scottbradford84

Honorary Members

View Profile See their activity

Posts
27
Joined
April 20, 2013
Last visited
January 4, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by scottbradford84

hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

yep, and it seems to work fine
- January 4, 2015
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Still hijacking, just in Chrome and only upon start up. I've had no issues browsing. IE seems to be fine.
- January 2, 2015
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

logs Fixlog.txt mwb.txt AdwCleanerS2.txt
- January 1, 2015
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

here you are Addition.txt FRST.txt
- January 1, 2015
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Yup, did a full reset and re-configure for my network. No changes... Everything is exactly as it was when we first started. Should we go back to the beginning and try a different path? I think what I have figured out with Zoek is that it will only run for "x" amount of time. Once that limit is reached, it is getting stuck. It still claims that it is working at this point, but it won't move forward. I also cannot make it stop, I can't close the program, nothing. If I start a scan, the only way I can resume using the computer is to shut the thing down and restart. So... what do we try now?
- January 1, 2015
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

I have reset my account per the link, but it is still hijacking. Zoek still won't run. Also, every time I load a page in IE or Chrome, or open a document like Word, it jumps to the bottom of the page. If I scroll back up, it stays a few minutes, then skips back to the bottom.
- January 1, 2015
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

interesting, reinstalling Chrome, it works fine until I sync the browser with my account. Once I load those settings into Chrome, it returns to the screenshot from earlier
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

still does the same thing, runs through fine until it gets to "Chrome Look"... it says it is still running, but I've let it run for nearly an hour and nothing else happens
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

does this help?
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

and now it just hijacked again
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

well, it seems to be doing well so far
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

fixlog Fixlog.txt
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

really appreciate the help thus far! Here are those logs" AdwCleanerS1.txt Addition_30-12-2014_12-28-32.txt FRST_30-12-2014_12-28-32.txt
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

here is all I get with it: zoek-results.log
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

trying to run Zoek, but seems to be getting stuck: ===== Runcheck 9:53:16.84 ===== --- Create Environment Variables 9:53:17.71 --- Create System Restore Point 9:53:23.21 --- Checking Input 9:53:23.97 --- AU AppData Check 9:53:27.11 --- Remove From Windows Installer 9:53:29.00 --- Registry HKLM Software Check 9:53:59.31 --- Quick Launch Shortcut Check 9:54:07.63 --- IE Startpage Check 9:54:08.97 --- Program Files DB Check 9:54:20.92 --- C:\Users\Default\AppData\Roaming DB Check 9:54:58.73 --- C:\Users\Default User\AppData\Roaming DB Check 9:54:58.73 --- C:\Users\Scott\AppData\Roaming DB Check 9:54:58.73 --- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming DB Check 9:54:58.73 --- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming DB Check 9:54:58.73 --- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming DB Check 9:54:58.73 --- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming DB Check 9:54:58.73 --- C:\Users\Scott DB Check 9:56:46.01 --- C:\PROGRA~3 DB Check 9:57:00.93 --- C:\Users\Default\AppData\Local DB Check 9:57:04.72 --- C:\Users\Default User\AppData\Local DB Check 9:57:04.72 --- C:\Users\Scott\AppData\Local DB Check 9:57:04.72 --- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 9:57:04.72 --- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 9:57:04.72 --- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 9:57:04.72 --- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 9:57:04.72 --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 9:58:16.88 --- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 9:58:24.11 --- Tasks DB Check 9:58:28.97 --- Downloads DB Check 9:58:32.10 --- C:\Users\Scott\AppData\LocalLow DB Check 9:58:35.79 --- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check 9:58:35.79 --- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 9:58:35.79 --- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check 9:58:35.79 --- Tasks2 DB Check 9:59:10.37 --- Documents DB Check 9:59:32.41 --- C:\Users\Public\Desktop DB Check 9:59:37.66 --- C:\Users\Scott\Desktop DB Check 9:59:40.82 --- Services DB Check 9:59:46.33 --- FF prefs.js DB Check 9:59:55.60 --- Del by CLSID 9:59:56.42 --- Delete Services 10:00:17.42 --- Batch Commands 10:00:19.10 --- Delete files\folders 10:00:19.27 --- Create Backups 10:00:19.33 --- Firefox Extensions 10:00:20.59 --- Chrome Look 10:00:22.28
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

forgot to post these: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014Ran by Scott (administrator) on LAPTOP-TOSHIBA on 29-12-2014 20:41:15Running from C:\Users\Scott\DownloadsLoaded Profile: Scott (Available profiles: Scott)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE(Microsoft) C:\Program Files (x86)\USB 2.0 PC CAMERA\Camera Snap.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17404_none_42807352c0fa767a\wuauclt.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.3.9600.16384_none_de213953a1b377e3\msiexec.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [snap] => C:\Program Files (x86)\USB 2.0 PC CAMERA\Camera Snap.exe [163840 2011-07-13] (Microsoft)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Run: [Google Update] => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-13] (Google Inc.)HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Run: [GoogleChromeAutoLaunch_CA38CB74569DD168DE72A96E96B3E651] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\MountPoints2: {2b36538b-5c20-11e3-824f-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKU\S-1-5-21-3028108582-2284367944-2589376937-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comSearchScopes: HKLM-x32 -> DefaultScope value is missing.SearchScopes: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001 -> DefaultScope {5D090BEF-A115-44A9-B7C3-BC983B519F0A} URL = SearchScopes: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001 -> {5D090BEF-A115-44A9-B7C3-BC983B519F0A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cabTcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3028108582-2284367944-2589376937-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-3028108582-2284367944-2589376937-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-3028108582-2284367944-2589376937-1001: google.com/WidevineMediaOptimizer -> C:\Users\Scott\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.) Chrome: =======CHR HomePage: Default -> https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M7D047A4E-A659-40BA-9AB0-6A0B5A2D3B4B&SearchSource=55&CUI=&UM=5&UP=SP8964403F-1589-4986-98F7-35DC08849679&SSPV=&did=11168&ppd=1434,147953,20IILv2rbofJEADb3awK9y1y5zD5000.,,,,mario,,,www.supermario4us.com&barid=1523567094493533240&terminator=1_sp_ch", "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M7D047A4E-A659-40BA-9AB0-6A0B5A2D3B4B&SearchSource=55&CUI=&UM=5&UP=SP8964403F-1589-4986-98F7-35DC08849679&SSPV=&did=11168&ppd=1434,147953,20IILv2rbofJEADb3awK9y1y5zD5000.,,,,mario,,,www.supermario4us.com&barid=1523567094493533240&terminator=1_sp_ch"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]CHR Extension: (Google Drive) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)S3 usbcamcl; C:\Windows\system32\DRIVERS\usbcamcl.sys [62184 2011-12-08] (usb camera)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 20:41 - 2014-12-29 20:41 - 00015945 _____ () C:\Users\Scott\Downloads\FRST.txt2014-12-29 20:41 - 2014-12-29 20:41 - 00000000 ____D () C:\FRST2014-12-29 20:39 - 2014-12-29 20:39 - 02123264 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe2014-12-29 09:17 - 2014-12-29 09:17 - 04909382 _____ () C:\Users\Scott\Downloads\mbam-chameleon-3.1.7.0.zip2014-12-29 09:17 - 2014-12-29 09:17 - 00000000 ____D () C:\Users\Scott\Downloads\mbam-chameleon-3.1.7.02014-12-26 09:53 - 2014-12-26 09:53 - 00002139 _____ () C:\Users\Public\Desktop\TurboCAD Deluxe 21 - 64 bit.lnk2014-12-26 09:32 - 2014-12-29 17:45 - 00000000 ____D () C:\ProgramData\TEMP2014-12-26 09:32 - 2014-12-26 09:32 - 00000000 ____D () C:\Users\Scott\AppData\Local\CrashRpt2014-12-26 09:27 - 2014-12-29 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboCAD Deluxe 21 - 64 bit2014-12-26 09:26 - 2014-12-26 09:37 - 00000000 ____D () C:\ProgramData\IMSIDesign2014-12-26 09:26 - 2014-12-26 09:32 - 00000000 ____D () C:\Users\Scott\Documents\TurboCAD Deluxe 21x642014-12-26 09:26 - 2014-12-26 09:26 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\IMSIDesign2014-12-26 09:26 - 2014-12-26 09:26 - 00000000 ____D () C:\Program Files\IMSIDesign2014-12-19 16:13 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe2014-12-19 16:13 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe2014-12-11 12:02 - 2014-12-29 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-12-11 12:01 - 2014-12-11 12:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-12-11 12:01 - 2014-12-11 12:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-12-10 11:14 - 2014-12-10 11:14 - 00244032 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\ResetDRM.exe2014-12-09 18:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-12-09 18:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-12-09 18:07 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-12-09 18:07 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec2014-12-09 18:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-12-09 18:07 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2014-12-09 18:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-12-09 18:07 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-12-09 18:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-12-09 18:07 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-12-09 18:07 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec2014-12-09 18:07 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2014-12-09 18:07 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-12-09 18:07 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-12-09 18:07 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-12-09 18:07 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2014-12-09 18:07 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2014-12-09 18:07 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2014-12-09 18:07 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-12-09 18:07 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-12-09 18:07 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-12-09 18:07 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-12-09 18:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-12-09 18:07 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-12-09 18:07 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2014-12-09 18:07 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-12-09 18:07 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-12-09 18:07 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2014-12-09 18:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-12-09 18:07 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2014-12-09 18:07 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-12-09 18:07 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-12-09 18:07 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-12-09 18:07 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-12-09 18:07 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-12-09 18:07 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-12-09 18:07 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-12-09 18:07 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-12-09 18:07 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-12-09 18:06 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2014-12-09 18:06 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2014-12-09 18:06 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2014-12-09 18:06 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2014-12-09 18:06 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys2014-12-09 18:06 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys2014-12-09 18:06 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys2014-12-09 18:06 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 20:28 - 2013-12-03 07:56 - 02023694 _____ () C:\WINDOWS\WindowsUpdate.log2014-12-29 20:25 - 2013-11-26 22:38 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-12-29 20:20 - 2014-11-14 22:15 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001UA.job2014-12-29 20:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-12-29 19:59 - 2013-11-26 21:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3028108582-2284367944-2589376937-10012014-12-29 18:41 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-12-29 18:34 - 2014-07-01 16:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-12-29 18:31 - 2013-12-03 08:15 - 00000000 ___DO () C:\Users\Scott\SkyDrive2014-12-29 18:29 - 2014-08-09 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect2014-12-29 18:29 - 2014-07-01 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-12-29 18:29 - 2013-12-03 07:45 - 00000000 ____D () C:\Users\Scott2014-12-29 18:29 - 2013-11-27 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office2014-12-29 18:29 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-12-29 18:29 - 2013-05-10 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA2014-12-29 18:28 - 2013-09-06 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance2014-12-29 18:28 - 2013-05-10 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-12-29 18:28 - 2013-05-10 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin2014-12-29 18:27 - 2014-09-17 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-12-29 18:27 - 2014-07-01 16:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-29 18:27 - 2014-04-07 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 172014-12-29 18:27 - 2014-03-02 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-12-29 18:27 - 2014-02-11 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC CAMERA2014-12-29 18:27 - 2013-12-17 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc2014-12-29 18:27 - 2013-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-12-29 18:27 - 2013-09-06 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup2014-12-29 18:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration2014-12-29 18:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppCompat2014-12-29 11:12 - 2013-09-29 21:55 - 00115516 _____ () C:\WINDOWS\PFRO.log2014-12-29 08:21 - 2013-08-22 09:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker2014-12-29 08:20 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-12-28 16:14 - 2014-04-25 09:52 - 00000000 ____D () C:\Users\Scott\Desktop\CONNECT2014-12-26 16:45 - 2014-09-25 11:50 - 00000000 ____D () C:\Users\Scott\Desktop\School at Home2014-12-26 06:02 - 2013-12-03 08:52 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E3E3E26B-D38C-42EA-839E-A2A3DAFD6990}2014-12-24 22:20 - 2014-11-14 22:15 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001Core.job2014-12-23 16:07 - 2014-05-02 20:13 - 00155496 _____ () C:\Users\Scott\Desktop\Finances.xlsx2014-12-20 20:19 - 2013-12-17 19:49 - 00243200 ___SH () C:\Users\Scott\Desktop\Thumbs.db2014-12-18 17:00 - 2013-11-27 07:12 - 00003322 _____ () C:\WINDOWS\System32\Tasks\PinItAutoUpdate2014-12-18 12:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-12-17 21:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache2014-12-12 17:40 - 2013-09-29 22:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-12-12 17:39 - 2013-08-22 08:46 - 00302775 _____ () C:\WINDOWS\setupact.log2014-12-10 08:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions2014-12-10 06:27 - 2013-11-26 22:40 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-12-09 21:57 - 2013-11-27 23:38 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-12-09 21:55 - 2013-11-27 23:56 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-12-09 21:52 - 2013-11-27 23:56 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-12-09 16:55 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-12-08 04:04 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Resources2014-12-04 16:11 - 2013-11-27 23:47 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-04 08:18 - 2013-12-06 08:03 - 00000000 ____D () C:\Users\Scott\Desktop\old laptop files Some content of TEMP:====================C:\Users\Scott\AppData\Local\Temp\ClearSpot_2.dllC:\Users\Scott\AppData\Local\Temp\ClearSpot_3.dllC:\Users\Scott\AppData\Local\Temp\Quarantine.exeC:\Users\Scott\AppData\Local\Temp\ReimagePackage.exeC:\Users\Scott\AppData\Local\Temp\ReimageRepair.exeC:\Users\Scott\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-21 08:12 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014Ran by Scott at 2014-12-29 20:41:59Running from C:\Users\Scott\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) HiddenOrigin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)Pinnacle Studio 17 - Install Manager (HKLM-x32\...\{F04D92CC-5C3A-46FA-9C98-6EACBDD262FF}) (Version: 17.0.130 - Corel Corporation)Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.3.0.280 - Corel Corporation)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.)Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)RrSavings (x32 Version: 1.0.0.0 - RrSavings) HiddenScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.6 - Toshiba Corporation)Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6407 - Toshiba Corporation)TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.10 - Toshiba Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)Toshiba Start (HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)TurboCAD Deluxe 21 64-bit (HKLM\...\{6CD8A657-F7E3-4789-8FB1-E30264619ED9}) (Version: 21.2.591 - IMSIDesign)USB2.0 PC CAMERA (HKLM-x32\...\{58D4FB3A-98E9-4B9B-B01E-7F005AEFE019}) (Version: 1.00.0000 - USB 2.0 PC CAMERA)Widevine Media Optimizer IE 6.0.0 (HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Regens\TCImage.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\ImsigxPS21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\PalTool.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{DF9B76D3-539B-42DC-B0A3-80B0664B2C01}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\TcCfpLaunchTool.dll (IMSIDesign, LLC)CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 09-12-2014 21:48:54 Windows Update17-12-2014 10:24:50 Scheduled Checkpoint26-12-2014 10:19:18 Windows Update29-12-2014 18:12:35 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0566D93C-8AF8-4A38-854B-830159B80B4D} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()Task: {12680D06-645E-4128-93C4-A55D0DB1F1E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {1BF9CF17-605A-4C9F-9EF1-CF74B8C5D3D1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)Task: {20B6DF58-7040-4E14-A299-CF01EF3BE647} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)Task: {3015F49B-6035-448B-9724-0B12111A7E6E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)Task: {47F4FC87-2513-4448-9D40-F12FDB70B08C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)Task: {51F9CC33-8955-4AA4-85D7-75C3E595653E} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exeTask: {6A5DC53B-B2E1-4497-918A-C4E3C1EFE3CF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {AB05543B-D705-4670-915D-B1606E5C5DD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)Task: {F9766125-AACE-490B-A11E-9D596D14AA93} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exeTask: {FB3EA074-2397-4F74-9671-09D54616D413} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001Core.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001UA.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe2013-09-21 03:22 - 2013-09-21 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll2014-12-29 19:51 - 2014-12-29 19:51 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll2014-12-29 19:52 - 2014-12-29 19:52 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll2014-12-29 19:51 - 2014-12-29 19:51 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-12-10 06:27 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll2014-12-10 06:27 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll2014-12-10 06:27 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll2014-12-10 06:27 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll2013-09-06 22:37 - 2013-01-14 11:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:9567EA29AlternateDataStreams: C:\Users\Scott\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3028108582-2284367944-2589376937-500 - Administrator - Disabled)Guest (S-1-5-21-3028108582-2284367944-2589376937-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3028108582-2284367944-2589376937-1005 - Limited - Enabled)Scott (S-1-5-21-3028108582-2284367944-2589376937-1001 - Administrator - Enabled) => C:\Users\Scott ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (12/29/2014 07:00:00 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (1132) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU029E9.log. Error: (12/29/2014 06:31:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (12/29/2014 05:48:22 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7Exception code: 0xc000041dFault offset: 0x00000000000025d2Faulting process id: 0xdc8Faulting application start time: 0xtcw21.exe0Faulting application path: tcw21.exe1Faulting module path: tcw21.exe2Report Id: tcw21.exe3Faulting package full name: tcw21.exe4Faulting package-relative application ID: tcw21.exe5 Error: (12/29/2014 05:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7Exception code: 0xc0000005Fault offset: 0x00000000000025d2Faulting process id: 0x93cFaulting application start time: 0xtcw21.exe0Faulting application path: tcw21.exe1Faulting module path: tcw21.exe2Report Id: tcw21.exe3Faulting package full name: tcw21.exe4Faulting package-relative application ID: tcw21.exe5 Error: (12/29/2014 05:43:35 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7Exception code: 0xc000041dFault offset: 0x00000000000025d2Faulting process id: 0x1128Faulting application start time: 0xtcw21.exe0Faulting application path: tcw21.exe1Faulting module path: tcw21.exe2Report Id: tcw21.exe3Faulting package full name: tcw21.exe4Faulting package-relative application ID: tcw21.exe5 Error: (12/29/2014 05:38:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7Exception code: 0xc000041dFault offset: 0x00000000000025d2Faulting process id: 0x15cFaulting application start time: 0xtcw21.exe0Faulting application path: tcw21.exe1Faulting module path: tcw21.exe2Report Id: tcw21.exe3Faulting package full name: tcw21.exe4Faulting package-relative application ID: tcw21.exe5 Error: (12/29/2014 05:03:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503Faulting module name: tccurv21.dll, version: 0.0.0.0, time stamp: 0x545ab5beException code: 0xc0000005Fault offset: 0x0000000000063b00Faulting process id: 0xbd8Faulting application start time: 0xtcw21.exe0Faulting application path: tcw21.exe1Faulting module path: tcw21.exe2Report Id: tcw21.exe3Faulting package full name: tcw21.exe4Faulting package-relative application ID: tcw21.exe5 Error: (12/29/2014 11:14:05 AM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (12/29/2014 08:22:48 AM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (12/29/2014 07:48:06 AM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) System errors:=============Error: (12/29/2014 08:01:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Search Protect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service. Error: (12/29/2014 07:46:33 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)Description: The system watchdog timer was triggered. Error: (12/29/2014 07:46:50 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 7:38:43 AM on ‎12/‎29/‎2014 was unexpected. Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )Description: \Device\Http\ReqQueue127.0.0.1:49159 Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )Description: \Device\Http\ReqQueue127.0.0.1:49158 Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )Description: \Device\Http\ReqQueue127.0.0.1:49157 Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )Description: \Device\Http\ReqQueue127.0.0.1:49156 Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )Description: \Device\Http\ReqQueue127.0.0.1:49155 Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )Description: \Device\Http\ReqQueue127.0.0.1:49154 Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )Description: \Device\Http\ReqQueue127.0.0.1:49153 Microsoft Office Sessions:=========================Error: (12/29/2014 07:00:00 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost1132SRUJet: C:\WINDOWS\system32\SRU\SRU029E9.log-1811 (0xfffff8ed) Error: (12/29/2014 06:31:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (12/29/2014 05:48:22 PM) (Source: Application Error) (EventID: 1000) (User: )Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000041d00000000000025d2dc801d023c18619de08C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dll2c1bf887-8fb5-11e4-bec4-008cfa7036ed Error: (12/29/2014 05:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000000500000000000025d293c01d023c148c3d1ffC:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dllb797dbab-8fb4-11e4-bec4-008cfa7036ed Error: (12/29/2014 05:43:35 PM) (Source: Application Error) (EventID: 1000) (User: )Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000041d00000000000025d2112801d023c083dfa217C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dll80cd4111-8fb4-11e4-bec4-008cfa7036ed Error: (12/29/2014 05:38:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000041d00000000000025d215c01d023bf5e668188C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dllbbbb9582-8fb3-11e4-bec4-008cfa7036ed Error: (12/29/2014 05:03:06 PM) (Source: Application Error) (EventID: 1000) (User: )Description: tcw21.exe21.2.59.1545ab503tccurv21.dll0.0.0.0545ab5bec00000050000000000063b00bd801d023a14a7114baC:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\Regens\tccurv21.dlld8ddc659-8fae-11e4-bec4-008cfa7036ed Error: (12/29/2014 11:14:05 AM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (12/29/2014 08:22:48 AM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (12/29/2014 07:48:06 AM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.Parameter name: dueTimeStack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) ==================== Memory info =========================== Processor: Intel® Pentium® CPU 2020M @ 2.40GHzPercentage of memory in use: 34%Total physical RAM: 6023.27 MBAvailable physical RAM: 3958.99 MBTotal Pagefile: 6983.27 MBAvailable Pagefile: 4471.85 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (TI10664600J) (Fixed) (Total:453.48 GB) (Free:364.07 GB) NTFSDrive d: (ALIAS_SEASON_1) (CDROM) (Total:7.02 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
- December 30, 2014
- 32 replies
hijacker- no threat detected by MalwareBytes

scottbradford84 posted a topic in Resolved Malware Removal Logs

Hey, I'm having issues with what seems to be a hijacker with both my Google Chrome and IE browsers. Upon opening Chrome I get a redirect to http://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M7D047A4E-A659-40BA-9AB0-6A0B5A2D3B4B&SearchSource=55&CUI=&UM=5&UP=SP8964403F-1589-4986-98F7-35DC08849679&SSPV=&did=11168&ppd=1434,147953,20IILv2rbofJEADb3awK9y1y5zD5000.,,,,mario,,,www.supermario4us.com&barid=1523567094493533240&terminator=1_sp_ch running a Malwarebytes scan doesn't detect any threats. Where to turn next?
- December 30, 2014
- 32 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Gringo- All looks well on this front, thank you so much for the help.
- April 22, 2013
- 20 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Alright Gringo, found 3 threats: C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application C:\Users\Laptop\AppData\Local\SoftThinks\McAfee Anti-Theft\godwh.dll Win32/Kryptik.AZDG.Gen trojan
- April 22, 2013
- 20 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Ok Gringo, glad to hear the logs are looking better. The computer seems to be running well, there are times it still seems to be bogged down and running slowly, but there is no longer hijacking going on. The MBAM scan did not find anything malicious, but it never really seemed to before either here are the logs: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Laptop :: LAPTOP-PC [administrator] 4/21/2013 4:01:07 PM mbam-log-2013-04-21 (16-01-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 232952 Time elapsed: 10 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:14:48 PM, on 4/21/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Laptop\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120723175720.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.apple.com/qtactivex/qtplugin.cab O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14974 bytes
- April 21, 2013
- 20 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Good morning Gringo, had to use safe mode to run Combofix again, but it worked. Computer seems to be running smoothly this morning. Still running a csrss.exe process that I have found conflicting info about. I am also now getting a security alert from IE that I am about to leave a secure connection, guessing that is just a setting that needs adjusted. here is the log from combofix: ComboFix 13-04-20.02 - Laptop 04/21/2013 5:28.7.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.2720 [GMT -5:00] Running from: c:\users\Laptop\Downloads\ComboFix.exe Command switches used :: c:\users\Laptop\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 ))))))))))))))))))))))))))))))) . . 2013-04-21 10:35 . 2013-04-21 10:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-21 10:35 . 2013-04-21 10:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-04-21 00:25 . 2013-04-21 00:26 -------- d-----w- c:\program files (x86)\Google 2013-04-19 07:17 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{072D70CF-9DFC-4751-8F0F-13BD41FD1FF9}\mpengine.dll 2013-04-19 01:25 . 2013-04-19 01:25 -------- dc----w- C:\_OTL 2013-04-11 11:25 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-04-11 11:25 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll 2013-04-10 17:12 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 17:12 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-09 20:45 . 2013-04-09 20:45 -------- d-----w- c:\users\Laptop\AppData\Roaming\Amazon 2013-04-09 20:45 . 2013-04-09 20:45 -------- d-----w- c:\program files (x86)\Amazon 2013-04-08 01:56 . 2013-04-08 01:56 -------- dc----w- c:\program files\iPod 2013-04-08 01:56 . 2013-04-08 01:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-08 01:56 . 2013-04-08 01:57 -------- dc----w- c:\program files\iTunes 2013-04-08 01:56 . 2013-04-08 01:57 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 19:50 . 2012-08-21 20:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 00:58 . 2012-06-04 22:00 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-14 21:02 . 2012-06-12 17:22 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 21:02 . 2012-03-27 20:19 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 06:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-02-19 19:59 . 2012-07-23 22:57 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-02-19 19:56 . 2011-03-13 16:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-02-19 19:56 . 2012-03-27 21:10 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-02-19 19:55 . 2012-07-23 22:57 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-02-19 19:55 . 2012-07-23 22:57 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-02-19 19:54 . 2012-06-22 12:36 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-02-19 19:53 . 2012-07-23 22:57 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-02-19 19:53 . 2012-07-23 22:57 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-02-19 19:52 . 2012-06-22 12:34 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-02-12 05:45 . 2013-03-13 11:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 11:13 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 11:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 11:13 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 11:13 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 11:13 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-16 03:07 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-23 17:25 . 2013-01-23 17:25 489712 ----a-w- c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 336384] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-12-12 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-14 204288] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568] R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-07 231440] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-09-14 73096] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-21 00:26 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 21:02] . 2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-21 00:25] . 2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-21 00:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-21 05:39:11 ComboFix-quarantined-files.txt 2013-04-21 10:39 ComboFix2.txt 2013-04-20 20:40 ComboFix3.txt 2013-04-19 02:21 . Pre-Run: 425,691,402,240 bytes free Post-Run: 425,624,485,888 bytes free . - - End Of File - - 31AB9728EAB9CA7A9A5F106E658C3839
- April 21, 2013
- 20 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Alright Gringo, it seems the hijacking has halted! The computer seems to be running pretty smoothly right now, much more quickly than it has been the last couple of weeks. Any other things to do, check out, or anything while I am here? Also, out of curiosity, what was the infection?
- April 21, 2013
- 20 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

thanks, safe mode worked. The computer is still running well, no hijacking in IE still, but Chrome remains affected. here is the report from combofix: ComboFix 13-04-20.02 - Laptop 04/20/2013 15:29:51.5.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.2707 [GMT -5:00] Running from: c:\users\Laptop\Downloads\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 ))))))))))))))))))))))))))))))) . . 2013-04-20 20:37 . 2013-04-20 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-20 20:37 . 2013-04-20 20:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-04-19 07:17 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{072D70CF-9DFC-4751-8F0F-13BD41FD1FF9}\mpengine.dll 2013-04-19 01:25 . 2013-04-19 01:25 -------- dc----w- C:\_OTL 2013-04-11 11:25 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-04-11 11:25 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll 2013-04-10 17:12 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 17:12 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-09 20:45 . 2013-04-09 20:45 -------- d-----w- c:\users\Laptop\AppData\Roaming\Amazon 2013-04-09 20:45 . 2013-04-09 20:45 -------- d-----w- c:\program files (x86)\Amazon 2013-04-08 01:56 . 2013-04-08 01:56 -------- dc----w- c:\program files\iPod 2013-04-08 01:56 . 2013-04-08 01:57 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-04-08 01:56 . 2013-04-08 01:57 -------- dc----w- c:\program files\iTunes 2013-04-08 01:56 . 2013-04-08 01:57 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 19:50 . 2012-08-21 20:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 00:58 . 2012-06-04 22:00 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-14 21:02 . 2012-06-12 17:22 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 21:02 . 2012-03-27 20:19 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 06:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-02-19 19:59 . 2012-07-23 22:57 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-02-19 19:56 . 2011-03-13 16:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-02-19 19:56 . 2012-03-27 21:10 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-02-19 19:55 . 2012-07-23 22:57 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-02-19 19:55 . 2012-07-23 22:57 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-02-19 19:54 . 2012-06-22 12:36 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-02-19 19:53 . 2012-07-23 22:57 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-02-19 19:53 . 2012-07-23 22:57 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-02-19 19:52 . 2012-06-22 12:34 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-02-12 05:45 . 2013-03-13 11:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 11:13 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 11:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 11:13 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 11:13 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 11:13 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-16 03:07 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-23 17:25 . 2013-01-23 17:25 489712 ----a-w- c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 336384] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-12-31 66872] "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-12-12 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-14 204288] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568] R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-07 231440] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-31 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-09-14 73096] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] . . Contents of the 'Scheduled Tasks' folder . 2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 21:02] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179507554-4148872764-2865984417-1001Core.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 16:06] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2179507554-4148872764-2865984417-1001UA.job - c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-29 16:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-20 15:40:46 ComboFix-quarantined-files.txt 2013-04-20 20:40 ComboFix2.txt 2013-04-19 02:21 . Pre-Run: 421,675,380,736 bytes free Post-Run: 421,609,988,096 bytes free . - - End Of File - - 7509720C90F495D59DB806D450D6A099
- April 20, 2013
- 20 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

trying to run combofix, and it completes stage 4 but then it seems to stop. Not sure if I am impatient, or if there is a problem. I let the scan run for over 30 minutes, and it never advances past that point. Do I need to run the scan again, and be patient, or do you have another suggestion? Other than that, the computer is running well, it seems that the hijacker is no longer affecting IE, but it is still active in Chrome
- April 20, 2013
- 20 replies
Unable to find trojan/hijacker, but I know its there

scottbradford84 replied to scottbradford84's topic in Resolved Malware Removal Logs

Still no problems encountered; here are the logs. Greatly appreciate the help so far! # AdwCleaner v2.200 - Logfile created 04/20/2013 at 09:37:08 # Updated 02/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Laptop - LAPTOP-PC # Boot Mode : Normal # Running from : C:\Users\Laptop\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Public\Desktop\eBay.lnk ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [712 octets] - [20/04/2013 09:37:08] ########## EOF - C:\AdwCleaner[s1].txt - [771 octets] ########## RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laptop [Admin rights] Mode : Remove -- Date : 04/20/2013 09:51:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Laptop\AppData\Local\SoftThinks\McAfee Anti-Theft\godwh.dll [x] -> KILLED [TermProc] [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Laptop\AppData\Local\SoftThinks\McAfee Anti-Theft\godwh.dll [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : McAfee Anti-Theft (rundll32 "C:\Users\Laptop\AppData\Local\SoftThinks\McAfee Anti-Theft\godwh.dll",DllCanUnloadNow) [-] -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++ --- User --- [MBR] b232d2985ba828217e0adf6f9492f6ac [bSP] 801a196d7cde5754459f64ce45dd7c1d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04202013_02d0951.txt >> RKreport[1]_S_04202013_02d0947.txt ; RKreport[2]_D_04202013_02d0951.txt
- April 20, 2013
- 20 replies

Events

Profiles

Forums

Everything posted by scottbradford84

Important Information