-13 11:47 - 00000000 ____D C:\ProgramData\RogueKiller2015-12-24 12:06 - 2014-07-13 11:47 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-12-24 12:04 - 2015-02-09 11:14 - 20834888 _____ C:\Users\PLF\Desktop\RogueKiller.exe2015-12-19 19:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\system32\GWX2015-12-17 00:01 - 2015-11-07 12:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-12-16 23:57 - 2015-02-21 00:15 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-12 20:50 - 2009-07-13 22:45 - 00456512 _____ C:\Windows\system32\FNTCACHE.DAT2015-12-11 15:31 - 2012-12-29 11:38 - 00000000 ____D C:\ProgramData\Microsoft Help2015-12-11 15:05 - 2013-07-16 16:09 - 00000000 ____D C:\Windows\system32\MRT2015-12-11 13:31 - 2011-12-20 12:23 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-12-11 13:05 - 2012-03-30 08:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-12-11 13:05 - 2012-03-30 08:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-12-11 13:05 - 2011-12-26 00:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-12-05 00:51 - 2015-02-21 00:09 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-12-05 00:51 - 2015-02-21 00:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore==================== Files in the root of some directories =======2011-12-18 17:16 - 2015-03-18 22:47 - 0000000 _____ () C:\Users\PWS\AppData\Roaming\FileIn.cns2011-12-18 17:16 - 2015-03-18 22:47 - 0000000 _____ () C:\Users\PWS\AppData\Roaming\FileOut.cns2013-07-29 08:44 - 2015-08-25 12:30 - 0007599 _____ () C:\Users\PWS\AppData\Local\Resmon.ResmonCfg2014-10-23 21:07 - 2014-10-23 21:07 - 0000057 _____ () C:\ProgramData\Ament.iniSome files in TEMP:====================C:\Users\PWS\AppData\Local\Temp\ose00000.exe==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-12-21 20:08==================== End of FRST.txt ============================
-
Hi,
I had a drive by download attempt the other day from what appeared to be the angler exploit kit. It looks like my AV stopped the page redirect before it could get to the exploit kit and my browser was sandboxed at the time (I also have the log from when the AV stopped the redirect if you need it). But could one of you take quick look and see if anything got through? Thanks!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015Ran by X (ATTENTION: The user is not administrator) on X (26-12-2015 12:00:33)Running from C:\Users\X\DesktopLoaded Profiles: X (Available Profiles: X & X)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)Failed to access process -> smss.exeFailed to access process -> csrss.exeFailed to access process -> wininit.exeFailed to access process -> services.exeFailed to access process -> lsass.exeFailed to access process -> lsm.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> SbieSvc.exeFailed to access process -> svchost.exeFailed to access process -> spoolsv.exeFailed to access process -> svchost.exeFailed to access process -> armsvc.exeFailed to access process -> AppleMobileDeviceService.exeFailed to access process -> atkexComSvc.exeFailed to access process -> aaHMSvc.exeFailed to access process -> AsSysCtrlService.exeFailed to access process -> mDNSResponder.exeFailed to access process -> AsHookDevice.exeFailed to access process -> svchost.exeFailed to access process -> LSSrvc.exeFailed to access process -> mbae-svc.exeFailed to access process -> mbamscheduler.exeFailed to access process -> mbae64.exeFailed to access process -> conhost.exeFailed to access process -> mbamservice.exeFailed to access process -> ccsvchst.exeFailed to access process -> svchost.exeFailed to access process -> svchost.exeFailed to access process -> rndlresolversvc.exeFailed to access process -> rpdsvc.exeFailed to access process -> RealPlayerUpdateSvc.exeFailed to access process -> Seagate.Dashboard.DASWindowsService.exeFailed to access process -> svchost.exeFailed to access process -> WLIDSVC.EXEFailed to access process -> WLIDSVCM.EXEFailed to access process -> WmiPrvSE.exeFailed to access process -> SearchIndexer.exeFailed to access process -> svchost.exeFailed to access process -> WUDFHost.exeFailed to access process -> NMIndexingService.exeFailed to access process -> iPodService.exeFailed to access process -> LMS.exeFailed to access process -> UNS.exeFailed to access process -> TrustedInstaller.exeFailed to access process -> svchost.exeFailed to access process -> taskeng.exeFailed to access process -> SearchProtocolHost.exeFailed to access process -> csrss.exeFailed to access process -> winlogon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exeFailed to access process -> sppsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coNatHst.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)HKLM-x32\...\Run: [ConnectionCenter] => "C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe" /startupHKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-06-07] (RealNetworks, Inc.)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454184 2012-05-04] (Seagate Technology LLC)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [119440 2012-05-04] (Seagate Technology LLC)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-10-22] (Sandboxie Holdings, LLC)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\asusvibelauncher.lnk [2012-12-25]ShortcutTarget: asusvibelauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-06-07]ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk [2015-11-22]ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)Startup: C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk [2015-12-26]ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)GroupPolicy: Restriction - Chrome <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{B572E52D-654C-4037-A505-6BF565430247}: [DhcpNameServer] 75.75.75.75 75.75.76.76Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com/SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-05-13] (RealDownloader)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] ()BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-05-13] (RealDownloader)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL [2012-08-10] (Symantec Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2015-06-29] (Symantec Corporation)Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No FileFireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-06-07] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-05-13] (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-06-07] (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not foundFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-12-26]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgnFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-03-28] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-07] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgnChrome:=======CHR Profile: C:\Users\PLF\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]CHR Extension: (Google Docs) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]CHR Extension: (Google Drive) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]CHR Extension: (Norton Security Toolbar) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-08-06]CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-12-26]CHR Extension: (YouTube) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]CHR Extension: (Google Search) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]CHR Extension: (Google Sheets) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]CHR Extension: (Google Docs Offline) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-26]CHR Extension: (RealPlayer Downloader) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-21]CHR Extension: (Norton Identity Safe) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-21]CHR Extension: (Chrome Web Store Payments) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]CHR Extension: (Gmail) - C:\Users\PLF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] ()R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-07] () [File not signed]R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation)R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14496 2012-05-04] (Seagate Technology LLC)S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-17] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-17] (Symantec Corporation)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20151225.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-26] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\ENG64.SYS [138488 2015-11-24] (Symantec Corporation)R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20151225.001\EX64.SYS [2148080 2015-11-24] (Symantec Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation)R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-24] ()S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-26 12:00 - 2015-12-26 11:57 - 02370560 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe2015-12-24 14:30 - 2015-12-24 14:30 - 00003760 _____ C:\{2DB8C4FA-A9AF-439D-A901-139351B7273F}2015-12-21 20:36 - 2015-12-21 20:37 - 231134445 _____ C:\Users\X\Desktop\run8_upgrade_121615.exe2015-12-11 12:38 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-12-11 12:38 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-12-11 12:38 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-12-11 12:38 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-12-11 12:38 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-12-11 12:38 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-12-11 12:38 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-12-11 12:38 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-12-11 12:38 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-12-11 12:38 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll2015-12-11 12:38 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll2015-12-11 12:38 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll2015-12-11 12:38 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll2015-12-11 12:38 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-12-11 12:38 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-12-11 12:38 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-12-11 12:38 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-12-11 12:38 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-12-11 12:38 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-12-11 12:38 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-12-11 12:38 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2015-12-11 12:38 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-12-11 12:38 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2015-12-11 12:38 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-12-11 12:38 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-12-11 12:38 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-12-11 12:38 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-12-11 12:38 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-12-11 12:38 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-12-11 12:38 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-12-11 12:38 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-12-11 12:38 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-12-11 12:38 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-12-11 12:38 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-12-11 12:38 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-12-11 12:38 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-12-11 12:38 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-12-11 12:38 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-12-11 12:38 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-12-11 12:38 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-12-11 12:38 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2015-12-11 12:38 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-12-11 12:38 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-12-11 12:38 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-12-11 12:38 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-12-11 12:38 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-12-11 12:38 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-12-11 12:38 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-12-11 12:38 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-12-11 12:38 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-12-11 12:38 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-12-11 12:38 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-12-11 12:38 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-12-11 12:38 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-12-11 12:38 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-12-11 12:38 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-12-11 12:38 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-12-11 12:38 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-12-11 12:38 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-12-11 12:38 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-12-11 12:38 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-12-11 12:38 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-12-11 12:38 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-12-11 12:38 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-12-11 12:38 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-12-11 12:38 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-12-11 12:38 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-12-11 12:38 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2015-12-11 12:38 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-12-11 12:38 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-12-11 12:38 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-12-11 12:38 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-12-11 12:38 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-12-11 12:38 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-12-11 12:38 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-12-11 12:38 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-12-11 12:38 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-12-11 12:38 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll2015-12-11 12:38 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll2015-12-11 12:38 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-12-11 12:38 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2015-12-11 12:38 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys2015-12-11 12:38 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2015-12-11 12:38 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll2015-12-11 12:38 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll2015-12-11 12:38 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-12-26 12:00 - 2015-02-08 23:39 - 00030959 _____ C:\Users\X\Desktop\FRST.txt2015-12-26 12:00 - 2012-04-21 02:03 - 00000000 ____D C:\FRST2015-12-26 11:59 - 2015-02-21 00:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-12-26 11:57 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-12-26 11:57 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-12-26 11:56 - 2015-02-21 00:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-12-26 11:55 - 2009-07-13 23:13 - 00797890 _____ C:\Windows\system32\PerfStringBackup.INI2015-12-26 11:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf2015-12-26 11:53 - 2015-08-02 18:26 - 00000000 ____D C:\Program Files (x86)\Steam2015-12-26 11:53 - 2013-02-25 21:20 - 00002028 _____ C:\Windows\Sandboxie.ini2015-12-26 11:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows2015-12-26 11:52 - 2014-04-24 21:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-12-26 11:08 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-12-26 02:05 - 2012-03-30 08:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-12-25 19:32 - 2011-12-29 13:47 - 00005840 _____ C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job2015-12-25 13:33 - 2011-12-18 13:43 - 00000000 ____D C:\ProgramData\Norton2015-12-25 13:15 - 2015-02-22 19:20 - 00000000 ____D C:\Users\PLF\Desktop\FB pics2015-12-24 16:52 - 2015-02-08 16:51 - 00000358 _____ C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job2015-12-24 14:53 - 2015-02-08 16:51 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job2015-12-24 12:17 - 2014-07-13 11:47 - 00000000 ____D C:\ProgramData\RogueKiller2015-12-24 12:06 - 2014-07-13 11:47 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys2015-12-24 12:04 - 2015-02-09 11:14 - 20834888 _____ C:\Users\PLF\Desktop\RogueKiller.exe2015-12-19 19:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-12-17 13:13 - 2015-04-06 23:54 - 00000000 ___SD C:\Windows\system32\GWX2015-12-17 00:01 - 2015-11-07 12:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-12-16 23:57 - 2015-02-21 00:15 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-12 20:50 - 2009-07-13 22:45 - 00456512 _____ C:\Windows\system32\FNTCACHE.DAT2015-12-11 15:31 - 2012-12-29 11:38 - 00000000 ____D C:\ProgramData\Microsoft Help2015-12-11 15:05 - 2013-07-16 16:09 - 00000000 ____D C:\Windows\system32\MRT2015-12-11 13:31 - 2011-12-20 12:23 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-12-11 13:05 - 2012-03-30 08:15 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-12-11 13:05 - 2011-12-26 00:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl==================== Files in the root of some directories =======2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileIn.cns2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileOut.cns2015-08-01 13:45 - 2015-08-01 13:45 - 0006656 _____ () C:\Users\PLF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-04-24 20:44 - 2015-11-22 19:00 - 0381228 _____ () C:\Users\PLF\AppData\Local\rx_image32.Cache2014-10-23 21:07 - 2014-10-23 21:07 - 0000057 _____ () C:\ProgramData\Ament.ini==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedATTENTION: ==> Could not access BCD. The user is not administrator==================== End of FRST.txt ============================ -
Thanks guys for your input. Scoop, that appears to be exactly what the issue was. Norton is my AV and the timeline and description of the issue in the link you provided fits perfectly. Of all the possibilities, I didn't think the AV would have been the cause of the issue, learn something new everyday! Thanks again!
-
Hi all,
Last night I encountered an odd behavior for Internet Explorer. I had a webpage up for a while and all of the sudden the message "Internet Explorer has encountered a problem and needs to close" appeared and the program became unresponsive (IE has been working fine for me for years, this was the first time). So I closed and re-opened the program - same result but this time the message appeared as soon as the program opened. I then did some research and tried a few things to correct the issue, but no luck for any of them (below). I was able to get Chrome onto the machine through a thumb drive off another computer so I can at least access the internet. From the problem event name, it appears that the issue was a buffer overflow. I have the machine up to date with the latest patches. Do any of you experts have any suggestions to correct the issue?
Ran IE without addons
Reset IE
Restarted the computer
Re installed IE
Ran IE outside of Sandboxie
Disabled Malwarebytes anti exploit
Below was the message found in the reliability history log:
DescriptionFaulting Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exeProblem signatureProblem Event Name: BEXApplication Name: IEXPLORE.EXEApplication Version: 10.0.9200.17229Application Timestamp: 54b478dfFault Module Name: IPSEng32.dllFault Module Version: 14.2.1.9Fault Module Timestamp: 54c8223bException Offset: 000c61e2Exception Code: c0000417Exception Data: 00000000OS Version: 6.1.7601.2.1.0.768.3Locale ID: 1033Additional Information 1: 5d6eAdditional Information 2: 5d6ef9135253aecf38a5211f52813d05Additional Information 3: 0d78Additional Information 4: 0d78b5f7b5aa516f13d946df3667918d -
Everything seems to be working ok. Thanks Kevin! We can close out.
-
The system seems to be working okay, no issues noticed. Thank you very much for giving the system a quick look! PayPal will be coming your way tomorrow.
One question I've been meaning to ask. For a while, one svchost in task manager is taking up around 286,000k while the others are taking around 10,000k. In TCPview a svchost sometimes will connect to an address. Does this sound like normal behavior?
-
Thanks Kevin, logs below:
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : PWS [Administrator]
Mode : Scan -- Date : 02/09/2015 11:19:40¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 14 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found¤¤¤ Tasks : 8 ¤¤¤
[suspicious.Path] \\PLF -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF.nji") -> Found
[suspicious.Path] \\PLF Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF Merge.nji") -> Found
[suspicious.Path] \\PLF1 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF1.nji") -> Found
[suspicious.Path] \\PLF2 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF2.nji") -> Found
[suspicious.Path] \\PLF3 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF3.nji") -> Found
[suspicious.Path] \\PWS -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS.nji") -> Found
[suspicious.Path] \\PWS Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS Merge.nji") -> Found
[suspicious.Path] \\PWS2 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS2.nji") -> Found¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EARX-22PASB0 ATA Device +++++
--- User ---
[MBR] d2716205458f24aa9a1397ad20eaac4f
[bSP] b7f1af624ca415852c3eb9ae77b37bea : HP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29747200 | Size: 763090 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1592555520 | Size: 1130113 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive5: HP Officejet Pro 68 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )============================================
RKreport_SCN_07132014_125550.log - RKreport_SCN_12122014_233420.log - RKreport_SCN_12292014_235639.logHerdProtect:
Saved date: 2/9/2015 1:01:00 PM
Files detected: 84
Files scanned: 10,339
Processes scanned: 74
Modules scanned: 764
ASEPs scanned: 497
Downloads scanned: 2
Deep analysis: 2/0
---------------------------------------------------------------------------------Files
---------------------------------------------------------------------------------
File path: c:\program files (x86)\asus\ai suite ii\asroutinecontroller.exe
Publisher: ASUSTeK Computer Inc.
Signer: ASUSTeK Computer Inc.
MD5: 576c72830e3fd6ace2910545b6130803
SHA-1: 0c6aa51f08695ed83472f35930006564c8bb5566
Created: 5/31/2011 3:54:22 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\ahead\lib\nmindexstoresvr.exe
Publisher: Nero AG
Signer: Nero AG
MD5: ffbd5650348d4f9e0aa8e72938dc6478
SHA-1: 17a719cbf59a68c5c11bb030710c4e1e24576f10
Created: 6/27/2007 8:04:00 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.NeroAG.P---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\ahead\lib\nmbgmonitor.exe
Publisher: Nero AG
Signer: Nero AG
MD5: 86f0d0b3a07c142c81dab47e8495a822
SHA-1: 27179230ec6323d58bd51cdcfbfb6151a1a6f6ed
Created: 6/27/2007 8:03:40 PM
Detections: 2
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.Startup.NeroAG.L
- Prevx as Heuristic: Suspicious Self Modifying File (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\asus\axsp\1.00.13\pebiosinterface32.dll
Publisher:
MD5: fdd0ca75e21bebdfd1dfcd94eaf21147
SHA-1: 8e8b626230e5609d7e19851d0fa11cb4cc9052da
Created: 5/31/2011 3:54:01 PM
Detections: 2
Determination: Ignore detections (false positive)
- Trend Micro House Call as PAK_Generic.001
- Trend Micro as PAK_Generic.001---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\core\nero.exe
Publisher: Nero AG
Signer: Nero AG
MD5: 8f47a3c28086829f25251b763ff7509f
SHA-1: 0a4f86789215592271e71fb4e7c68bccb5d70568
Created: 7/27/2007 12:40:06 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1---------------------------------------------------------------------------------
File path: c:\program files (x86)\free m4a to mp3 converter\m4a_menu.dll
Publisher:
MD5: 22828e87a47716d1563663c939a3cd6d
SHA-1: 190e89eda8c472ccee40873362a71fabd71bb1b9
Created: 12/30/2011 9:56:37 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\downloads\mstspatch1.8.052113en\patch 1.8.052113en.exe
Publisher: Lindersoft
MD5: b81d2389c0fd6fe98b299019aefa9c99
SHA-1: 0c1f22897c8d43e26fbc0e419ff2d68b909c6e3e
Created: 5/21/2008 2:58:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Packed (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\desktop\otl.exe
Publisher: OldTimer Tools
MD5: be23867d18238526b9cddde6f1e3022a
SHA-1: ca59f8a95d0acff2c1c759b83984af63c71e6ea9
Created: 5/5/2012 10:37:12 PM
Detections: 4
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.R06H1DS (Undefined)
- eSafe as Suspicious File
- Agnitum Outpost as Packed/PECompact
- Antiy Labs AVL as Trojan/win32.agent.gen (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\desktop\roguekiller.exe
Publisher: Tigzy
MD5: 1ef27dcca7f8ed4c23e1e060f1904ce1
SHA-1: 01c99c945be0da7da63dccfe6144792f9a422eb2
Created: 10/26/2012 4:30:37 PM
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as TROJ_GEN.F47V1024 (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\desktop\securitycheck.exe
Publisher:
MD5: 31f3cf74759be9196408eebfe9e93626
SHA-1: 6a9c8da3e0edb9519d2a10ec02fc338126480a86
Created: 12/26/2012 11:23:59 PM
Detections: 3
Determination: Inconclusive
- Trend Micro House Call as TROJ_GEN.F47V1125 (Undefined)
- Sophos as NirCmd
- Antiy Labs AVL as Trojan/Win32.Chifrax.gen (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\desktop\td35.exe
Publisher: Signal Computer Consultants
MD5: fdc53217d35607f89c42a6a20329b74e
SHA-1: 8cd699480d30b80c149550b9de8a371d7b9e1630
Created: 4/27/2012 11:39:00 AM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as RemoteAdmin.Win32.WinVNC-based!O---------------------------------------------------------------------------------
File path: c:\users\pws\desktop\tfc.exe
Publisher: OldTimer Tools
MD5: 5b5d56738c261634c281c7ba1ca1a2df
SHA-1: 0f5cb90f64e936e8de187e7eae5b6dbf085afc37
Created: 4/22/2012 11:16:10 AM
Detections: 3
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)
- Rising Antivirus as PE:Trojan.Win32.Generic.12723435!309474357 (Undefined)
- AVG as Dropper.Generic9 (Undefined)---------------------------------------------------------------------------------
File path: c:\windows\syswow64\iscsicpl.dll
Publisher: Microsoft Corporation
MD5: f945adcef203e6104aec8ec9c337cfd0
SHA-1: 85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created: 7/13/2009 6:46:13 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoA (Undefined)---------------------------------------------------------------------------------
File path: c:\programdata\application data\flexnet\connect\11\issch.exe
Publisher: Flexera Software, Inc.
Signer: Flexera Software, Inc.
MD5: 452101503e1334511cb185081aec5e9d
SHA-1: e2bd7151fec2013ae2f52f6c144fdc6ef89b187b
Created: 5/21/2010 1:40:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.FlexeraSoftware.F---------------------------------------------------------------------------------
File path: c:\programdata\application data\flexnet\connect\11\isusweb.dll
Publisher:
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Created: 5/17/2010 2:09:34 PM
Detections: 5
Determination: Ignore detections (false positive)
- Lavasoft Ad-Aware as Gen:Variant.Zusy.122341 (Undefined)
- ESET NOD32 as Win32/Sality.NBA virus (Undefined)
- Avira AntiVirus as TR/Dropper.Gen (Undefined)
- Kaspersky as not-a-virus:WebToolbar.Win32.CrossRider (Adware)
- Dr.Web as Adware.Downware.1751 (Adware)---------------------------------------------------------------------------------
File path: c:\programdata\application data\installmate\{4bb7a109-fdb5-45e3-9db9-ecb2ea7b80ee}\tsudll.dll
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: 1857130611ec555f0d0ca0ed34731121
SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3
Created: 9/5/2013 7:00:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1---------------------------------------------------------------------------------
File path: c:\programdata\application data\installmate\{84481a87-2316-4923-8fab-3ba8ca29323d}\tsudll.dll
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: 1857130611ec555f0d0ca0ed34731121
SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3
Created: 12/29/2013 1:47:12 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1---------------------------------------------------------------------------------
File path: c:\programdata\application data\macrovision\flexnet connect\11\agent.exe
Publisher: Flexera Software, Inc.
Signer: Flexera Software, Inc.
MD5: fe5a7418919660104cdcdac1066a9021
SHA-1: 9fb60833413de41940e6f5fd426f448ec9e9f378
Created: 5/21/2010 1:40:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.FlexeraSoftware.F---------------------------------------------------------------------------------
File path: c:\programdata\application data\macrovision\flexnet connect\6\agent.exe
Publisher: Flexera Software, Inc.
Signer: Flexera Software, Inc.
MD5: cc2af4ea32a61c1df04437890523fced
SHA-1: 33095693ad222509aae346619956107775f74ebe
Created: 5/21/2010 1:40:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.FlexeraSoftware.F---------------------------------------------------------------------------------
File path: c:\programdata\flexnet\connect\11\issch.exe
Publisher: Flexera Software, Inc.
Signer: Flexera Software, Inc.
MD5: 452101503e1334511cb185081aec5e9d
SHA-1: e2bd7151fec2013ae2f52f6c144fdc6ef89b187b
Created: 5/21/2010 1:40:28 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.FlexeraSoftware.F---------------------------------------------------------------------------------
File path: c:\programdata\flexnet\connect\11\isusweb.dll
Publisher:
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Created: 5/17/2010 2:09:34 PM
Detections: 5
Determination: Ignore detections (false positive)
- Lavasoft Ad-Aware as Gen:Variant.Zusy.122341 (Undefined)
- ESET NOD32 as Win32/Sality.NBA virus (Undefined)
- Avira AntiVirus as TR/Dropper.Gen (Undefined)
- Kaspersky as not-a-virus:WebToolbar.Win32.CrossRider (Adware)
- Dr.Web as Adware.Downware.1751 (Adware)---------------------------------------------------------------------------------
File path: c:\programdata\installmate\{4bb7a109-fdb5-45e3-9db9-ecb2ea7b80ee}\tsudll.dll
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: 1857130611ec555f0d0ca0ed34731121
SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3
Created: 9/5/2013 7:00:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1---------------------------------------------------------------------------------
File path: c:\programdata\installmate\{84481a87-2316-4923-8fab-3ba8ca29323d}\tsudll.dll
Publisher: Tarma Software Research Pty Ltd
Signer: Tarma Software Research Pty Ltd
MD5: 1857130611ec555f0d0ca0ed34731121
SHA-1: fccd9eba37d3c0dd0d60713263527c15c62edea3
Created: 12/29/2013 1:47:12 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK/RDM!5.1---------------------------------------------------------------------------------
File path: c:\programdata\macrovision\flexnet connect\11\agent.exe
Publisher: Flexera Software, Inc.
Signer: Flexera Software, Inc.
MD5: fe5a7418919660104cdcdac1066a9021
SHA-1: 9fb60833413de41940e6f5fd426f448ec9e9f378
Created: 5/21/2010 1:40:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.FlexeraSoftware.F---------------------------------------------------------------------------------
File path: c:\programdata\macrovision\flexnet connect\6\agent.exe
Publisher: Flexera Software, Inc.
Signer: Flexera Software, Inc.
MD5: cc2af4ea32a61c1df04437890523fced
SHA-1: 33095693ad222509aae346619956107775f74ebe
Created: 5/21/2010 1:40:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Boost by Reason as Optional.FlexeraSoftware.F---------------------------------------------------------------------------------
File path: c:\users\pws\appdata\local\citrix\ica client\ctxmui.dll
Publisher: Citrix Systems, Inc.
Signer: Citrix Systems, Inc.
MD5: bc068d663903d1fa569eb02b0a8ef692
SHA-1: 18fac09015232975b74eb73a490ef91260e8fea0
Created: 10/12/2010 4:32:02 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Laneul (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\appdata\local\citrix\ica client\resource\en\cstui.dll
Publisher: Citrix Systems, Inc.
Signer: Citrix Systems, Inc.
MD5: 46f8b71289a5cdb0f4c67b7aad01873f
SHA-1: eba69dd4bbbfd507e0a39eb1cb8fa97c5a1c0d41
Created: 10/12/2010 4:22:10 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Stranfom (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\appdata\local\citrix\ica client\resource\en\progressnotificationcommonui.dll
Publisher: Citrix Systems, Inc.
Signer: Citrix Systems, Inc.
MD5: 0ba3e881e50c6cc5efe00205f8c54be5
SHA-1: edc3cd737897c9f08b08f63a318464671d6a113d
Created: 10/12/2010 4:22:32 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Stranfom (Undefined)---------------------------------------------------------------------------------
File path: c:\users\pws\appdata\local\citrix\ica client\resource\en\wfcrunui.dll
Publisher: Citrix Systems, Inc.
Signer: Citrix Systems, Inc.
MD5: 204aa6d6f4e0ede48ce9f5ae0bea5e79
SHA-1: 13d4b776f60c995b98c509803c0b7d5a1c729b1c
Created: 10/12/2010 4:24:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Stranfom (Undefined)---------------------------------------------------------------------------------
File path: c:\Users\PWS\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
Publisher: RealNetworks, Inc.
Signer: RealNetworks, Inc.
MD5: 6a05110733966830f85bc2fe957c79eb
SHA-1: ba8113ef98f537f7b0c2c56c87968625cba49f9b
Created: 9/24/2012 1:26:49 PM
Detections: 5
Determination: Inconclusive
- Bkav FE as W32.Clod052.Trojan (Undefined)
- nProtect as Trojan/W32.Agent.449176 (Undefined)
- The Hacker as Trojan/Agent.bjvu (Undefined)
- Trend Micro House Call as HV_AGENT_BK083C37.TOMC (Undefined)
- Dr.Web as Trojan.Click2.59112 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\hp\hp officejet pro 6830\driverstore\yeti\v3\i386\unidrv.dll
Publisher: Microsoft Corporation
MD5: c53976c5d2437d3bb2a2c85f684e7018
SHA-1: 2f8cf8403e978330abedcf1c098e0f686761c17d
Created: 6/20/2014 9:35:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- AegisLab AV Signature as W32.W.Mabezat (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\uninst_msts patch 1.8.0521 en.exe
Publisher: Lindersoft
MD5: a24aa6931ef9d16dff5e70ec294cb94a
SHA-1: 2596f73bdc11bb80c73f66033b5af0c6d3920bdc
Created: 12/18/2011 4:59:56 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Packed (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\routes\sandpatch\uninstall\uninstall.exe
Publisher:
MD5: f0dd33bfdfee3841340b935872cd1fd4
SHA-1: 0ce5c10df6090de3f880e84ce483f494d0eb4279
Created: 12/18/2011 5:05:15 PM
Detections: 3
Determination: Inconclusive
- nProtect as Trojan/W32.Agent.79813 (Undefined)
- The Hacker as Trojan/VB.zp (Undefined)
- AhnLab V3 Security as Dropper/Malware.79813 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\routes\usa1\activities\7017.exe
Publisher:
MD5: 6dd271507796760247650fa134ed2fd6
SHA-1: be17e628df21358cb828d85cbcd116f875260d92
Created: 12/18/2011 5:04:29 PM
Detections: 1
Determination: Inconclusive
- ESET NOD32 as Detection.Undefined (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\bn_eng_setup.exe
Publisher:
MD5: 6ec9a8d7c81f77ad3b7904046893e21b
SHA-1: 5d9e66dd2fd27876d1c3fbed36d59b67399e1dcc
Created: 12/18/2011 4:59:56 PM
Detections: 1
Determination: Ignore detections (false positive)
- Sunbelt AntiMalware as Trojan-Spy.Win32.Banpaes.X (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\cnsd60f.exe
Publisher:
MD5: 43ae4c981e95ce45e925830225d889f4
SHA-1: 7fdd547ddb4a43bf36c8d56e5c6a2b10d9dad383
Created: 12/18/2011 4:59:57 PM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Server-FTP.Win32.SlimFTPd!O (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\mbtaf45.exe
Publisher:
MD5: 49aa010792b1cc707e91255bd39a65bf
SHA-1: ea4d191da2d7c6809085ed0ddc40f55dca5293f4
Created: 12/18/2011 4:59:57 PM
Detections: 2
Determination: Ignore detections (false positive)
- CMC Antivirus as Backdoor.Win32.DSSdoor!O (Undefined)
- Antiy Labs AVL as Trojan[backdoor]/Win32.DSSdoor (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\bn_sd9\t-trains_sd9.exe
Publisher:
MD5: 93de5d0124a42fa9551d0f9791947711
SHA-1: 9a6fdf6d0246e927cf9eaf4e2d30e2cb42857d25
Created: 12/18/2011 5:02:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coaster.exe
Publisher:
MD5: 6af0667097ff5fc67fac76e0ec0ec841
SHA-1: 2d848b202c81e14b81ddd07b70088c90f7b73499
Created: 12/18/2011 5:02:30 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.SevenyearsK1.Trojan (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coasteractivity.exe
Publisher:
MD5: f085d706abe5c4e9583edec342775594
SHA-1: b81e2b31e22a834741b8faafd270c70b6eced5a0
Created: 12/18/2011 5:02:30 PM
Detections: 3
Determination: Inconclusive
- Bkav FE as W32.SevenyearsK1.Trojan (Undefined)
- Trend Micro House Call as PAK_Generic.005
- Trend Micro as PAK_Generic.005---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coasterconsists.exe
Publisher:
MD5: 9f44814e49eeed255cbd458378df745a
SHA-1: beb8de72d12ec0d0b4d494b1c741d3f6191bcad5
Created: 12/18/2011 5:02:30 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.SevenyearsK1.Trojan (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\common.snd\genesis\gen_snd2.exe
Publisher:
MD5: ff97ad3e7f646e0facf0119af630c572
SHA-1: 202ab810d70c335a13b2c020e29fa29ffbe5fc71
Created: 12/18/2011 5:02:19 PM
Detections: 2
Determination: Ignore detections (false positive)
- Jiangmin as Client-IRC.mIRC.o (Undefined)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\cstr2103\coaster_f40ph_2103.exe
Publisher:
MD5: ccffaa319d84d8b93a257c99a47b363f
SHA-1: 7ed02edba6936b4c8d6c584779adae502e2e2e76
Created: 12/18/2011 5:02:13 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\cta2400\cta2400.exe
Publisher:
MD5: 2d443da912b83f1d36ced19b9e417f20
SHA-1: 0dca31702703738c164ebb8e31423a16d50f1dc6
Created: 12/18/2011 5:02:07 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\f40pat\f40_pat1\f40_pat1.exe
Publisher:
MD5: fb85bfb4615e29ca490c45eb62330668
SHA-1: 2a4cb3534b0af3d2d12799e3c21e3e93d009f520
Created: 12/18/2011 5:02:05 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\hhp\gp40_snd\gp40_snd.exe
Publisher:
MD5: 50f80345935612aa20c56bbad2e48761
SHA-1: 0c273f3c49eaff4c1b046082778f98a24a3f7763
Created: 12/18/2011 5:01:51 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\metxf40\install.exe
Publisher:
MD5: 920fefc557f86a462ecb1f7cbcf4a29d
SHA-1: fba4449016f784aa9c17243567e5a78438d6d22e
Created: 12/18/2011 5:01:42 PM
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Backdoor/mIRC-based.d (Undefined)
- Jiangmin as Backdoor/IRCBot.khl (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\new folder\f45cab.exe
Publisher:
MD5: 6f3a22743ad1ece7084ef5c3fa73adaf
SHA-1: 342657fc9f7a14cb5f88529286af116232577973
Created: 12/18/2011 5:01:15 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\microsoft games\train simulator\trains\trainset\nycfreewaresetup\nycfreewaresetup.exe
Publisher:
MD5: 1571fd4ef8b0029fc11c7fc3fda34248
SHA-1: ee40819bb73b4c43aa6d3360940f815716149a04
Created: 12/18/2011 5:01:09 PM
Detections: 1
Determination: Ignore detections (false positive)
- CMC Antivirus as Trojan-Dropper.Win32.Halk!O (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\td3\metra-elgin1.exe
Publisher:
MD5: aa53b720101a9ec34f0b351fd065edfc
SHA-1: 49842d2bde6a67ac3bcba2d7e7b65ece4620f45f
Created: 12/18/2011 2:25:17 PM
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Avanzado (Undefined)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\td3\t418.exe
Publisher:
MD5: 918d23c799f67568744c36a2144d5c86
SHA-1: c19f04cb59cb132a4a0827922ba462f92e6ebe10
Created: 12/18/2011 2:25:14 PM
Detections: 2
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Avanzado (Undefined)
- ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files\train simulator\uninst_msts patch 1.8.0521 en.exe
Publisher: Lindersoft
MD5: a24aa6931ef9d16dff5e70ec294cb94a
SHA-1: 2596f73bdc11bb80c73f66033b5af0c6d3920bdc
Created: 12/18/2011 4:59:16 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Packed (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\asus\ai manager\page\isecurity.dll
Publisher: ASUSTeK
MD5: 5943eb1b1bd7e41878df610776981fcd
SHA-1: 6c8ed025ae0f9d83ca497504d9d4910b4abc7bb9
Created: 5/31/2011 3:53:53 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.Pedka (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\asus\ai suite ii\sensor graph\aahmlib_graph.dll
Publisher:
MD5: b3e8652841e38ec2559347dd77666329
SHA-1: f017ef3cfda93854a51451375b7494faec826686
Created: 5/31/2011 3:54:25 PM
Detections: 1
Determination: Ignore detections (false positive)
- McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious.H---------------------------------------------------------------------------------
File path: c:\program files (x86)\billp studios\winpatrol\sqlite3.dll
Publisher:
MD5: da991d435930f6adc5c570e2284f73f6
SHA-1: d10ec559487a3db7f5073e54daa21a81f270b529
Created: 11/27/2012 10:19:37 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as W32.HfsAutoB (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\ahead\lib\nmbcwriter.exe
Publisher: Nero AG
Signer: Nero AG
MD5: d573bd732632d885b0f0e7468fdc9b78
SHA-1: 746da90b9c8ef13d2155ba216eaddb13ae0ce2d1
Created: 6/27/2007 8:03:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- WebWasher Gateway as BlockReason.0 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\ahead\nas\vis_nas.dll
Publisher: Nero AG
Signer: Nero AG
MD5: 3f350e67d820c4853d3619786246c1f9
SHA-1: 25fa7c18dcf95d1039509c2b333964eb4ad3c63c
Created: 6/27/2007 8:02:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- Clam AntiVirus as PUA.Packed.ASPack---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\ahead\remotecontrol\neroremotectrlhandler.exe
Publisher: Nero AG
Signer: Nero AG
MD5: ef2e5b7cf0da165f5abfe0c707ba797b
SHA-1: 69920e307450ff52b849e2f98acd0a2a85733b52
Created: 6/27/2007 8:03:20 PM
Detections: 1
Determination: Ignore detections (false positive)
- WebWasher Gateway as BlockReason.0 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\roxio shared\9.0\divx\divx.dll
Publisher: DivX, Inc.
Signer: DivX, Inc.
MD5: 799e5d243a168bdb4671c5df9a154540
SHA-1: f2beec7807bc263350323c88b41f5bfe45d0a9d4
Created: 6/16/2008 1:12:36 PM
Detections: 2
Determination: Ignore detections (false positive)
- eSafe as Suspicious File
- Clam AntiVirus as PUA.Packed.PECompact-1---------------------------------------------------------------------------------
File path: c:\program files (x86)\common files\roxio shared\roxiosharedapi\stdole.dll
Publisher: Microsoft Corporation
MD5: 2878e2cea511af5562dad618218c632a
SHA-1: e0b783b11ee1c030c7339720f9746eeff3a18303
Created: 10/23/2008 12:47:06 PM
Detections: 1
Determination: Ignore detections (false positive)
- Emsisoft Anti-Malware as Gen:Variant.Kazy.290352 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\erunt\autoback.exe
Publisher:
MD5: e00de20f0f6bed5cd2160247ddc9443b
SHA-1: 73a0f69e8deb45974c6d64ccc946fc9a8b86d493
Created: 10/20/2005 12:04:08 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Posible_Worm32 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\free m4a to mp3 converter\bass_alac.dll
Publisher: MaresWEB
MD5: e5e6efa3505b93fc0962e9d4ead609e3
SHA-1: fb39a571f87b83e8f06dd60a82728acfea85048c
Created: 12/30/2011 9:56:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Bkav FE as HW32.CDB (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\hp photo creations\uninst.exe
Publisher:
Signer: Visan Industries
MD5: 5a18957d6a3f95983149d6407136bcaf
SHA-1: 3f2247699064799ecdb2e7792bc62125f0f07755
Created: 3/20/2012 2:00:02 PM
Detections: 1
Determination: Ignore detections (false positive)
- Trend Micro House Call as HV_ZYX_CA2255FC.TOMC (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\microsoft games\flight simulator 9\fs9.exe
Publisher: Microsoft Corporation
MD5: a5af28914637d2d6ee2174f52dd366fb
SHA-1: 9b0d9cca99ae93ac663b0695d650b73371109a9e
Created: 6/12/2003 10:07:49 PM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\microsoft games\flight simulator 9\uninstal.exe
Publisher: Microsoft Corporation
MD5: 5f434096437050003ae46009ddffbcc6
SHA-1: 582675b2d79d8b996312540f57419c998fcce0a1
Created: 6/13/2003 1:02:27 AM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as PE:Trojan.DL.Zlob!1.6606 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\microsoft games\train simulator\mstsbin installer.exe
Publisher:
MD5: a24b149b55707931ef1e6fdc92ebe418
SHA-1: 558a57bf0763946a3c2d8172e9b58d4d973fbfa7
Created: 5/11/2013 6:43:45 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Backdoor/Delf.abve (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\microsoft games\train simulator\uninst_msts patch 1.8.0521 en.exe
Publisher: Lindersoft
MD5: a24aa6931ef9d16dff5e70ec294cb94a
SHA-1: 2596f73bdc11bb80c73f66033b5af0c6d3920bdc
Created: 12/28/2011 10:30:50 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/Packed (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\microsoft games\train simulator\trains\trainset\common.snd\genesis\gen_snd2.exe
Publisher:
MD5: ff97ad3e7f646e0facf0119af630c572
SHA-1: 202ab810d70c335a13b2c020e29fa29ffbe5fc71
Created: 2/19/2012 12:02:13 PM
Detections: 2
Determination: Ignore detections (false positive)
- Jiangmin as Client-IRC.mIRC.o (Undefined)
- ByteHero BDV as Virus.Win32.Part.a (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\core\audiopluginmgr.dll
Publisher: Nero AG
Signer: Nero AG
MD5: fceebcacc5a42ddfcd552ec54946160e
SHA-1: 3c6a039a44860c1e33413dab88e1e7b3fdd588ae
Created: 6/22/2007 4:34:42 PM
Detections: 1
Determination: Ignore detections (false positive)
- Sunbelt AntiMalware as Trojan-Downloader.S (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero backitup\nerofiles\neroapi.dll
Publisher: Nero AG
Signer: Nero AG
MD5: 43a4e262475d9a1b7fd71741bb862b2f
SHA-1: 12cebcd4f2404667f263c71b90c86e0e7e802caf
Created: 9/10/2007 11:00:54 AM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero coverdesigner\coverdes.exe
Publisher: Nero AG
Signer: Nero AG
MD5: 3df4066b2104f646895147b16472b22b
SHA-1: 33843c2363e19b7bd6fde4e742c151dd573c629e
Created: 7/24/2007 4:43:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero home\nerohome.exe
Publisher: Nero AG
Signer: Nero AG
MD5: 7f471d168b27e4fd7005f42d5449bdd6
SHA-1: 546bf3536d0162684cf0166adfd4a7823e006c56
Created: 6/27/2007 8:02:38 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/KillAV.nhz (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero mediahome\neromediahome.exe
Publisher: Nero AG
Signer: Nero AG
MD5: f679dbb4694fd402921b064840f5f65e
SHA-1: 11b3d38909770a80754c45771a1cbcf898455129
Created: 6/27/2007 8:04:52 PM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/KillAV.nhz (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero photosnap\photosnap.exe
Publisher: Nero AG
Signer: Nero AG
MD5: 78f72e57307744a22f38ae7fdab0af57
SHA-1: d8210baca3fe828ea9599d2492fe3a4fd9265a14
Created: 5/23/2007 11:08:06 AM
Detections: 1
Determination: Ignore detections (false positive)
- The Hacker as Trojan/KillAV.nhz (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero vision\dvdblockacc.dll
Publisher: Nero AG
Signer: Nero AG
MD5: c7b21be6f8df776909a1bde4723af5e5
SHA-1: 2ee7f256e102be8f9ab102c3ffd1657b3603679c
Created: 9/10/2007 11:02:02 AM
Detections: 1
Determination: Ignore detections (false positive)
- Rising Antivirus as Suspicious---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero vision\dvddoc.dll
Publisher: Nero AG
Signer: Nero AG
MD5: 3241530d2e9915d5f259afe1f6a5d5a4
SHA-1: 764e0dbd7202759be4d89d10a627589157c29777
Created: 8/3/2007 3:58:02 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero vision\htmlgallery.dll
Publisher: Nero AG
Signer: Nero AG
MD5: 06aa74a60a1e7ed2b2b036599be40b44
SHA-1: f8fa252de47393eafb0881b2d0dbe4bcf19a0e45
Created: 8/3/2007 3:58:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero vision\nerovision.exe
Publisher: Nero AG
Signer: Nero AG
MD5: 300be75501fd44c4cc513b11dcc89523
SHA-1: 88f4192039bb0ffcd61ef68ac655db4e6d6a3f83
Created: 8/3/2007 3:58:36 PM
Detections: 1
Determination: Ignore detections (false positive)
- Avira AntiVirus as TR/Agent.1042480 (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\nero\nero 7\nero vision\vcdlib.dll
Publisher: Nero AG
Signer: Nero AG
MD5: a726ffb862bd8322d90380d71a6d65cf
SHA-1: 03baf21bc4b286fff75c1b726b59ea02f17efa22
Created: 8/3/2007 3:58:48 PM
Detections: 1
Determination: Ignore detections (false positive)
- ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\real\realplayer\setup\vc9_runtime.msi
Publisher:
MD5: 40a13534ba71777483a8e6cefb0c60d8
SHA-1: 5eb25bd3a5a77167c4e50a00c90bfdbdd1870b94
Created: 6/7/2014 1:19:58 PM
Detections: 1
Determination: Ignore detections (false positive)
- eSafe as Suspicious File---------------------------------------------------------------------------------
File path: c:\program files (x86)\roxio 2012\virtual drive\emudisk\winnt\amd64\c2scsi64.sys
Publisher: Sonic Solutions
Signer: Sonic Solutions
MD5: 59626ab5920f316bdbfdc8b47521a882
SHA-1: d305e23e6ce6af46502aacbfb9dedef23b673458
Created: 6/6/2012 11:41:06 AM
Detections: 1
Determination: Ignore detections (false positive)
- Fortinet FortiGate as W32/Swisyn.AMLS!tr (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\seagate\seagate dashboard 2.0\microsoft.practices.servicelocation.dll
Publisher: Microsoft
Signer: Microsoft Corporation
MD5: 6df78bb163d443d95b21f58808320af7
SHA-1: a0263ec61435d1ee4c18a92a06ac3ea2c42eb730
Created: 4/1/2012 4:42:50 PM
Detections: 1
Determination: Inconclusive
- XVirus List as Win.Detected (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\seagate\seagate dashboard 2.0\de-de\backitup.resources.dll
Publisher: Nero AG
Signer: Nero AG
MD5: 81602be7c5b50c2ff13be844c82bedb2
SHA-1: c3c1af458a817b840d6f630f1b724fb5e89a5df0
Created: 4/1/2012 4:42:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Backdoor/VB.bhx (Undefined)---------------------------------------------------------------------------------
File path: c:\program files (x86)\seagate\seagate dashboard 2.0\en-us\backitup.resources.dll
Publisher: Nero AG
Signer: Nero AG
MD5: 3cbed9009bf054f1097f3f377bf98718
SHA-1: d411a7676bfd307980f71350501fb188dfcf01cd
Created: 4/1/2012 4:42:46 PM
Detections: 1
Determination: Ignore detections (false positive)
- Jiangmin as Backdoor/VB.bhx (Undefined) -
Hi,
Today I had a drive by download attempt on my computer. My AV stated that it blocked it and I was running Sandboxie at the time as well, but the exploit page did display and it froze my browser pretty good. Afterwards I ran a quick scan with my AV and MBAM and both came up clean. Could one of you take a quick look just to be sure nothing got through?
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by PLF (ATTENTION: The logged in user is not administrator) on SD70 on 08-02-2015 23:39:55
Running from C:\Users\PLF\Desktop
Loaded Profiles: PLF (Available profiles: PWS & PLF)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SbieSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
Failed to access process -> atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
Failed to access process -> aaHMSvc.exe
Failed to access process -> AsSysCtrlService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> AsHookDevice.exe
Failed to access process -> LSSrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Failed to access process -> mbae-svc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
Failed to access process -> mbae64.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> conhost.exe
Failed to access process -> mbamservice.exe
Failed to access process -> ccsvchst.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> rndlresolversvc.exe
Failed to access process -> rpdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
Failed to access process -> RealPlayerUpdateSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe
Failed to access process -> Seagate.Dashboard.DASWindowsService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Failed to access process -> svchost.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> WmiPrvSE.exe
Failed to access process -> NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
Failed to access process -> iPodService.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> svchost.exe
Failed to access process -> SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Failed to access process -> LMS.exe
Failed to access process -> sppsvc.exe
Failed to access process -> taskeng.exe
Failed to access process -> UNS.exe==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => "C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454184 2012-05-04] (Seagate Technology LLC)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-06-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [119440 2012-05-04] (Seagate Technology LLC)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\asusvibelauncher.lnk
ShortcutTarget: asusvibelauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-07]Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-07] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14496 2012-05-04] (Seagate Technology LLC)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150206.001\IDSvia64.sys [669400 2015-02-05] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150208.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150208.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 23:39 - 2015-02-08 23:40 - 00026505 _____ () C:\Users\PLF\Desktop\FRST.txt
2015-02-08 23:34 - 2015-02-08 23:34 - 02132992 _____ (Farbar) C:\Users\PLF\Desktop\FRST64.exe
2015-02-08 16:51 - 2015-02-08 16:55 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job
2015-02-08 16:51 - 2015-02-08 16:55 - 00000358 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job
2015-02-02 21:03 - 2015-02-02 21:03 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-02 21:03 - 2015-02-02 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-02 21:02 - 2015-02-02 21:03 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-02 21:02 - 2015-02-02 21:03 - 00000000 ____D () C:\Program Files\iTunes
2015-02-02 21:02 - 2015-02-02 21:02 - 00000000 ____D () C:\Program Files\iPod
2015-02-02 21:02 - 2015-02-02 21:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-23 22:24 - 2015-01-23 22:24 - 00852573 _____ () C:\Users\PLF\Desktop\securitycheck.exe
2015-01-21 15:06 - 2015-01-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auran
2015-01-21 15:05 - 2015-01-21 15:05 - 00001684 _____ () C:\Users\Public\Desktop\TC.lnk
2015-01-21 15:05 - 2015-01-21 15:05 - 00000000 ____D () C:\Program Files (x86)\Auran
2015-01-19 00:41 - 2015-01-19 00:41 - 00002204 _____ () C:\Users\Public\Desktop\HP Officejet Pro 6830.lnk
2015-01-19 00:41 - 2015-01-19 00:41 - 00001156 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 6830.lnk
2015-01-19 00:41 - 2014-07-18 19:48 - 00763968 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPM7212.dll
2015-01-15 18:47 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 18:47 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 18:47 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 18:47 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 18:47 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 18:47 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 18:47 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 18:47 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 18:47 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 18:47 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 18:47 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 18:47 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 18:47 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 23:40 - 2011-12-18 12:16 - 01299965 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 23:39 - 2012-04-21 02:03 - 00000000 ____D () C:\FRST
2015-02-08 23:36 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 23:36 - 2009-07-13 22:51 - 00152004 _____ () C:\Windows\setupact.log
2015-02-08 23:35 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 23:35 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 23:30 - 2014-04-24 21:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 23:13 - 2013-02-25 21:20 - 00001676 _____ () C:\Windows\Sandboxie.ini
2015-02-08 23:05 - 2012-03-30 08:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 22:31 - 2014-09-20 10:22 - 00000000 ____D () C:\Users\PLF\Documents\Flight Simulator Files
2015-02-05 23:14 - 2011-12-18 13:43 - 00000000 ____D () C:\ProgramData\Norton
2015-02-05 23:05 - 2012-03-30 08:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 23:05 - 2011-12-26 00:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 18:39 - 2012-08-15 20:19 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-03 18:39 - 2012-08-15 20:19 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-03 18:31 - 2012-08-28 16:23 - 00000000 ____D () C:\Users\PLF\AppData\Roaming\Apple Computer
2015-02-02 21:02 - 2011-12-18 14:29 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-02 20:22 - 2010-11-20 21:47 - 00926980 _____ () C:\Windows\PFRO.log
2015-02-01 15:15 - 2014-07-27 22:29 - 00000000 ____D () C:\Users\PLF\Desktop\sunset pics
2015-01-31 12:51 - 2012-12-11 22:47 - 00000000 ____D () C:\Users\PLF\Desktop\Metra AC
2015-01-21 15:31 - 2012-09-01 00:47 - 00000000 ____D () C:\Users\PLF\AppData\Local\CrashDumps
2015-01-21 15:09 - 2011-05-31 15:02 - 00038578 _____ () C:\Windows\DirectX.log
2015-01-21 15:04 - 2011-12-18 12:24 - 00000000 ____D () C:\Users\PWS
2015-01-19 00:56 - 2011-12-29 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-19 00:56 - 2011-12-29 13:43 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-19 00:56 - 2011-12-29 13:42 - 00000000 ____D () C:\Program Files\HP
2015-01-19 00:43 - 2012-08-28 22:35 - 00000000 ____D () C:\Users\PLF\AppData\Local\HP
2015-01-19 00:41 - 2011-12-29 13:43 - 00000000 ____D () C:\ProgramData\HP
2015-01-19 00:19 - 2009-07-13 23:13 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 00:11 - 2013-07-16 16:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 00:03 - 2011-12-20 12:23 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe==================== Files in the root of some directories =======
2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileIn.cns
2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileOut.cns
2013-04-24 20:44 - 2014-11-16 21:40 - 0299308 _____ () C:\Users\PLF\AppData\Local\rx_image32.Cache
2014-10-23 21:07 - 2014-10-23 21:07 - 0000057 _____ () C:\ProgramData\Ament.ini==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signedATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.
==================== End Of Log ============================
Additon.TXT:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by PLF at 2015-02-08 23:40:38
Running from C:\Users\PLF\Desktop
Boot Mode: Normal
============================================================================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.12 - ASUSTeK)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EMET (HKLM-x32\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software 1.10.13.1 (x32 Version: 1.10.13.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{8E72B982-D54F-486F-B35A-C24B6F171033}) (Version: 7.03.0581 - Nero AG)
Norton Security Suite (HKLM-x32\...\N360) (Version: 20.6.0.27 - Symantec Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RailDriver for MSTS (HKLM-x32\...\{32C47C66-6393-413B-92D6-295E8A1D65DC}) (Version: - )
RealDownloader (x32 Version: 17.0.10 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.29.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
TC (HKLM-x32\...\{9D244037-7E69-4D6E-9729-0797D9294831}) (Version: 1.00.000 - )
Track Builder 3 (HKLM-x32\...\{0D4999B8-3990-4026-A744-D842CE8C886A}) (Version: 3.1 - Signal Computer Consultants)
Train Dispatcher 3 (HKLM-x32\...\{1306CFD5-28AE-486C-A298-90B50DA5DC5E}) (Version: 3.1 - Signal Computer Consultants)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
WOT for Internet Explorer (HKLM-x32\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2012-04-21 19:42 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\hpwebreg_CN18IDM234.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe
Task: C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job => ?
Task: C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job => ?==================== Loaded Modules (whitelisted) ==============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-809943335-2564626158-2276789416-500 - Administrator - Disabled)
Guest (S-1-5-21-809943335-2564626158-2276789416-501 - Limited - Disabled)
PLF (S-1-5-21-809943335-2564626158-2276789416-1001 - Limited - Enabled) => C:\Users\PLF
PWS (S-1-5-21-809943335-2564626158-2276789416-1000 - Administrator - Enabled) => C:\Users\PWS==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (01/27/2015 10:03:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (01/27/2015 10:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.Error: (01/26/2015 08:09:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.System errors:
=============
Error: (02/08/2015 11:37:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/08/2015 11:29:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/08/2015 04:56:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/08/2015 04:50:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/08/2015 03:26:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/08/2015 00:12:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/07/2015 00:17:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/05/2015 10:12:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/04/2015 08:07:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Error: (02/03/2015 06:41:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126Microsoft Office Sessions:
=========================
Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one secondError: (01/27/2015 10:03:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exeError: (01/27/2015 10:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{DDA3E863-CD90-4180-80A2-A1522ECC9531}\recordingmanager.exeError: (01/26/2015 08:09:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe==================== Memory info ===========================
Processor: Intel® Core i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 18%
Total physical RAM: 12199.23 MB
Available physical RAM: 9962.18 MB
Total Pagefile: 24396.64 MB
Available Pagefile: 22129.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB==================== Drives ================================
Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:651.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:700.75 GB) NTFS
Drive e: (FS_DISC4) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS==================== MBR & Partition Table ==================
==================== End Of Log ============================
-
Gringo,
The computer is working good, I don't see any other issues. Thank you very much again for your help! :-) A donation will be coming your way shortly.
-
Gringo, I ran the bat file and it worked without issues. I need to sign off for tonight but if its okay with you I'd like to just use the computer a little more tomorrow to see if I notice anything amiss. It seems to be working okay now but I want to be sure while we have the topic still open. I'll get back to you tomorrow afternoon :-)
-
I removed a few of the startup programs with Hijackthis. Below is the ESET log, it found some items.
C:\Documents and Settings\USER\Local Settings\TempImages\AskInstallChecker-1.5.0.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\USER\Local Settings\TempImages\askToolbarInstaller-1.9.1.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\USER\Local Settings\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan
C:\Documents and Settings\USER\My Documents\Downloads\FreeWAVToMP3ConverterSetup.exe multiple threats
C:\TDSSKiller_Quarantine\05.10.2011_20.40.43\susp0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.CR trojan
C:\TDSSKiller_Quarantine\13.10.2011_23.39.46\susp0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.CR trojan
D:\Program Files\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application
-
Computer is a bit slow on the internet and in general but I think it was that way even before the rootkit was on it :-) Logs below:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
Database version: v2013.04.30.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: P4P800-SE [administrator]
Protection: Enabled
4/30/2013 5:07:23 PM
mbam-log-2013-04-30 (17-07-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241132
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:19:00 PM, on 4/30/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\USER\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzU5MDE1MjEzLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=67217e50267847d19092547b91d34f9b-06ce4fc639803a2e3563922518183d8e94088cb9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221295268468
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8123 bytes
-
CF log below. Upon running Combofix with the script, it again advised that Zeroaccess was on the machine and has corrupted the TCP/IP stack. It then again restarted the computer and gave a message of rootkit activity after the restart. Then proceeded with its scan (no restart after the scan). I'll be back online tomorrow afternoon.
ComboFix 13-04-28.01 - USER 04/29/2013 23:54:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.496 [GMT -5:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))
.
.
2013-04-30 03:48 . 2013-04-30 03:48 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-04-29 00:47 . 2013-03-02 02:06 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-29 00:45 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-04-29 00:45 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 19:50 . 2011-10-22 04:27 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2003-03-31 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2002-08-29 01:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-02-07 00:05 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2003-03-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2003-03-31 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-06-22 21:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2004-08-04 06:04 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2003-03-31 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2005-03-22 05:48 . 2005-03-22 05:46 877056 ----a-w- c:\program files\iview395.exe
2005-02-22 02:40 . 2005-02-22 01:28 7096170 ----a-w- c:\program files\WSFTP_ProT40_Install.exe
2005-02-17 23:13 . 2005-02-17 23:13 295120 ----a-w- c:\program files\NSSetup.exe
2004-11-04 01:17 . 2004-11-04 01:17 2636408 ----a-w- c:\program files\aawsepersonal.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-02 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\documents and settings\USER\Desktop\mbar\mbar.exe" [2013-03-23 1398856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=c:\documents and settings\USER\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=c:\windows\pss\TrueAssistant.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 20:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup]
2002-07-16 15:55 32768 ----a-w- c:\program files\Iomega\DriveIcons\deskup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1106098516\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-09-23 14:50 36864 ----a-w- c:\program files\Scansoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2004-02-13 10:41 155648 ----a-r- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2003-08-18 12:12 98304 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-09-23 14:25 45108 ----a-w- c:\program files\Scansoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-04-05 21:33 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"_IOMEGA_ACTIVE_DISK_SERVICE_"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"sprtsvc_ddoctorv2"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"Iomega App Services"=2 (0x2)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOLService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AntiSpywareService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trainmaster\\TM4\\TM4.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1106098516\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1106098516\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [1/1/2005 2:03 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [1/1/2005 2:03 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys [4/13/2013 12:09 AM 1000024]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [1/1/2005 2:03 AM 136312]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/27/2013 4:35 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/21/2011 11:27 PM 701512]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [1/1/2005 2:02 AM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/1/2005 2:01 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130430.001\IDSXpx86.sys [4/29/2013 11:31 PM 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/21/2011 11:27 PM 22856]
R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [7/27/2004 12:22 PM 43004]
R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [7/27/2004 12:22 PM 3878]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2/2/2011 4:56 PM 23456]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/29/2013 10:48 PM 35144]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [10/3/2011 1:45 AM 10112]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [7/23/2004 6:03 PM 176256]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2013-04-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1641216279-2740818761-1370937033-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2011-12-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1641216279-2740818761-1370937033-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 22:14]
.
2013-04-29 c:\windows\Tasks\ReclaimerUpdateFiles_USER.job
- c:\documents and settings\USER\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-27 21:52]
.
2013-04-29 c:\windows\Tasks\ReclaimerUpdateXML_USER.job
- c:\documents and settings\USER\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-27 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-85673453.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-30 00:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2013-04-30 00:24:25
ComboFix-quarantined-files.txt 2013-04-30 05:24
ComboFix2.txt 2013-04-29 22:54
.
Pre-Run: 7,348,576,256 bytes free
Post-Run: 7,373,238,272 bytes free
.
- - End Of File - - 319F1BED994D43A7A92CCE4C41ED7A35
-
MBAR:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
Database version: v2013.04.29.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: P4P800-SE [administrator]
4/29/2013 11:19:27 PM
mbar-log-2013-04-29 (23-19-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27896
Time elapsed: 30 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 1073197056, free: 451878912
------------ Kernel report ------------
04/29/2013 22:48:03
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
04947186.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMDS.SYS
sr.sys
SYMEFA.SYS
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
iomdisk.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\Intels51.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\PIBus.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\PIKbd.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\N360\0502020.003\SYMTDI.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130426.001\IDSxpx86.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\N360\0502020.003\Ironx86.SYS
\SystemRoot\system32\drivers\N360\0502020.003\SRTSPX.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\TBPanel.SYS
\SystemRoot\System32\DRIVERS\HSF_FALL.sys
\SystemRoot\System32\DRIVERS\HSF_FSKS.sys
\SystemRoot\System32\DRIVERS\HSF_K56K.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\HSF_FAXX.sys
\SystemRoot\System32\DRIVERS\HSF_TONE.sys
\SystemRoot\System32\DRIVERS\HSF_V124.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\N360\0502020.003\SRTSP.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130429.017\NAVEX15.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130429.017\NAVENG.SYS
\SystemRoot\System32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR8
Upper Device Object: 0xffffffff85e7f248
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff85dcc030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR7
Upper Device Object: 0xffffffff85e72ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xffffffff85e1e030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff85da3250
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xffffffff86083ea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff85d6e250
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xffffffff85e59ea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8736bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
Lower Device Object: 0xffffffff87316d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8736dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff87365d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.04.29.09
Downloaded database version: v2013.04.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8736dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8734fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8736dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8736eae0, DeviceName: Unknown, DriverName: \Driver\iomdisk\
DevicePointer: 0xffffffff87389510, DeviceName: \Device\00000072\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87365d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1dfc318, 0xffffffff8736dab8, 0xffffffff84d43670
Lower DeviceData: 0xffffffffe1e445b0, 0xffffffff87365d98, 0xffffffff84d93cb0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alcxinit.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HSF_AMOS.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HSF_BSC2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mouhid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smsens.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HSF_SAMP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HSF_SOAR.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\HSF_SPKP.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\IomDisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 75257525
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 73738287
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 73738350 Numsec = 82558035
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 80026361856 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8736bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8736cb60, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8736bab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8736cd78, DeviceName: Unknown, DriverName: \Driver\iomdisk\
DevicePointer: 0xffffffff87366f18, DeviceName: \Device\00000073\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87316d98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff85d6e250, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86090b80, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85d6e250, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85e5e6e0, DeviceName: Unknown, DriverName: \Driver\iomdisk\
DevicePointer: 0xffffffff85e59ea0, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff85da3250, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85ddc4a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85da3250, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85dd4310, DeviceName: Unknown, DriverName: \Driver\iomdisk\
DevicePointer: 0xffffffff86083ea0, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff85e72ab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86085db8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e72ab8, DeviceName: \Device\Harddisk4\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85fa5718, DeviceName: Unknown, DriverName: \Driver\iomdisk\
DevicePointer: 0xffffffff85e1e030, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff85e7f248, DeviceName: \Device\Harddisk5\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e399b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85e7f248, DeviceName: \Device\Harddisk5\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85dc08c0, DeviceName: Unknown, DriverName: \Driver\iomdisk\
DevicePointer: 0xffffffff85dcc030, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\appdata.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\gotoko.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040902-0045.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.Dexplore.hxn" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.VSCC.2003_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSDNQTR.2003FEB.1033_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.NETFrameworkSDKv1.1_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.Dexplore_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\USER\Application Data\Help\editingtools.ANN" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system.new" is compressed (flags = 1)
Read File: File "c:\WINDOWS\nsreg.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\RtlRack.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\CS_setup.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\EReg077.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\ahd4.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Q321064.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\TSDataEx.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\logfile.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\EnvDTE\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\msddslmp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\msddsp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Office\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\SoapSudsCode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\TlbExpCode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\TlbImpCode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Compatibility\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Compatibility.Data\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\accessib.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\wmerr.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\al.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\USER\Local Settings\Application Data\MigWiz\locale.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\USER\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\USER\Local Settings\Application Data\MigWiz\locale.dat" is compressed (flags = 1)
Done!
Scan finished
=======================================
IE 11 crash with latest Windows update
in General Windows PC Help
Posted
Hi All,
Since installing the September Windows updates, my IE 11 has been crashing when opening. Have any of you experienced this as well? Any suggestions to resolve it? Thanks!