Jump to content

bamalaw330

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. # AdwCleaner v2.304 - Logfile created 07/09/2013 at 05:50:34 # Updated 03/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Jay Office - JAYOFFICE-PC # Boot Mode : Normal # Running from : C:\Users\Jay Office\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\.autoreg Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\ProgramData\Partner ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\Jay Office\AppData\Roaming\Mozilla\Firefox\Profiles\cwgtvuzq.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Jay Office\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1760 octets] - [09/07/2013 05:50:34] ########## EOF - C:\AdwCleaner[s1].txt - [1820 octets] ########## Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` CloneSpy 2.62 Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (22.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log``````````````````````
  2. I have deleted those files, we will see if that was the hidden problem on this thing! The redirect comes and goes so I will wait a week or so and see what we have. Thank you very much for your help.
  3. Found two threats: C:\Users\Jay\Documents\Miscellaneous\old work site ripped from ftp\index.htm JS/Kryptik.BP trojanC:\Users\Jay Office\Documents\Miscellaneous\old work site ripped from ftp\index.htm JS/Kryptik.BP trojan
  4. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jay Office [Admin rights] Mode : Scan -- Date : 07/08/2013 13:06:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31500341AS ATA Device +++++ --- User --- [MBR] fc140bd0396c5ee591a775d1e9b52e40 [bSP] bc9651e4f2baa387d8c1d59d2601577c : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1405023 Mo 2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2877693952 | Size: 25675 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07082013_130629.txt >> RKreport[0]_S_07082013_103403.txt;RKreport[0]_S_07082013_130342.txt
  5. EXTRAS.TXT OTL Extras logfile created on: 7/8/2013 11:51:37 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay Office\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.85 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 21.33% Memory free11.70 Gb Paging File | 7.48 Gb Available in Paging File | 63.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 1372.09 Gb Total Space | 458.30 Gb Free Space | 33.40% Space Free | Partition Type: NTFS Computer Name: JAYOFFICE-PC | User Name: Jay Office | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation).js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.) [HKEY_USERS\S-1-5-21-1472479234-1408359900-4109720936-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0894ECDB-D98F-4A81-B5DE-77421743C75B}" = rport=137 | protocol=17 | dir=out | app=system | "{11DDE12F-4937-4488-9940-709104EFD682}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1366BE0E-5972-42B2-AC6A-A3BA033BD052}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1558D85E-EC41-4608-B013-752D111AA65E}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{1C622286-E9AE-48A0-B0E8-619A4CCBACC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{25FEBD7A-378A-4900-8B15-88812314B3D4}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{2B521B7C-A20B-403D-8AFF-A04BB0ACFA42}" = lport=139 | protocol=6 | dir=in | app=system | "{5C281283-05DD-48DE-88FA-E7D5B690CC1D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{636014FE-B3E1-41B2-8D90-E6EF0F52309B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{754A9B6A-A6AD-4D00-9BF2-E771001602AC}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{93139864-CCCB-4F2D-9A6E-6B42DE48A822}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ADA957D7-EFFE-42CB-9604-144CEE32CA31}" = rport=139 | protocol=6 | dir=out | app=system | "{B2AF863E-BB06-499A-9745-BAAB600B60E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C4B5F630-97A3-4A39-8604-45DC64B50EC2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{D069B44E-34DA-4C0B-AF50-58B307E1DF33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D4F657FA-E865-4774-A4F1-68183CF888BC}" = lport=445 | protocol=6 | dir=in | app=system | "{D6F9F2EC-24A8-442B-8253-84CF63C43785}" = lport=138 | protocol=17 | dir=in | app=system | "{D8FA48DA-A9FE-464B-94F7-EFB4D20E4F2D}" = rport=138 | protocol=17 | dir=out | app=system | "{E1FD04FC-24BC-46B7-9DC0-51244D964DC6}" = rport=445 | protocol=6 | dir=out | app=system | "{E4619496-F364-4B1B-9F1D-5EFD0CCD52AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{EF96F068-357C-43DA-893C-DCD7FA506D57}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{144B72A4-C79C-4BCC-A419-A6A4C059872D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1D3E1595-4550-4129-A7A5-630ABC332784}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{3FA67740-DC3B-48BD-A508-6C65B3048929}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{464FBECF-60F0-4328-A727-4AA724CC746F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{575982E9-2EBF-4B0F-97E2-31173C85492A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5BC92E6B-9FEB-47EF-8232-22890D7988B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{68601A9F-11E7-4F7F-9C0D-B73A6CBD058D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{6ACC15D9-31C2-4B75-A6E1-9A7A57187167}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{757E8ADC-80A6-4F2E-B0AD-945C1B27FE29}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{7C3951E7-E446-4D79-85F7-3B5C322D8494}" = protocol=17 | dir=in | app=c:\users\jay office\appdata\roaming\dropbox\bin\dropbox.exe | "{8B0F83B1-1601-4274-B1C6-AFD36EBFCE05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{99994C12-C2F5-42C0-8904-767F9B9CDCA4}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{A9A8E82D-4065-4B67-A9F5-1474ABA8B198}" = protocol=6 | dir=in | app=c:\users\jay office\appdata\roaming\dropbox\bin\dropbox.exe | "{CEAE0ABE-26E4-470F-BF9E-37345D3B4D06}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{D6C50F57-2BA7-4F72-AAE2-E0EED6C58E80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{ED7800E0-570A-4B1E-86D9-5D9AC65E4CBE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{EF82C059-5DB7-4B5B-B44C-42597D0F89B5}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "TCP Query User{5872AE2D-D024-41D7-8218-DF49D00FA967}C:\users\jay office\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jay office\appdata\roaming\spotify\spotify.exe | "UDP Query User{7C31EFCB-2774-4B69-8C20-BB50BC9E9AC6}C:\users\jay office\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jay office\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}" = Nitro Reader 3"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"1DDB4A6E49CF5EAED4A0629D104ACFC2CC28EFED" = Windows Driver Package - Citrix Systems monblanking Citrix Driver (06/27/2012 6.3.0.48)"CCleaner" = CCleaner"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"PROSet" = Intel® Network Connections Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{11759AFC-C44B-4C88-AEFA-235687FBC88F}" = GoToMyPC"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{2000BE04-8B25-4776-93FC-830959521033}" = Nero 7 Essentials"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5D50644B-310A-4C1B-B2DD-B8E781ADC430}" = WordPerfect MAIL"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9CB720FC-BC93-6F24-F04A-19946B90410F}" = Bill4Time Widget"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Audacity_is1" = Audacity 2.0.2"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1"Carbonite Backup" = Carbonite"CloneSpy" = CloneSpy 2.62"com.bill4time.airWidget.87E5CAE3D92C22273CA5349DA800745C311CA4D3.1" = Bill4Time Widget"FileZilla Client" = FileZilla Client 3.5.3"Fitbit Connect" = Fitbit Connect"Google Calendar Sync" = Google Calendar Sync"Google Chrome" = Google Chrome"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"Karen's Replicator" = Karen's Replicator"LAME_is1" = LAME v3.99.3 (for Windows)"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"MediaMonkey_is1" = MediaMonkey 4.0"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"N360" = Norton 360"Office14.SingleImage" = Microsoft Office Professional 2010"outlookset" = Outlook Setup Tool"Picasa 3" = Picasa 3"WinLiveSuite" = Windows Live Essentials"Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1472479234-1408359900-4109720936-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)"31cd814a33a23dd7" = DocketSync v1.0 - 1 "Dropbox" = Dropbox"Spotify" = Spotify"UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 5/31/2013 5:00:30 PM | Computer Name = JayOffice-PC | Source = Application Hang | ID = 1002Description = The program iexplore.exe version 10.0.9200.16576 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10ad0 Start Time: 01ce5e2e639adf67 Termination Time: 2302 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: e07ea2c6-ca34-11e2-9e88-000a3a80bc9c Error - 6/5/2013 2:32:11 PM | Computer Name = JayOffice-PC | Source = MsiInstaller | ID = 11721Description = Error - 6/5/2013 2:41:58 PM | Computer Name = JayOffice-PC | Source = MsiInstaller | ID = 11721Description = Error - 6/10/2013 8:25:36 PM | Computer Name = JayOffice-PC | Source = WinMgmt | ID = 10Description = Error - 6/12/2013 7:23:10 AM | Computer Name = JayOffice-PC | Source = WinMgmt | ID = 10Description = Error - 6/14/2013 8:42:48 AM | Computer Name = JayOffice-PC | Source = WinMgmt | ID = 10Description = Error - 6/15/2013 7:18:38 AM | Computer Name = JayOffice-PC | Source = WinMgmt | ID = 10Description = Error - 6/19/2013 2:51:21 AM | Computer Name = JayOffice-PC | Source = Outlook | ID = 34Description = Failed to get the Crawl Scope Manager with error=0x80070015. Error - 6/19/2013 2:53:56 AM | Computer Name = JayOffice-PC | Source = WinMgmt | ID = 10Description = Error - 6/22/2013 2:55:58 AM | Computer Name = JayOffice-PC | Source = Application Error | ID = 1000Description = Faulting application name: ccSvcHst.exe, version: 12.3.3.2, time stamp: 0x519ab0d3 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005 Fault offset: 0x00000001 Faulting process id: 0xd28 Faulting application start time: 0x01ce6cb9d2d6227a Faulting application path: C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe Faulting module path: unknown Report Id: ca0f2966-db08-11e2-9fe1-000a3a80bc9c [ System Events ]Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:34:33 AM | Computer Name = JayOffice-PC | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 7/8/2013 11:40:33 AM | Computer Name = JayOffice-PC | Source = DCOM | ID = 10010Description = < End of report > OTL.txt OTL logfile created on: 7/8/2013 11:51:37 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay Office\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.85 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 21.33% Memory free11.70 Gb Paging File | 7.48 Gb Available in Paging File | 63.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 1372.09 Gb Total Space | 458.30 Gb Free Space | 33.40% Space Free | Partition Type: NTFS Computer Name: JAYOFFICE-PC | User Name: Jay Office | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/08 11:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay Office\Desktop\OTL.exePRC - [2013/06/14 20:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jay Office\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exePRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/03/13 06:26:52 | 003,845,464 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exePRC - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exePRC - [2013/03/13 06:26:50 | 002,511,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exePRC - [2013/03/13 06:26:46 | 002,613,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exePRC - [2013/02/25 10:58:30 | 003,093,024 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exePRC - [2013/02/25 10:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exePRC - [2012/10/22 00:41:20 | 001,065,032 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exePRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exePRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exePRC - [2011/03/21 16:12:54 | 000,020,480 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exePRC - [2011/03/21 16:06:46 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exePRC - [2011/03/15 22:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exePRC - [2010/12/01 01:48:46 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exePRC - [2010/10/08 11:49:40 | 000,285,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exePRC - [2010/10/05 08:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/10/05 08:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/09/09 13:19:08 | 000,265,216 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exePRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Jay Office\AppData\Roaming\Google\Google Talk\googletalk.exe ========== Modules (No Company Name) ========== MOD - [2013/07/02 09:35:12 | 000,197,032 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dllMOD - [2013/07/02 09:35:12 | 000,016,808 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dllMOD - [2013/06/27 06:09:52 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\576cf246dc4a2d51aa3c6ba123f1d178\Microsoft.VisualBasic.ni.dllMOD - [2013/06/27 06:07:25 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dllMOD - [2013/06/14 20:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dllMOD - [2013/06/14 20:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dllMOD - [2013/06/14 20:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dllMOD - [2013/06/14 20:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dllMOD - [2013/06/14 20:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dllMOD - [2013/06/14 20:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dllMOD - [2013/05/15 06:34:22 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dllMOD - [2013/05/15 06:34:11 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dllMOD - [2013/05/15 06:34:04 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dllMOD - [2013/05/15 06:33:55 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dllMOD - [2013/05/15 06:33:50 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dllMOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jay Office\AppData\Roaming\Dropbox\bin\libcef.dllMOD - [2013/01/09 07:46:44 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dllMOD - [2013/01/09 07:36:56 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dllMOD - [2013/01/09 07:36:19 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dllMOD - [2013/01/09 07:36:18 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dllMOD - [2013/01/09 07:36:17 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dllMOD - [2013/01/09 07:36:05 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dllMOD - [2013/01/09 07:36:02 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dllMOD - [2013/01/09 07:35:54 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dllMOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jay Office\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dllMOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dllMOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dllMOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dllMOD - [2010/12/01 01:48:46 | 000,028,672 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exeMOD - [2010/09/20 20:55:52 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dllMOD - [2010/09/20 12:08:10 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dllMOD - [2010/09/09 13:19:30 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dllMOD - [2010/09/09 13:18:58 | 000,211,456 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dllMOD - [2007/12/31 12:27:42 | 000,007,168 | ---- | M] () -- C:\Windows\jmesoft\VistaVolume.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)SRV:64bit: - [2012/10/22 00:33:18 | 006,753,352 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)SRV:64bit: - [2012/04/01 12:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/07/08 09:58:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013/06/12 13:00:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)SRV - [2013/02/25 10:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)SRV - [2011/03/15 22:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)SRV - [2010/10/05 08:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/10/05 08:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/17 21:49:28 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)DRV:64bit: - [2013/03/13 06:15:48 | 000,034,048 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\monblanking.sys -- (monblanking)DRV:64bit: - [2013/03/04 20:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/07/11 16:48:46 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)DRV:64bit: - [2012/07/11 16:48:46 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2012/07/11 16:48:46 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2012/07/11 16:48:46 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2012/07/11 16:48:46 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/10/26 20:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)DRV:64bit: - [2011/10/26 20:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)DRV:64bit: - [2011/06/22 07:11:22 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/06/22 07:11:22 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/06/22 06:45:12 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)DRV:64bit: - [2011/06/22 06:45:12 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)DRV:64bit: - [2010/12/16 22:44:24 | 000,057,856 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010/09/21 01:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)DRV:64bit: - [2010/06/23 20:23:52 | 000,947,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)DRV:64bit: - [2009/07/21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/04/08 08:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64)DRV - [2013/05/21 23:01:18 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130708.002\ex64.sys -- (NAVEX15)DRV - [2013/05/21 23:01:17 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130708.002\eng64.sys -- (NAVENG)DRV - [2013/03/12 16:03:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130705.001\IDSviA64.sys -- (IDSVia64)DRV - [2012/08/16 05:14:49 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2012/08/08 22:07:17 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2010/03/22 20:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LEND&bmod=LENDIE - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBoxIE - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jay Office\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/07/05 12:50:18 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/03/14 13:31:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/28 16:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay Office\AppData\Roaming\Mozilla\Extensions[2013/05/29 15:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay Office\AppData\Roaming\Mozilla\Firefox\Profiles\cwgtvuzq.default\extensions[2013/05/29 15:50:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jay Office\AppData\Roaming\Mozilla\Firefox\Profiles\cwgtvuzq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}[2013/03/14 09:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/07/15 12:51:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}[2013/07/08 09:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013/07/08 09:58:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://www.google.com/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dllCHR - plugin: Norton Confidential (Enabled) = C:\Users\Jay Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLCHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Unity Player (Enabled) = C:\Users\Jay Office\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllCHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Jay Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Jay Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Norton Identity Protection = C:\Users\Jay Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\CHR - Extension: Gmail = C:\Users\Jay Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/06/26 14:23:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [uMonit] C:\Windows\SysWOW64\UMonit.exe ()O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)O4 - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001..\Run: [googletalk] C:\Users\Jay Office\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Jay Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jay Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()O13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1472479234-1408359900-4109720936-1001\..Trusted Domains: localhost ([]* in Local intranet)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.9O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{044E7DBA-1555-4627-B4E8-6EC5FC4F314E}: DhcpNameServer = 192.168.1.1 192.168.0.9O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5A72347-506C-4671-AC54-4B1948D765B7}: DhcpNameServer = 192.168.0.9O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/08 11:50:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jay Office\Desktop\OTL.exe[2013/07/08 10:32:11 | 000,000,000 | ---D | C] -- C:\Users\Jay Office\Desktop\RK_Quarantine[2013/07/08 09:47:39 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jay Office\Desktop\dds.com[2013/07/08 09:20:08 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\08496688.sys[2013/07/02 09:35:47 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe[2013/07/02 09:35:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe[2013/07/02 09:35:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe[2013/07/02 09:35:22 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll[2013/07/02 09:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java[2013/07/02 08:59:28 | 000,000,000 | ---D | C] -- C:\Users\Jay Office\Desktop\Program Shortcuts[2013/07/02 08:39:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/06/26 15:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro[2013/06/26 15:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro[2013/06/26 14:28:01 | 000,000,000 | ---D | C] -- C:\windows\temp[2013/06/26 13:46:21 | 000,000,000 | ---D | C] -- C:\CF[2013/06/26 13:41:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2013/06/26 13:41:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2013/06/26 13:41:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2013/06/26 13:37:33 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/06/26 13:36:44 | 000,000,000 | ---D | C] -- C:\windows\erdnt[2013/06/26 12:25:28 | 000,000,000 | ---D | C] -- C:\windows\pss[2013/06/19 10:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect[2013/06/19 10:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\FitbitConnect[2013/06/19 10:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fitbit Connect[2013/06/19 10:43:06 | 001,910,424 | ---- | C] (Fitbit Inc.) -- C:\Users\Jay Office\Desktop\FitbitConnect_Win_20130226_1.0.0.2578.exe[2013/06/15 06:00:41 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll[2013/06/15 06:00:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll[2013/06/13 17:21:15 | 000,000,000 | ---D | C] -- C:\Users\Jay Office\Desktop\Registry Backups[2013/06/13 16:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner[2013/06/13 16:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner[2013/06/13 14:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/06/13 14:50:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys[2013/06/13 14:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/06/13 14:16:46 | 000,000,000 | ---D | C] -- C:\Users\Jay Office\AppData\Local\NPE[2013/06/13 14:16:24 | 000,000,000 | ---D | C] -- C:\Users\Jay Office\AppData\Roaming\Malwarebytes[2013/06/13 14:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/06/13 14:16:03 | 000,000,000 | ---D | C] -- C:\Users\Jay Office\AppData\Local\Programs[2013/06/12 06:01:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll[2013/06/12 06:01:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe[2013/06/12 06:01:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll[2013/06/12 06:01:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll[2013/06/12 06:01:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe[2013/06/12 06:01:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll[2013/06/12 06:01:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll[2013/06/12 06:01:50 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll[2013/06/12 06:01:50 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll[2013/06/12 06:01:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll[2013/06/12 06:01:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll[2013/06/12 06:01:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe[2013/06/12 06:01:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll[2013/06/11 21:20:27 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll[2013/06/11 21:20:27 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll[2013/06/11 21:20:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll[2013/06/11 21:20:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll[2013/06/11 21:20:11 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll[2013/06/11 21:20:05 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe[2013/06/11 21:20:04 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll[2013/06/11 21:20:04 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe[2013/06/11 21:20:04 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll[2013/06/11 21:20:04 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll[2013/06/11 21:20:04 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll[2013/06/11 21:19:43 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll[2013/06/11 21:19:43 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll[2013/06/10 19:19:46 | 000,000,000 | ---D | C] -- C:\Users\Jay Office\AppData\Local\Diagnostics[2011/06/22 06:44:34 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe ========== Files - Modified Within 30 Days ========== [2013/07/08 11:50:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay Office\Desktop\OTL.exe[2013/07/08 11:04:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/08 11:00:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2013/07/08 10:37:08 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/08 10:37:02 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/08 10:31:16 | 003,775,488 | ---- | M] () -- C:\Users\Jay Office\Desktop\RogueKillerX64.exe[2013/07/08 09:47:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jay Office\Desktop\dds.com[2013/07/08 09:20:08 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\08496688.sys[2013/07/07 18:17:06 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2013/07/05 12:49:22 | 000,146,497 | ---- | M] () -- C:\windows\SysNative\fastboot.set[2013/07/05 12:48:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2013/07/05 12:48:17 | 417,665,023 | -HS- | M] () -- C:\hiberfil.sys[2013/07/03 10:24:00 | 000,102,996 | ---- | M] () -- C:\Users\Jay Office\Desktop\CondoQuo.pdf[2013/07/03 10:24:00 | 000,076,662 | ---- | M] () -- C:\Users\Jay Office\Desktop\Automobi.pdf[2013/07/03 10:24:00 | 000,076,582 | ---- | M] () -- C:\Users\Jay Office\Desktop\Automo~3.pdf[2013/07/03 10:24:00 | 000,076,179 | ---- | M] () -- C:\Users\Jay Office\Desktop\AutoQuot.pdf[2013/07/03 10:24:00 | 000,075,729 | ---- | M] () -- C:\Users\Jay Office\Desktop\Automo~2.pdf[2013/07/03 10:24:00 | 000,034,791 | ---- | M] () -- C:\Users\Jay Office\Desktop\PUMBQuot.pdf[2013/07/03 10:17:00 | 000,076,159 | ---- | M] () -- C:\Users\Jay Office\Desktop\Automo~1.pdf[2013/07/03 08:11:18 | 000,057,649 | ---- | M] () -- C:\Users\Jay Office\Desktop\Capture5.jpg[2013/07/02 15:01:56 | 000,270,996 | ---- | M] () -- C:\Users\Jay Office\Desktop\old and new alabama senate districts.jpg[2013/07/02 15:00:46 | 000,275,749 | ---- | M] () -- C:\Users\Jay Office\Desktop\old and new alabama house districts.jpg[2013/07/02 14:46:17 | 001,192,367 | ---- | M] () -- C:\Users\Jay Office\Desktop\sa-app-2003.pdf[2013/07/02 09:35:13 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll[2013/07/02 09:35:12 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll[2013/07/02 09:35:12 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll[2013/07/02 09:35:12 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe[2013/07/02 09:35:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe[2013/07/02 09:35:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe[2013/07/02 08:38:33 | 001,964,059 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1404000.028\Cat.DB[2013/06/27 06:05:57 | 000,777,034 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI[2013/06/27 06:05:57 | 000,663,200 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2013/06/27 06:05:57 | 000,122,068 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2013/06/27 06:05:48 | 000,777,034 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2013/06/26 14:23:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts[2013/06/24 12:37:23 | 000,000,952 | -HS- | M] () -- C:\windows\SysWow64\KGyGaAvL.sys[2013/06/19 10:43:07 | 001,910,424 | ---- | M] (Fitbit Inc.) -- C:\Users\Jay Office\Desktop\FitbitConnect_Win_20130226_1.0.0.2578.exe[2013/06/19 01:53:57 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk[2013/06/17 21:49:28 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS[2013/06/17 21:49:28 | 000,007,631 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT[2013/06/17 21:49:28 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF[2013/06/12 13:00:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe[2013/06/12 13:00:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl[2013/06/12 06:22:33 | 000,426,616 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/07/08 10:31:15 | 003,775,488 | ---- | C] () -- C:\Users\Jay Office\Desktop\RogueKillerX64.exe[2013/07/03 10:24:00 | 000,102,996 | ---- | C] () -- C:\Users\Jay Office\Desktop\CondoQuo.pdf[2013/07/03 10:24:00 | 000,076,662 | ---- | C] () -- C:\Users\Jay Office\Desktop\Automobi.pdf[2013/07/03 10:24:00 | 000,076,582 | ---- | C] () -- C:\Users\Jay Office\Desktop\Automo~3.pdf[2013/07/03 10:24:00 | 000,076,179 | ---- | C] () -- C:\Users\Jay Office\Desktop\AutoQuot.pdf[2013/07/03 10:24:00 | 000,075,729 | ---- | C] () -- C:\Users\Jay Office\Desktop\Automo~2.pdf[2013/07/03 10:24:00 | 000,034,791 | ---- | C] () -- C:\Users\Jay Office\Desktop\PUMBQuot.pdf[2013/07/03 10:17:00 | 000,076,159 | ---- | C] () -- C:\Users\Jay Office\Desktop\Automo~1.pdf[2013/07/03 08:11:18 | 000,057,649 | ---- | C] () -- C:\Users\Jay Office\Desktop\Capture5.jpg[2013/07/02 15:01:56 | 000,270,996 | ---- | C] () -- C:\Users\Jay Office\Desktop\old and new alabama senate districts.jpg[2013/07/02 15:00:46 | 000,275,749 | ---- | C] () -- C:\Users\Jay Office\Desktop\old and new alabama house districts.jpg[2013/07/02 14:46:17 | 001,192,367 | ---- | C] () -- C:\Users\Jay Office\Desktop\sa-app-2003.pdf[2013/06/26 13:41:19 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2013/06/26 13:41:18 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2013/06/26 13:41:18 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2013/06/26 13:41:18 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2013/06/26 13:41:18 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin[2011/12/17 12:06:26 | 000,006,656 | ---- | C] () -- C:\Users\Jay Office\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/12/08 14:38:03 | 000,000,952 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll[2011/11/28 19:23:45 | 000,777,034 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2009/11/02 15:20:21 | 000,000,063 | ---- | C] () -- C:\Users\Jay Office\jagex_runescape_preferences2.dat[2009/11/02 15:19:22 | 000,000,038 | ---- | C] () -- C:\Users\Jay Office\jagex_runescape_preferences.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  6. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jay Office [Admin rights] Mode : Scan -- Date : 07/08/2013 10:34:03 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31500341AS ATA Device +++++ --- User --- [MBR] fc140bd0396c5ee591a775d1e9b52e40 [bSP] bc9651e4f2baa387d8c1d59d2601577c : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1405023 Mo 2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2877693952 | Size: 25675 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07082013_103403.txt >>
  7. ComboFix 13-06-26.01 - Jay Office 06/26/2013 13:49:18.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.2539 [GMT -5:00] Running from: c:\users\Jay Office\Desktop\CF.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2013-05-26 to 2013-06-26 ))))))))))))))))))))))))))))))) . . 2013-06-26 19:23 . 2013-06-26 19:23 -------- d-----w- c:\users\Jay\AppData\Local\temp 2013-06-26 19:23 . 2013-06-26 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-19 15:43 . 2013-06-19 15:43 -------- d-----w- c:\programdata\FitbitConnect 2013-06-19 15:43 . 2013-06-19 15:43 -------- d-----w- c:\program files (x86)\Fitbit Connect 2013-06-14 22:25 . 2013-06-19 06:52 -------- d-----w- c:\windows\system32\drivers\N360x64\1404000.028 2013-06-13 21:32 . 2013-06-13 21:32 -------- d-----w- c:\program files\CCleaner 2013-06-13 19:50 . 2013-06-13 19:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-13 19:50 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-13 19:16 . 2013-06-13 19:17 -------- d-----w- c:\users\Jay Office\AppData\Local\NPE 2013-06-13 19:16 . 2013-06-13 19:16 -------- d-----w- c:\users\Jay Office\AppData\Roaming\Malwarebytes 2013-06-13 19:16 . 2013-06-13 19:16 -------- d-----w- c:\programdata\Malwarebytes 2013-06-13 19:16 . 2013-06-13 19:16 -------- d-----w- c:\users\Jay Office\AppData\Local\Programs 2013-06-12 02:20 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 02:19 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-06-12 02:19 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-11 00:19 . 2013-06-11 00:19 -------- d-----w- c:\users\Jay Office\AppData\Local\Diagnostics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-18 02:49 . 2012-07-12 16:50 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-06-12 18:00 . 2012-04-11 13:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 18:00 . 2011-11-28 21:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 11:02 . 2013-05-23 15:23 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 13:11 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-13 05:49 . 2013-05-15 06:25 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 06:25 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 06:25 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 06:25 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 06:25 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 06:25 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 02:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 06:25 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 06:25 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 06:25 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 10:35 . 2013-05-01 13:10 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-29 11:02 . 2013-03-29 11:02 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-29 11:02 . 2013-03-29 11:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-29 11:02 . 2013-03-29 11:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-29 11:02 . 2013-03-29 11:02 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-29 11:02 . 2013-03-29 11:02 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-29 11:02 . 2013-03-29 11:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-29 11:02 . 2013-03-29 11:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-29 11:02 . 2013-03-29 11:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-29 11:02 . 2013-03-29 11:02 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-29 11:02 . 2013-03-29 11:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-29 11:02 . 2013-03-29 11:02 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-29 11:02 . 2013-03-29 11:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-29 11:02 . 2013-03-29 11:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-29 11:02 . 2013-03-29 11:02 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-29 11:02 . 2013-03-29 11:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-29 11:02 . 2013-03-29 11:02 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-29 11:02 . 2013-03-29 11:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-29 11:02 . 2013-03-29 11:02 441856 ----a-w- c:\windows\system32\html.iec 2013-03-29 11:02 . 2013-03-29 11:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-29 11:02 . 2013-03-29 11:02 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-29 11:02 . 2013-03-29 11:02 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-29 11:02 . 2013-03-29 11:02 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-29 11:02 . 2013-03-29 11:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-29 11:02 . 2013-03-29 11:02 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-29 11:02 . 2013-03-29 11:02 235008 ----a-w- c:\windows\system32\url.dll 2013-03-29 11:02 . 2013-03-29 11:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-29 11:02 . 2013-03-29 11:02 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-29 11:02 . 2013-03-29 11:02 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-29 11:02 . 2013-03-29 11:02 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-29 11:02 . 2013-03-29 11:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-29 11:02 . 2013-03-29 11:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-29 11:02 . 2013-03-29 11:02 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-29 11:02 . 2013-03-29 11:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-29 11:02 . 2013-03-29 11:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-29 11:02 . 2013-03-29 11:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-29 11:02 . 2013-03-29 11:02 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-29 11:02 . 2013-03-29 11:02 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-29 11:02 . 2013-03-29 11:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-29 11:02 . 2013-03-29 11:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-29 11:02 . 2013-03-29 11:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-29 11:02 . 2013-03-29 11:02 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-29 11:02 . 2013-03-29 11:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-29 11:02 . 2013-03-29 11:02 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-29 11:02 . 2013-03-29 11:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-29 11:02 . 2013-03-29 11:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-29 11:02 . 2013-03-29 11:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-29 11:02 . 2013-03-29 11:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-29 11:02 . 2013-03-29 11:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-29 11:02 . 2013-03-29 11:02 102912 ----a-w- c:\windows\system32\inseng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-10-22 05:41 1019976 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-10-22 05:41 1019976 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-10-22 05:41 1019976 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Jay Office\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Jay Office\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Jay Office\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\users\Jay Office\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-03-21 118784] "jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672] "Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216] "Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-10-22 1065032] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2013-02-25 3093024] . c:\users\Jay Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jay Office\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368] Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x] S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130625.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130625.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x] S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x] S2 monblanking;monblanking;c:\windows\system32\DRIVERS\monblanking.sys;c:\windows\SYSNATIVE\DRIVERS\monblanking.sys [x] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [x] S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 01:59 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:00] . 2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 11:44] . 2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 11:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-10-22 05:33 1292360 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-10-22 05:33 1292360 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-10-22 05:33 1292360 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Jay Office\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Jay Office\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Jay Office\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Jay Office\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656] "UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-22 114688] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.9 FF - ProfilePath - c:\users\Jay Office\AppData\Roaming\Mozilla\Firefox\Profiles\cwgtvuzq.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-26 14:27:58 ComboFix-quarantined-files.txt 2013-06-26 19:27 . Pre-Run: 497,668,681,728 bytes free Post-Run: 497,222,610,944 bytes free . - - End Of File - - 517B0F31E1B5A50BA91080EBE32DC668 A36C5E4F47E84449FF07ED3517B43A31
  8. I appreciate any help you can provide. I've contracted what I think is a version of the Google redirect virus. I've gone through and taken the following steps multiple times. At some point during this process each time the problem has gone away. The issue I'm having is that anywhere between a week or two later it pops back up. When the virus is "active" then any attempt to go directly to google shows up as the website not existing and any attempt to google an item through the use of the address bar pops a security warning about a dangerous website. This site has been different each time. The virus effects all browsers. Steps Taken: 1) I've checked LAN settings to ensure there is no proxy server being used 2) I've confirmed my DNS settings 3) I've checked my Window's Host file. (Initially, there was another IP address here that was deleted and since it has been correct) 4) I've checked all add on's with all the browsers used (IE, Firefox, Chrome) 5) I've scanned numerous times with malwayrebytes, also used Hitman 6) I've used TDSSKiller (scan never found any malicious threats) 7) I've used Norton's FixTDSS tool 8) I've run combofix 9) I've used CCleaner 10) The issue is only effecting this computer and no others on the network so I know its not a router issue. Also, when the issue has popped up I've switched between connections and it continues. These are the steps I remember haven taken. This has been going on now for approximately a month and a half. Not only is it simply irritating but I know that this "virus" can have much more serious ramifications. Any help is appreciated! I've included the DDS files below: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 11/28/2011 3:23:26 PMSystem Uptime: 7/5/2013 12:48:01 PM (69 hours ago).Motherboard: LENOVO | | To be filled by O.E.M.Processor: Intel® Core i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1372 GiB total, 458.363 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1081F589&0&FCC7348F38F2_C00000000Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1081F589&0&FCC7348F38F2_C00000000Service: .Class GUID: Description: Bluetooth Peripheral DeviceDevice ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1081F589&0&FCC7348F38F2_C00000000Manufacturer: Name: Bluetooth Peripheral DevicePNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1081F589&0&FCC7348F38F2_C00000000Service: .Class GUID: {36fc9e60-c465-11cf-8056-444553540000}Description: Unknown DeviceDevice ID: USB\VID_0000&PID_0000\6&388EC12&0&4Manufacturer: (Standard USB Host Controller)Name: Unknown DevicePNP Device ID: USB\VID_0000&PID_0000\6&388EC12&0&4Service: .==== System Restore Points ===================.RP141: 7/5/2013 3:56:13 PM - Scheduled Checkpoint.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.7)Adobe Shockwave Player 11.6Audacity 2.0.2Bill4Time WidgetBlackBerry Desktop Software 6.1BlackBerry Device Software UpdaterCarboniteCCleanerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCloneSpy 2.62D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDocketSync v1.0 - 1 DropboxFileZilla Client 3.5.3Fitbit ConnectGenesys USB Mass Storage DeviceGoogle Calendar SyncGoogle ChromeGoogle Talk (remove only)Google Update HelperGoToMyPCHTC BMP USB DriverHTC Driver InstallerHTC SyncIntel® Control CenterIntel® Management Engine ComponentsIntel® Network Connections DriversIntel® Processor GraphicsJava 7 Update 25Java Auto UpdaterJunk Mail filter updateKaren's ReplicatorLAME v3.99.3 (for Windows)Lenovo Driver and Application InstallationLenovo Dynamic Brightness SystemLenovo EE Boot OptimizerLenovo Eye Distance SystemLenovo Power2GoLenovo Rescue SystemLenovo Tinian Fn PS/2 Keyboard DriverLVTMacromedia Dreamweaver MXMacromedia Extension ManagerMacromedia Fireworks MXMacromedia Flash MXMacromedia FreeHand 10Malwarebytes Anti-Malware version 1.75.0.1300MediaMonkey 4.0Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Works 6-9 ConverterMozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)Nero 7 EssentialsNitro Reader 3Norton 360Outlook Setup ToolPicasa 3Realtek High Definition Audio DriverREALTEK Wireless LAN DriverSamsung KiesSAMSUNG USB Driver for Mobile PhonesSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSpotifyswMSMUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionWIDCOMM Bluetooth SoftwareWindows Driver Package - Citrix Systems monblanking Citrix Driver (06/27/2012 6.3.0.48)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWordPerfect MAILWordPerfect Office X3Yahoo! Messenger.==== Event Viewer Messages From Past Week ========.7/7/2013 10:32:33 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.7/5/2013 12:54:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.7/5/2013 12:51:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.7/5/2013 12:51:26 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/3/2013 4:39:29 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.7/3/2013 2:43:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.7/2/2013 9:58:09 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.7/2/2013 2:49:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.7/2/2013 2:49:04 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.7/2/2013 2:48:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}7/2/2013 2:48:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.7/2/2013 2:48:37 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.7/2/2013 2:46:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.7/2/2013 2:23:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}7/2/2013 2:15:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}7/2/2013 2:15:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}7/2/2013 2:15:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}7/2/2013 2:15:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}7/2/2013 2:15:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}7/2/2013 2:15:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}7/2/2013 2:15:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}7/2/2013 2:14:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 BPntDrv ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv67/2/2013 2:10:12 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.7/2/2013 2:10:11 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.7/2/2013 2:10:11 PM, Error: BROWSER [8017] - The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295. Status Meaning 1 Service Stopped 2 Start Pending 3 Stop Pending 4 Running 5 Continue Pending 6 Pause Pending 7 Paused7/2/2013 2:10:09 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..7/2/2013 2:10:07 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).7/2/2013 2:10:07 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.7/2/2013 1:55:59 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2Run by Jay Office at 9:50:28 on 2013-07-08Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.1946 [GMT -5:00].AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exeC:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exeC:\Windows\jmesoft\Service.exeC:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exeC:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exeC:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exeC:\windows\system32\svchost.exe -k bthsvcsC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\SysWOW64\UMonit.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Users\Jay Office\AppData\Roaming\Google\Google Talk\googletalk.exeC:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeC:\Users\Jay Office\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Windows\jmesoft\hotkey.exeC:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exeC:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exeC:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\jmesoft\JME_LOAD.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\windows\SysWOW64\RunDll32.exeC:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\PROGRA~2\Nitro\READER~1\NITROP~2.EXEC:\windows\splwow64.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dlluRun: [googletalk] C:\Users\Jay Office\AppData\Roaming\Google\Google Talk\googletalk.exe /autostartuRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunmRun: [jmekey] C:\windows\jmesoft\hotkey.exemRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exemRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exemRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorunmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\JAYOFF~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jay Office\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.htaIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.1 192.168.0.9TCP: Interfaces\{044E7DBA-1555-4627-B4E8-6EC5FC4F314E} : DHCPNameServer = 192.168.1.1 192.168.0.9TCP: Interfaces\{F5A72347-506C-4671-AC54-4B1948D765B7} : DHCPNameServer = 192.168.0.9Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [uMonit] C:\windows\SysWOW64\UMonit.exex64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exex64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jay Office\AppData\Roaming\Mozilla\Firefox\Profiles\cwgtvuzq.default\FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dllFF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dllFF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Jay Office\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dllFF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dllFF - plugin: C:\windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-6-22 57952]R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-14 493656]R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-14 1139800]R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-6-22 20832]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [2013-7-2 1393240]R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-6-22 13408]R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-14 169048]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130705.001\IDSviA64.sys [2013-7-5 513184]R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-14 224416]R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-14 433752]R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2011-6-22 32768]R2 monblanking;monblanking;C:\windows\System32\drivers\monblanking.sys [2013-5-10 34048]R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-14 144368]R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-22 2655768]R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\drivers\btwampfl.sys [2012-7-11 594472]R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-7-11 39976]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-16 138912]R3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\drivers\GeneStor.sys [2011-6-22 57856]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-11-19 317440]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-22 947304]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2011-12-23 95928]S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2010-6-25 36928]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2011-12-23 203320]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-30 1255736]S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-07-08 14:20:08 208216 ----a-w- C:\windows\System32\drivers\08496688.sys2013-07-02 14:35:22 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-02 13:39:23 -------- d-sh--w- C:\$RECYCLE.BIN2013-06-26 20:03:58 -------- d-----w- C:\Program Files\HitmanPro2013-06-26 20:01:53 -------- d-----w- C:\ProgramData\HitmanPro2013-06-26 18:46:21 -------- d-----w- C:\CF2013-06-26 18:41:19 208896 ----a-w- C:\windows\MBR.exe2013-06-26 18:41:18 98816 ----a-w- C:\windows\sed.exe2013-06-26 18:41:18 256000 ----a-w- C:\windows\PEV.exe2013-06-26 17:25:28 -------- d-----w- C:\windows\pss2013-06-19 15:43:30 -------- d-----w- C:\ProgramData\FitbitConnect2013-06-19 15:43:28 -------- d-----w- C:\Program Files (x86)\Fitbit Connect2013-06-14 22:25:23 796760 ----a-w- C:\windows\System32\drivers\N360x64\1404000.028\srtsp64.sys2013-06-14 22:25:23 493656 ----a-w- C:\windows\System32\drivers\N360x64\1404000.028\symds64.sys2013-06-14 22:25:23 433752 ----a-w- C:\windows\System32\drivers\N360x64\1404000.028\symnets.sys2013-06-14 22:25:23 36952 ----a-w- C:\windows\System32\drivers\N360x64\1404000.028\srtspx64.sys2013-06-14 22:25:23 23448 ----a-r- C:\windows\System32\drivers\N360x64\1404000.028\symelam.sys2013-06-14 22:25:23 224416 ----a-w- C:\windows\System32\drivers\N360x64\1404000.028\ironx64.sys2013-06-14 22:25:23 169048 ----a-w- C:\windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys2013-06-14 22:25:23 1139800 ----a-w- C:\windows\System32\drivers\N360x64\1404000.028\symefa64.sys2013-06-14 22:25:04 -------- d-----w- C:\windows\System32\drivers\N360x64\1404000.0282013-06-13 21:32:45 -------- d-----w- C:\Program Files\CCleaner2013-06-13 19:50:02 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2013-06-13 19:50:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-06-13 19:16:46 -------- d-----w- C:\Users\Jay Office\AppData\Local\NPE2013-06-13 19:16:24 -------- d-----w- C:\Users\Jay Office\AppData\Roaming\Malwarebytes2013-06-13 19:16:16 -------- d-----w- C:\ProgramData\Malwarebytes2013-06-13 19:16:03 -------- d-----w- C:\Users\Jay Office\AppData\Local\Programs2013-06-12 02:20:28 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-06-12 02:19:43 1887232 ----a-w- C:\windows\System32\d3d11.dll2013-06-12 02:19:43 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll2013-06-11 00:19:46 -------- d-----w- C:\Users\Jay Office\AppData\Local\Diagnostics.==================== Find3M ====================.2013-07-02 14:35:12 867240 ----a-w- C:\windows\SysWow64\npdeployJava1.dll2013-07-02 14:35:12 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll2013-06-24 17:37:23 952 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys2013-06-18 02:49:28 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS2013-06-12 18:00:22 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-12 18:00:22 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-06-08 12:28:46 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-06-08 11:13:19 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-05-17 01:25:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-05-17 00:59:03 2241024 ----a-w- C:\windows\System32\wininet.dll2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll2013-04-17 07:02:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll2013-04-17 06:24:46 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys2013-04-10 06:01:53 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys.============= FINISH: 9:51:04.45 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.