Jump to content

roycut

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I was afraid to delete anything. Here is the log file I appreciate your help # AdwCleaner v3.002 - Report created 02/09/2013 at 12:32:07 # Updated 01/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Roy - ROY-PC # Running from : C:\Users\Roy\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\END File Found : C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\user.js Folder Found : C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Folder Found : C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk Folder Found C:\Program Files (x86)\Conduit Folder Found C:\Program Files (x86)\SaveValet Folder Found C:\Program Files (x86)\TornTV.com Folder Found C:\Program Files (x86)\TranslatorBar_2 Folder Found C:\Users\Roy\AppData\Local\Conduit Folder Found C:\Users\Roy\AppData\Local\cre Folder Found C:\Users\Roy\AppData\Local\DefineExt Folder Found C:\Users\Roy\AppData\LocalLow\Conduit Folder Found C:\Users\Roy\AppData\LocalLow\PriceGong Folder Found C:\Users\Roy\AppData\LocalLow\TranslatorBar_2 Folder Found C:\Users\Roy\AppData\Roaming\DefaultTab Folder Found C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com Folder Found C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\adawaretb Folder Found C:\Users\Roy\IECompatCache ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\TranslatorBar_2 Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Key Found : HKCU\Software\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\SocialBit Key Found : HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\1ClickDownload Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\ Key Found : [x64] HKCU\Software\SocialBit Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\ Key Found : HKLM\SOFTWARE\Classes\AppID\ Key Found : HKLM\SOFTWARE\Classes\AppID\ Key Found : HKLM\SOFTWARE\Classes\CLSID\ Key Found : HKLM\SOFTWARE\Classes\CLSID\ Key Found : HKLM\SOFTWARE\Classes\CLSID\ Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Key Found : HKLM\SOFTWARE\Classes\Interface\ Key Found : HKLM\SOFTWARE\Classes\Interface\ Key Found : HKLM\SOFTWARE\Classes\Interface\ Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Found : HKLM\SOFTWARE\Classes\TypeLib\ Key Found : HKLM\SOFTWARE\Classes\TypeLib\ Key Found : HKLM\SOFTWARE\Classes\TypeLib\ Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Default Tab Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\njljkdinboobkmkihgcohanchjnjpgjk Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F42884E9-47FB-4BC8-9C36-4D76C0BFA731} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TranslatorBar_2 Toolbar Key Found : HKLM\Software\TranslatorBar_2 Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\ Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\ Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\ Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{85C38158-E43D-4FFF-9602-1BFAC9E9D47B}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{85C38158-E43D-4FFF-9602-1BFAC9E9D47B}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v [ File : C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage Found : icon_url Found : search_url Found : suggest_url Found : keyword Found : homepage Found : search_url Found : homepage Found : icon_url Found : search_url Found : suggest_url Found : keyword ************************* AdwCleaner[R0].txt - [10335 octets] - [02/09/2013 12:32:07] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10396 octets] ##########
  2. MrCharlie Here is my combofix log ComboFix 13-09-02.02 - Roy 09/02/2013 10:47:25.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6304 [GMT -4:00] Running from: c:\users\Roy\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\data\log.dta c:\data\newbldpres.dta C:\Install.exe c:\users\Roy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe c:\users\Roy\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe c:\users\Roy\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2013-08-02 to 2013-09-02 ))))))))))))))))))))))))))))))) . . 2013-09-02 14:51 . 2013-09-02 14:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-09-02 14:51 . 2013-09-02 14:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-09-01 00:29 . 2013-09-01 00:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-31 17:57 . 2013-08-31 17:57 -------- d-----w- c:\program files (x86)\Browsersafeguard 2013-08-31 17:56 . 2013-08-31 17:56 -------- d-----w- c:\program files (x86)\SaveValet 2013-08-31 17:56 . 2013-08-31 18:05 -------- d-----w- c:\users\Roy\AppData\Local\DefineExt 2013-08-30 19:05 . 2013-08-30 19:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-08-30 19:05 . 2013-08-30 19:04 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-26 22:50 . 2013-09-01 14:40 -------- d-----w- c:\users\Roy\AppData\Local\NPE 2013-08-26 22:36 . 2013-08-26 22:36 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-08-26 22:36 . 2013-08-26 22:36 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-08-26 22:34 . 2013-08-26 22:34 -------- d-----w- c:\windows\system32\drivers\NISx64 2013-08-26 22:34 . 2013-08-26 22:34 -------- d-----w- c:\program files (x86)\Norton Internet Security 2013-08-26 22:26 . 2013-08-26 22:26 -------- d-----w- c:\programdata\PCSettings 2013-08-26 22:08 . 2013-08-26 22:08 -------- d-----w- c:\program files (x86)\Trend Micro 2013-08-26 21:40 . 2013-08-26 21:40 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-08-26 21:24 . 2013-08-26 21:24 -------- d-----w- c:\program files\HitmanPro 2013-08-26 01:58 . 2013-08-26 01:58 -------- d-----w- C:\FRST 2013-08-25 20:49 . 2013-08-26 21:10 -------- d-----w- c:\users\Roy\AppData\Local\KB7658521 2013-08-19 00:43 . 2013-08-19 00:43 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-19 00:43 . 2013-08-19 00:43 -------- d-----w- c:\program files\iTunes 2013-08-19 00:43 . 2013-08-19 00:43 -------- d-----w- c:\program files (x86)\iTunes 2013-08-19 00:43 . 2013-08-19 00:43 -------- d-----w- c:\program files\iPod 2013-08-14 07:14 . 2013-07-26 05:12 526336 ----a-w- c:\windows\system32\ieui.dll 2013-08-14 07:14 . 2013-07-26 03:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-08-14 07:14 . 2013-07-26 02:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-08-14 02:28 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 02:27 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-14 02:27 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-14 02:27 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 02:27 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 02:27 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-14 02:27 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-14 02:27 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-14 02:27 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-14 02:27 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-14 02:27 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-14 02:27 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-14 02:27 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-14 02:27 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-30 19:04 . 2012-08-19 21:59 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-08-30 19:04 . 2012-04-20 21:42 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-05 20:14 . 2010-01-05 08:44 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-28 18:05 . 2012-08-12 04:56 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-28 18:05 . 2011-05-24 20:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-09 04:45 . 2013-08-14 02:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-06-05 03:34 . 2013-07-10 07:17 3153920 ----a-w- c:\windows\system32\win32k.sys 2012-08-02 16:54 . 2012-09-10 22:27 29385784 ----a-w- c:\program files (x86)\SystemMechanic.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Roy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720] "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);j:\hitmanpro_x64.exe;j:\HitmanPro_x64.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys;c:\windows\SYSNATIVE\drivers\hitmanpro36.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x] R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R4 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130830.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130830.001\IDSvia64.sys [x] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x] S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys;c:\windows\SYSNATIVE\drivers\sbtis.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMNETS.SYS [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 18:05] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 17:55] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 17:55] . 2013-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001Core.job - c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 12:30] . 2013-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001UA.job - c:\users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 12:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Roy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360] . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <-loopback>;<local> uCustomizeSearch = TCP: DhcpNameServer = 192.168.0.1 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE "%1" . - - - - ORPHANS REMOVED - - - - . BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{85C38158-E43D-4FFF-9602-1BFAC9E9D47B} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HitmanPro37CrusaderBoot] "ImagePath"="\"j:\hitmanpro_x64.exe\" /crusader:boot" -- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-02 10:53:45 ComboFix-quarantined-files.txt 2013-09-02 14:53 . Pre-Run: 769,426,153,472 bytes free Post-Run: 769,505,988,608 bytes free . - - End Of File - - 600C906909A914A28D3C945307D2B965 CDB4DE4BBD714F152979DA2DCBEF57EB
  3. sorry about that Here is the report RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Roy [Admin rights] Mode : Scan -- Date : 09/01/2013 18:22:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [sCREENSVR][sUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Users\Roy\AppData\Local\Programs\Familiar\familiar.scr [7]) -> FOUND [bROK VAL] HKCR\[...]\command : () -> MISSING ¤¤¤ Scheduled tasks : 6 ¤¤¤ [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001UA.job : C:\Users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001Core.job : C:\Users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][ROGUE ST] 4495 : wscript.exe - C:\Users\Roy\AppData\Local\Temp\launchie.vbs //B -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001Core : C:\Users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001UA : C:\Users\Roy\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V2][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" - /silent $(Arg0) [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31000528AS ATA Device +++++ --- User --- [MBR] cce68cfc5ea16419080bb6a66c5ba357 [bSP] bff7ce48fb84899243248788edadd4ed : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 938828 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09012013_182258.txt >> RKreport[0]_S_08302013_122853.txt
  4. MrCharlie I did all of the steps as you recommended. The system appears clean. The fixlog.txt and the mbar-log are attached. Thanks. Roy Fixlog.txt mbar-log-2013-08-31 (20-48-12).txt
  5. Here is the result of my scan Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2013 04 Ran by Roy (administrator) on ROY-PC on 31-08-2013 14:38:50 Running from C:\Users\Roy\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Akamai Technologies, Inc.) C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Akamai Technologies, Inc.) C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe (BrowserSafeguard) C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\Run: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll [287008 1623-04-06] (Conduit Ltd.) HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe [559616 2013-08-19] (BrowserSafeguard) MountPoints2: {f7e364d1-7e64-11df-b02f-002564deff77} - K:\setup_.exe HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.) HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.) HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) AppInit_DLLs: [0 ] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {F141DD10-4AE2-4CA0-AA3B-CD0C8BA33F33} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN52323763121852456&UM=2 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/ie.aspx?q={searchTerms} SearchScopes: HKCU - {0E5B02E8-3A66-4A85-886A-EB647591E5A8} URL = https://duckduckgo.com/?q={searchTerms} SearchScopes: HKCU - {4CDD762B-63B4-4D44-813F-AD7441D66CFA} URL = SearchScopes: HKCU - {CFDDA209-AFF9-4033-9018-7D54555335F1} URL = SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms} SearchScopes: HKCU - {F141DD10-4AE2-4CA0-AA3B-CD0C8BA33F33} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN52323763121852456&UM=2 BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Define - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Roy\AppData\Local\DefineExt\temp.dat No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {85C38158-E43D-4FFF-9602-1BFAC9E9D47B} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - No File Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - No File Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - No File Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 08 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation) Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default FF user.js: detected! => C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\user.js FF DefaultSearchEngine: Yahoo FF SelectedSearchEngine: Yahoo FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Roy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Roy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Extension: Move Media Player - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\moveplayer@movenetworks.com FF Extension: No Name - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\temp FF Extension: No Name - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} FF Extension: No Name - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\Extensions.rdf FF Extension: gsydnbkyue - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\gsydnbkyue@gsydnbkyue.org.xpi FF Extension: No Name - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\installed-extensions.txt FF Extension: trtv3 - C:\Users\Roy\AppData\Roaming\Mozilla\Firefox\Profiles\e9hjqkyy.default\Extensions\trtv3@trtv.com.xpi FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\ FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ Chrome: ======= CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN35704140999230293&ctid=CT3289847&UM=2 CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN35704140999230293&UM=2 CHR Plugin: (Shockwave Flash) - C:\Users\Roy\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Roy\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Roy\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (WhiteSmoke New) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.19.2.5_0 CHR Extension: (Skype Click to Call) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0 CHR Extension: (Norton Identity Protection) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0 CHR Extension: (KeyBar 1.13) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njljkdinboobkmkihgcohanchjnjpgjk\10.19.2.505_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Roy\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Roy\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-31] (SurfRight B.V.) R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S2 HitmanPro37CrusaderBoot; "J:\HitmanPro_x64.exe" /crusader:boot [x] U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8c584f44-dcb7-1d01-41a6-84b79baf0ca9}\ \...\???\{8c584f44-dcb7-1d01-41a6-84b79baf0ca9}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-21] (Symantec Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-21] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation) S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro36.sys [27936 2012-04-13] () R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130830.001\IDSvia64.sys [520280 2013-08-23] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130830.001\IDSvia64.sys [520280 2013-08-23] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130830.009\ENG64.SYS [126040 2013-08-28] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130830.009\ENG64.SYS [126040 2013-08-28] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130830.009\EX64.SYS [2099288 2013-08-28] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130830.009\EX64.SYS [2099288 2013-08-28] (Symantec Corporation) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd) R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.) S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.) R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.) S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.) R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2011-04-05] (Sunbelt Software, Inc.) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 SMR322; C:\Windows\System32\drivers\SMR322.SYS [96856 2013-08-31] (Symantec Corporation) R3 SRTSP; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-26] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x] S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x] S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x] U2 SharedAccess; U2 wuauserv; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-31 14:23 - 2013-08-31 14:23 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR322.SYS 2013-08-31 14:22 - 2013-08-31 14:22 - 02986440 _____ (Symantec Corporation) C:\Users\Roy\Downloads\NPE.exe 2013-08-31 13:57 - 2013-08-31 13:57 - 00003850 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task 2013-08-31 13:57 - 2013-08-31 13:57 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard 2013-08-31 13:56 - 2013-08-31 14:05 - 00000000 ____D C:\Users\Roy\AppData\Local\DefineExt 2013-08-31 13:56 - 2013-08-31 13:56 - 00000000 ____D C:\Program Files (x86)\SaveValet 2013-08-31 13:31 - 2013-08-31 13:31 - 00022274 _____ C:\Users\Roy\Desktop\attach.txt 2013-08-31 13:31 - 2013-08-31 13:31 - 00021238 _____ C:\Users\Roy\Desktop\dds.txt 2013-08-31 13:27 - 2013-08-31 13:27 - 00688992 ____R (Swearware) C:\Users\Roy\Desktop\dds.scr 2013-08-31 10:50 - 2013-08-31 10:50 - 00187392 _____ C:\Users\Roy\Documents\AutoRecovery save of Document1.asd 2013-08-30 15:05 - 2013-08-30 15:04 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-30 15:05 - 2013-08-30 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-30 15:05 - 2013-08-30 15:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-30 15:05 - 2013-08-30 15:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-30 15:00 - 2013-08-30 15:00 - 00903080 _____ (Oracle Corporation) C:\Users\Roy\Downloads\chromeinstall-7u25.exe 2013-08-30 15:00 - 2013-08-30 15:00 - 00903080 _____ (Oracle Corporation) C:\Users\Roy\Downloads\chromeinstall-7u25 (1).exe 2013-08-30 12:28 - 2013-08-30 12:28 - 00004930 _____ C:\Users\Roy\Desktop\RKreport[0]_S_08302013_122853.txt 2013-08-30 12:26 - 2013-08-30 12:28 - 00000000 ____D C:\Users\Roy\Desktop\RK_Quarantine 2013-08-30 12:26 - 2013-08-30 12:26 - 03771904 _____ C:\Users\Roy\Downloads\RogueKillerX64.exe 2013-08-29 18:40 - 2013-08-29 18:40 - 00002648 _____ C:\{C2E62428-830D-43CA-982A-64E91CC4EB1C} 2013-08-26 18:50 - 2013-08-31 14:31 - 00000000 ____D C:\Users\Roy\AppData\Local\NPE 2013-08-26 18:39 - 2013-08-26 18:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-08-26 18:36 - 2013-08-26 18:36 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-08-26 18:36 - 2013-08-26 18:36 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-08-26 18:36 - 2013-08-26 18:36 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-08-26 18:36 - 2013-08-26 18:36 - 00002575 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-08-26 18:36 - 2013-08-26 18:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-08-26 18:34 - 2013-08-26 18:34 - 00000000 ____D C:\Windows\system32\Drivers\NISx64 2013-08-26 18:34 - 2013-08-26 18:34 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2013-08-26 18:26 - 2013-08-26 18:26 - 00000000 ____D C:\ProgramData\PCSettings 2013-08-26 18:22 - 2013-08-26 18:23 - 171151056 ____N (Symantec Corporation) C:\Users\Roy\Downloads\NIS-TW-20-4-0-EN.exe 2013-08-26 18:08 - 2013-08-26 18:08 - 00002095 _____ C:\Users\Roy\Desktop\HijackThis.lnk 2013-08-26 18:08 - 2013-08-26 18:08 - 00002095 _____ C:\Users\Administrator\Desktop\HijackThis.lnk 2013-08-26 18:08 - 2013-08-26 18:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-08-26 17:40 - 2013-08-26 17:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-26 17:24 - 2013-08-26 17:24 - 00001823 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2013-08-26 17:24 - 2013-08-26 17:24 - 00000000 ____D C:\Program Files\HitmanPro 2013-08-25 23:15 - 2013-08-31 14:24 - 01212154 _____ C:\Windows\PFRO.log 2013-08-25 23:15 - 2013-08-31 14:24 - 00003156 _____ C:\Windows\setupact.log 2013-08-25 23:15 - 2013-08-25 23:15 - 00000000 _____ C:\Windows\setuperr.log 2013-08-25 22:35 - 2013-08-30 15:50 - 00011115 _____ C:\Windows\WindowsUpdate.log 2013-08-25 21:58 - 2013-08-25 21:58 - 00000000 ____D C:\FRST 2013-08-25 17:21 - 2013-08-25 17:21 - 00004248 _____ C:\{2E628E0D-D71A-463E-8974-D384190E91D3} 2013-08-25 16:49 - 2013-08-26 17:10 - 00000000 ____D C:\Users\Roy\AppData\Local\KB7658521 2013-08-25 00:04 - 2013-08-25 00:04 - 00004248 _____ C:\{970439F1-C04E-43DA-931C-4E33F3A9B613} 2013-08-24 21:45 - 2013-08-24 21:45 - 00000000 _____ C:\Users\Roy\AppData\Roaming\thatsnotnew 2013-08-23 22:28 - 2013-08-23 22:28 - 00004248 _____ C:\{F7D749DF-9AFB-4891-A846-B0B75F2C1A6C} 2013-08-23 16:58 - 2013-08-23 16:58 - 00025380 _____ C:\Users\Roy\Documents\cc_20130823_165827.reg 2013-08-23 14:48 - 2013-08-23 14:48 - 00004360 _____ C:\{321BC38A-6CD5-4808-BB5F-1295C88EF463} 2013-08-23 11:20 - 2013-08-23 11:20 - 00004336 _____ C:\{01C16E3E-405F-4112-B6BC-439B05E309F1} 2013-08-23 11:17 - 2013-08-23 11:17 - 00004336 _____ C:\{DC6D0903-B5C8-475B-9AA2-FED9B3932B60} 2013-08-23 11:15 - 2013-08-23 11:15 - 00004336 _____ C:\{6D9D22BB-8412-4811-9576-63CFBFD543B6} 2013-08-23 10:59 - 2013-08-23 10:59 - 00004336 _____ C:\{5ABA0D41-44E3-4AAB-96DC-121AB15D1599} 2013-08-23 10:41 - 2013-08-23 10:41 - 00004656 _____ C:\{C6DB92B0-34D7-4CAB-9406-41F34738183F} 2013-08-23 10:19 - 2013-08-23 10:19 - 00004360 _____ C:\{481B1AC7-774C-48B4-ACCA-A811349699D1} 2013-08-23 09:51 - 2013-08-23 09:51 - 00021096 _____ C:\{44137390-4DC3-4EFF-89A7-5134BD04A749} 2013-08-23 09:40 - 2013-08-23 09:40 - 00004336 _____ C:\{2FA8CD84-C5F8-479E-8E9D-8C2A48FDD5C5} 2013-08-23 09:38 - 2013-08-23 09:38 - 00004360 _____ C:\{C373F23C-7C6A-4F55-81CD-B6C62FE96CA9} 2013-08-23 09:37 - 2013-08-23 09:37 - 00004656 _____ C:\{69380381-694D-4419-B4EB-A9F8823D2B47} 2013-08-23 09:30 - 2013-08-23 09:30 - 00004336 _____ C:\{E15F75E2-8DA9-436E-BDDB-EE6214E19FAC} 2013-08-18 20:43 - 2013-08-18 20:43 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\Program Files\iTunes 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\Program Files\iPod 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-14 11:47 - 2013-08-14 11:47 - 00002736 _____ C:\{4D09BA85-2950-4F3B-B6E0-2F3F3C525D18} 2013-08-14 11:37 - 2013-08-14 11:37 - 00009488 _____ C:\{494ABA8E-4F3D-446C-BFD0-FB0D847E0F6B} 2013-08-14 11:37 - 2013-08-14 11:37 - 00002736 _____ C:\{E25EF72D-96A4-4F36-A4A5-EA23BBC03E7D} 2013-08-14 03:14 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 03:14 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 03:14 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 03:14 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 03:13 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 03:13 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 03:13 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 03:13 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 03:13 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 03:13 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 03:13 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 03:13 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 03:13 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 03:13 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 03:13 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 03:13 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-13 22:28 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-13 22:28 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-13 22:28 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-13 22:28 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-13 22:28 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-13 22:28 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-13 22:28 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-13 22:28 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-13 22:28 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-13 22:28 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-13 22:28 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-13 22:28 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-13 22:28 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-13 22:28 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-13 22:27 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-13 22:27 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-13 22:27 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-13 22:27 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-13 22:27 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-13 22:27 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-13 22:27 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-13 22:27 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-13 22:27 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-13 22:27 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-13 22:27 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-13 22:27 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-13 22:27 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-06 22:38 - 2013-08-06 22:39 - 00000000 ____D C:\Users\Roy\Documents\Fax 2013-08-05 13:56 - 2013-08-05 13:56 - 00002736 _____ C:\{3CFFC7CC-D7AA-4C5D-BE03-DC37D53E1CE4} 2013-08-05 13:43 - 2013-08-05 13:43 - 00002736 _____ C:\{DD17D609-08C0-484D-9CF0-7073011C670B} 2013-08-05 00:06 - 2013-08-05 00:06 - 00002736 _____ C:\{58D00F9B-6490-4397-A2AD-9CC6A68F4462} ==================== One Month Modified Files and Folders ======= 2013-08-31 14:38 - 2013-08-31 14:38 - 01589860 _____ (Farbar) C:\Users\Roy\Downloads\FRST64.exe 2013-08-31 14:35 - 2012-04-20 13:56 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-31 14:31 - 2013-08-26 18:50 - 00000000 ____D C:\Users\Roy\AppData\Local\NPE 2013-08-31 14:31 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-31 14:31 - 2009-07-14 00:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-31 14:30 - 2009-07-14 01:13 - 00730338 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-31 14:25 - 2012-04-20 13:56 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-31 14:24 - 2013-08-25 23:15 - 01212154 _____ C:\Windows\PFRO.log 2013-08-31 14:24 - 2013-08-25 23:15 - 00003156 _____ C:\Windows\setupact.log 2013-08-31 14:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-31 14:23 - 2013-08-31 14:23 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR322.SYS 2013-08-31 14:22 - 2013-08-31 14:22 - 02986440 _____ (Symantec Corporation) C:\Users\Roy\Downloads\NPE.exe 2013-08-31 14:16 - 2010-07-30 08:30 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001UA.job 2013-08-31 14:05 - 2013-08-31 13:56 - 00000000 ____D C:\Users\Roy\AppData\Local\DefineExt 2013-08-31 14:03 - 2013-07-27 13:35 - 00000000 ____D C:\Users\Roy\AppData\Local\Conduit 2013-08-31 13:57 - 2013-08-31 13:57 - 00003850 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task 2013-08-31 13:57 - 2013-08-31 13:57 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard 2013-08-31 13:56 - 2013-08-31 13:56 - 00000000 ____D C:\Program Files (x86)\SaveValet 2013-08-31 13:56 - 2013-07-27 13:35 - 00000009 _____ C:\END 2013-08-31 13:55 - 2013-07-27 13:35 - 00000000 ____D C:\Users\Roy\AppData\Local\CRE 2013-08-31 13:55 - 2013-01-26 23:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-31 13:55 - 2010-08-06 15:22 - 00000000 ____D C:\Program Files (x86)\Conduit 2013-08-31 13:31 - 2013-08-31 13:31 - 00022274 _____ C:\Users\Roy\Desktop\attach.txt 2013-08-31 13:31 - 2013-08-31 13:31 - 00021238 _____ C:\Users\Roy\Desktop\dds.txt 2013-08-31 13:27 - 2013-08-31 13:27 - 00688992 ____R (Swearware) C:\Users\Roy\Desktop\dds.scr 2013-08-31 12:15 - 2013-04-21 17:00 - 00000000 ____D C:\Users\Roy\AppData\Local\E29C6AEA-348A-4329-99DE-6EAD73838C2B.aplzod 2013-08-31 10:50 - 2013-08-31 10:50 - 00187392 _____ C:\Users\Roy\Documents\AutoRecovery save of Document1.asd 2013-08-30 18:16 - 2010-07-30 08:30 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1385458382-686460496-4235617754-1001Core.job 2013-08-30 15:50 - 2013-08-25 22:35 - 00011115 _____ C:\Windows\WindowsUpdate.log 2013-08-30 15:04 - 2013-08-30 15:05 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-30 15:04 - 2013-08-30 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-30 15:04 - 2013-08-30 15:05 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-30 15:04 - 2013-08-30 15:05 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-30 15:04 - 2012-08-19 17:59 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-08-30 15:04 - 2012-04-20 17:42 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-30 15:04 - 2010-06-02 21:38 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-30 15:00 - 2013-08-30 15:00 - 00903080 _____ (Oracle Corporation) C:\Users\Roy\Downloads\chromeinstall-7u25.exe 2013-08-30 15:00 - 2013-08-30 15:00 - 00903080 _____ (Oracle Corporation) C:\Users\Roy\Downloads\chromeinstall-7u25 (1).exe 2013-08-30 12:28 - 2013-08-30 12:28 - 00004930 _____ C:\Users\Roy\Desktop\RKreport[0]_S_08302013_122853.txt 2013-08-30 12:28 - 2013-08-30 12:26 - 00000000 ____D C:\Users\Roy\Desktop\RK_Quarantine 2013-08-30 12:26 - 2013-08-30 12:26 - 03771904 _____ C:\Users\Roy\Downloads\RogueKillerX64.exe 2013-08-29 18:40 - 2013-08-29 18:40 - 00002648 _____ C:\{C2E62428-830D-43CA-982A-64E91CC4EB1C} 2013-08-28 20:51 - 2011-08-27 20:09 - 00007625 _____ C:\Users\Roy\AppData\Local\Resmon.ResmonCfg 2013-08-26 23:46 - 2012-04-29 11:47 - 00000000 ____D C:\Users\Roy\AppData\Local\CrashDumps 2013-08-26 18:50 - 2009-11-07 23:51 - 00000000 ____D C:\ProgramData\Norton 2013-08-26 18:39 - 2013-08-26 18:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2013-08-26 18:36 - 2013-08-26 18:36 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2013-08-26 18:36 - 2013-08-26 18:36 - 00007631 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2013-08-26 18:36 - 2013-08-26 18:36 - 00003234 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2013-08-26 18:36 - 2013-08-26 18:36 - 00002575 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-08-26 18:36 - 2013-08-26 18:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2013-08-26 18:34 - 2013-08-26 18:34 - 00000000 ____D C:\Windows\system32\Drivers\NISx64 2013-08-26 18:34 - 2013-08-26 18:34 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2013-08-26 18:26 - 2013-08-26 18:26 - 00000000 ____D C:\ProgramData\PCSettings 2013-08-26 18:23 - 2013-08-26 18:22 - 171151056 ____N (Symantec Corporation) C:\Users\Roy\Downloads\NIS-TW-20-4-0-EN.exe 2013-08-26 18:14 - 2010-08-06 15:22 - 00000000 ____D C:\Program Files (x86)\TranslatorBar_2 2013-08-26 18:13 - 2010-06-05 11:35 - 00000000 ____D C:\Users\Roy\AppData\Local\Google 2013-08-26 18:08 - 2013-08-26 18:08 - 00002095 _____ C:\Users\Roy\Desktop\HijackThis.lnk 2013-08-26 18:08 - 2013-08-26 18:08 - 00002095 _____ C:\Users\Administrator\Desktop\HijackThis.lnk 2013-08-26 18:08 - 2013-08-26 18:08 - 00000000 ____D C:\Program Files (x86)\Trend Micro 2013-08-26 18:00 - 2010-01-04 18:39 - 00000000 __SHD C:\Users\Roy\UserData 2013-08-26 17:40 - 2013-08-26 17:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-26 17:40 - 2012-04-13 09:24 - 00002336 _____ C:\Windows\system32\.crusader 2013-08-26 17:40 - 2010-01-03 21:03 - 00000000 ___RD C:\Users\Roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-26 17:24 - 2013-08-26 17:24 - 00001823 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2013-08-26 17:24 - 2013-08-26 17:24 - 00000000 ____D C:\Program Files\HitmanPro 2013-08-26 17:22 - 2012-04-13 09:13 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-26 17:10 - 2013-08-25 16:49 - 00000000 ____D C:\Users\Roy\AppData\Local\KB7658521 2013-08-25 23:40 - 2013-01-04 06:43 - 00000000 ____D C:\Users\Roy\AppData\Local\Familiar 2013-08-25 23:15 - 2013-08-25 23:15 - 00000000 _____ C:\Windows\setuperr.log 2013-08-25 21:58 - 2013-08-25 21:58 - 00000000 ____D C:\FRST 2013-08-25 17:21 - 2013-08-25 17:21 - 00004248 _____ C:\{2E628E0D-D71A-463E-8974-D384190E91D3} 2013-08-25 17:18 - 2011-08-06 14:16 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Dropbox 2013-08-25 17:17 - 2011-08-27 21:13 - 00000000 ___RD C:\Users\Roy\Dropbox 2013-08-25 16:46 - 2008-10-15 20:55 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Skype 2013-08-25 00:04 - 2013-08-25 00:04 - 00004248 _____ C:\{970439F1-C04E-43DA-931C-4E33F3A9B613} 2013-08-24 21:45 - 2013-08-24 21:45 - 00000000 _____ C:\Users\Roy\AppData\Roaming\thatsnotnew 2013-08-24 10:45 - 2010-01-03 21:03 - 00000000 ____D C:\Users\Roy 2013-08-23 22:28 - 2013-08-23 22:28 - 00004248 _____ C:\{F7D749DF-9AFB-4891-A846-B0B75F2C1A6C} 2013-08-23 21:03 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2013-08-23 16:58 - 2013-08-23 16:58 - 00025380 _____ C:\Users\Roy\Documents\cc_20130823_165827.reg 2013-08-23 14:48 - 2013-08-23 14:48 - 00004360 _____ C:\{321BC38A-6CD5-4808-BB5F-1295C88EF463} 2013-08-23 11:20 - 2013-08-23 11:20 - 00004336 _____ C:\{01C16E3E-405F-4112-B6BC-439B05E309F1} 2013-08-23 11:17 - 2013-08-23 11:17 - 00004336 _____ C:\{DC6D0903-B5C8-475B-9AA2-FED9B3932B60} 2013-08-23 11:15 - 2013-08-23 11:15 - 00004336 _____ C:\{6D9D22BB-8412-4811-9576-63CFBFD543B6} 2013-08-23 10:59 - 2013-08-23 10:59 - 00004336 _____ C:\{5ABA0D41-44E3-4AAB-96DC-121AB15D1599} 2013-08-23 10:41 - 2013-08-23 10:41 - 00004656 _____ C:\{C6DB92B0-34D7-4CAB-9406-41F34738183F} 2013-08-23 10:19 - 2013-08-23 10:19 - 00004360 _____ C:\{481B1AC7-774C-48B4-ACCA-A811349699D1} 2013-08-23 09:51 - 2013-08-23 09:51 - 00021096 _____ C:\{44137390-4DC3-4EFF-89A7-5134BD04A749} 2013-08-23 09:40 - 2013-08-23 09:40 - 00004336 _____ C:\{2FA8CD84-C5F8-479E-8E9D-8C2A48FDD5C5} 2013-08-23 09:38 - 2013-08-23 09:38 - 00004360 _____ C:\{C373F23C-7C6A-4F55-81CD-B6C62FE96CA9} 2013-08-23 09:37 - 2013-08-23 09:37 - 00004656 _____ C:\{69380381-694D-4419-B4EB-A9F8823D2B47} 2013-08-23 09:30 - 2013-08-23 09:30 - 00004336 _____ C:\{E15F75E2-8DA9-436E-BDDB-EE6214E19FAC} 2013-08-22 21:44 - 2010-06-05 11:35 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-18 20:43 - 2013-08-18 20:43 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\Program Files\iTunes 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\Program Files\iPod 2013-08-18 20:43 - 2013-08-18 20:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-08-14 11:47 - 2013-08-14 11:47 - 00002736 _____ C:\{4D09BA85-2950-4F3B-B6E0-2F3F3C525D18} 2013-08-14 11:37 - 2013-08-14 11:37 - 00009488 _____ C:\{494ABA8E-4F3D-446C-BFD0-FB0D847E0F6B} 2013-08-14 11:37 - 2013-08-14 11:37 - 00002736 _____ C:\{E25EF72D-96A4-4F36-A4A5-EA23BBC03E7D} 2013-08-14 05:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-08-14 03:13 - 2010-01-04 22:35 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-14 03:05 - 2013-07-12 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 03:02 - 2010-01-05 04:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-10 11:00 - 2003-07-22 14:34 - 00000000 ____D C:\Users\Roy\Documents\My Download Files 2013-08-07 16:45 - 2010-01-04 00:07 - 00000000 ____D C:\Users\Roy\AppData\Roaming\Mozilla 2013-08-06 22:39 - 2013-08-06 22:38 - 00000000 ____D C:\Users\Roy\Documents\Fax 2013-08-05 13:56 - 2013-08-05 13:56 - 00002736 _____ C:\{3CFFC7CC-D7AA-4C5D-BE03-DC37D53E1CE4} 2013-08-05 13:43 - 2013-08-05 13:43 - 00002736 _____ C:\{DD17D609-08C0-484D-9CF0-7073011C670B} 2013-08-05 00:06 - 2013-08-05 00:06 - 00002736 _____ C:\{58D00F9B-6490-4397-A2AD-9CC6A68F4462} 2013-08-03 21:54 - 2012-09-10 18:25 - 00000000 ____D C:\ProgramData\iolo 2013-08-03 21:52 - 2012-09-10 18:32 - 00002221 _____ C:\Users\Roy\Desktop\System Mechanic.lnk Files to move or delete: ==================== ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install\{8c584f44-dcb7-1d01-41a6-84b79baf0ca9} C:\Users\Roy\chatlnk.exe C:\Users\Roy\GoToAssistDownloadHelper.exe C:\Users\Roy\AppData\Local\Temp\nslC3FE.exe C:\Users\Roy\AppData\Local\Temp\nss401F.exe C:\Users\Roy\AppData\Local\Temp\nsy834A.exe C:\Users\Roy\AppData\Local\Temp\tbWhit.dll C:\Users\Roy\AppData\Local\Temp\UpdUninstall.exe C:\Users\Roy\AppData\Local\Temp\is-FBAN8.tmp\OptProCrash.dll C:\Users\Roy\AppData\Local\Temp\ct3289847\plugins\TBVerifier.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-22 00:09 ==================== End Of Log ============================ How do I attach the addition.txt to my reply? Thanks Roy
  6. I have downloaded dds.sci and have run it here are the results DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Roy at 13:30:34 on 2013-08-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4940 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Windows\WindowsMobile\wmdcBase.exe C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Roy\Downloads\RogueKillerX64.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Quicken\qw.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\MsSpellCheckingFacility.exe C:\Windows\notepad.exe C:\Windows\splwow64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mURLSearchHooks: {85c38158-e43d-4fff-9602-1bfac9e9d47b} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll uRun: [Akamai NetSession Interface] "C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe" uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{231488E4-F9AB-4BC3-A085-738ED844F091} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-8 55280] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-8-26 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-8-26 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-8-26 1393240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-8-26 169048] R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-9-10 30752] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130830.001\IDSviA64.sys [2013-8-31 520280] R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-4-13 253528] R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2012-4-13 94296] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-8-26 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-8-26 433752] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136] R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-8-26 109352] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-8-3 1072664] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-18 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-18 701512] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-8-26 144368] R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-9-10 82160] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 138912] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-8 317480] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520] R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-13 25928] R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-13 84568] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"J:\HitmanPro_x64.exe" /crusader:boot --> J:\HitmanPro_x64.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-22 1038088] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-4-13 27936] S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-13 84568] S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-4-13 60504] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-25 1255736] S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-8 92160] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-8 203264] S4 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064] . =============== File Associations =============== . FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1" FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1" FileExt: .js: JSFile=NOTEPAD.EXE "%1" FileExt: .jse: JSEFile=NOTEPAD.EXE "%1" FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1" . =============== Created Last 30 ================ . 2013-08-30 19:05:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-26 22:50:42 -------- d-----w- C:\Users\Roy\AppData\Local\NPE 2013-08-26 22:36:22 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-08-26 22:36:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2013-08-26 22:35:14 433752 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys 2013-08-26 22:35:14 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys 2013-08-26 22:35:13 796760 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys 2013-08-26 22:35:13 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys 2013-08-26 22:35:13 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys 2013-08-26 22:35:13 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys 2013-08-26 22:35:13 169048 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys 2013-08-26 22:35:13 1139800 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys 2013-08-26 22:34:34 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028 2013-08-26 22:34:34 -------- d-----w- C:\Windows\System32\drivers\NISx64 2013-08-26 22:34:30 -------- d-----w- C:\Program Files (x86)\Norton Internet Security 2013-08-26 22:26:01 -------- d-----w- C:\ProgramData\PCSettings 2013-08-26 22:08:47 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-08-26 21:40:09 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-08-26 21:24:45 -------- d-----w- C:\Program Files\HitmanPro 2013-08-26 01:58:29 -------- d-----w- C:\FRST 2013-08-25 20:49:08 -------- d-----w- C:\Users\Roy\AppData\Local\KB7658521 2013-08-19 00:43:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-19 00:43:31 -------- d-----w- C:\Program Files\iTunes 2013-08-19 00:43:31 -------- d-----w- C:\Program Files\iPod 2013-08-19 00:43:31 -------- d-----w- C:\Program Files (x86)\iTunes 2013-08-14 07:14:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-14 07:14:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-14 02:28:33 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-14 02:27:58 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-14 02:27:58 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-14 02:27:57 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-14 02:27:57 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-14 02:27:56 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-14 02:27:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-14 02:27:56 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-14 02:27:55 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-14 02:27:55 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-14 02:27:55 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-14 02:27:55 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-14 02:27:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-14 02:27:49 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-08-30 19:04:54 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-08-30 19:04:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-07-28 18:05:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-28 18:05:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2012-08-02 16:54:00 29385784 ----a-w- C:\Program Files (x86)\SystemMechanic.exe . ============= FINISH: 13:31:12.82 =============== Here is attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/3/2010 8:03:47 PM System Uptime: 8/29/2013 10:55:42 PM (39 hours ago) . Motherboard: Dell Inc. | | 0X231R Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 1173/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 717.947 GiB free. D: is CDROM () E: is FIXED (NTFS) - 932 GiB total, 10.105 GiB free. F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SBRE Device ID: ROOT\LEGACY_SBRE\0000 Manufacturer: Name: SBRE PNP Device ID: ROOT\LEGACY_SBRE\0000 Service: SBRE . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Acrobat 7.0 Professional Adobe Acrobat 7.1.0 Professional Adobe AIR Adobe Anchor Service CS4 Adobe Anchor Service x64 CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe CMaps x64 CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe CSI CS4 x64 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe Drive CS4 x64 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Fonts All Adobe Fonts All x64 Adobe Linguistics CS4 Adobe Linguistics CS4 x64 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe PDF Library Files x64 CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 (64 Bit) Adobe Photoshop CS4 Support Adobe Photoshop Lightroom 3 64-bit Adobe Reader XI (11.0.03) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Type Support x64 CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe WinSoft Linguistics Plugin x64 Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Akamai NetSession Interface Akamai NetSession Interface Service Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center Bonjour Brother HL-2170W CameraHelperMsi Canon Easy-PhotoPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MP Navigator EX 5.1 Canon MP830 Canon MX890 series MP Drivers Canon MX890 series On-screen Manual Canon MX890 series User Registration Canon My Printer Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Solution Menu EX Canon Speed Dial Utility Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities CP Printer Guide Canon Utilities Digital Photo Professional 3.5 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities WFT-E1/E2/E3 Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Carbonite Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Turkish CCleaner Compatibility Pack for the 2007 Office system Connect CP Printer Guide D3DX10 Dell Communications (Support Software) Dell Edoc Viewer Dell Getting Started Guide DirectXInstallService Dropbox Elevated Installer EMC 10 Content EMCGadgets64 erLT Familiar Garmin Communicator Plugin Garmin Communicator Plugin x64 Garmin Express Garmin Express Tray Garmin Update Service Garmin USB Drivers Garmin WebUpdater Google Calendar Sync Google Chrome Google Toolbar for Internet Explorer Google Update Helper HijackThis 2.0.2 HitmanPro 3.7 iCloud iolo technologies' System Mechanic iTunes Java 7 Update 25 Java Auto Updater Java 6 Update 20 (64-bit) Java 6 Update 35 Junk Mail filter update kuler Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mio Transfer MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader Norton Internet Security PDF Settings CS4 Photoshop Camera Raw Photoshop Camera Raw_x64 Picasa 3 PowerDVD DX Quicken 2010 QuickTime RAW Image Task RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Remote Printer Console RemoteCapture Task Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio File Backup Roxio Update Manager Safari Search On TER for IE Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skins Skype Click to Call Skype™ 6.6 Sonic CinePlayer Decoder Pack SplitMediaLabs VH Screen Capture Driver (x86) Stamps.com Stamps.com Address Book Support for Microsoft Outlook 97-2010 Stamps.com Application Support for Microsoft Outlook 2000-2010 Stamps.com support for Microsoft Outlook 2000-2010 Stamps.com support for Microsoft Outlook 97-2010 Suite Shared Configuration CS4 TranslatorBar 2 Toolbar U3Launcher Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VD64Inst Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 8/31/2013 10:15:17 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/31/2013 10:15:17 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/30/2013 4:10:47 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 8/27/2013 12:38:03 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{30fe703c-cc29-11de-bc38-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6FA76BB4-25F6-4CB9-9D02-B93AC8026BF3}' was corrupted and it has been recovered. Some data might have been lost. 8/27/2013 12:37:47 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{30fe703c-cc29-11de-bc38-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{75B70910-C68D-45F8-B0FD-E4EC83B524E8}' was corrupted and it has been recovered. Some data might have been lost. 8/26/2013 7:13:34 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\TEMP\{EB2FF6DE-3298-44FB-B170-1A7D0061E0DF}\CpySys1' was corrupted and it has been recovered. Some data might have been lost. 8/26/2013 7:05:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/26/2013 7:05:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 8/26/2013 7:05:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/26/2013 7:05:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/26/2013 7:05:03 PM, Error: Service Control Manager [7000] - The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: The system cannot find the file specified. 8/26/2013 6:59:18 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\TEMP\{93E58A74-C9C3-41A1-BB1A-9E4AA0F1CE69}\CpySys1' was corrupted and it has been recovered. Some data might have been lost. 8/26/2013 5:40:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied. 8/26/2013 5:23:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect. 8/26/2013 5:23:54 PM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/25/2013 9:24:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/25/2013 9:24:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/25/2013 9:24:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl ElRawDisk IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SbFw SBRE SbTis spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 5:21:47 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 8/25/2013 11:43:36 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 11:43:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/25/2013 11:43:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/25/2013 11:43:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/25/2013 11:43:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} 8/25/2013 11:43:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/25/2013 11:43:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl ElRawDisk IDSVia64 SBRE spldr SRTSPX SymIRON SymNetS Wanarpv6 8/25/2013 11:43:16 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/24/2013 10:44:48 AM, Error: volmgr [46] - Crash dump initialization failed! 8/24/2013 10:19:16 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5. . ==== End Of File =========================== Thanks Roy
  7. I have run DDS and here are the 2 logs cut and pasted. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Roy at 13:30:34 on 2013-08-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4940 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Windows\WindowsMobile\wmdcBase.exe C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Roy\Downloads\RogueKillerX64.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\Roy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Quicken\qw.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\MsSpellCheckingFacility.exe C:\Windows\notepad.exe C:\Windows\splwow64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve mURLSearchHooks: {85c38158-e43d-4fff-9602-1bfac9e9d47b} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll uRun: [Akamai NetSession Interface] "C:\Users\Roy\AppData\Local\Akamai\netsession_win.exe" uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll TCP: NameServer = 192.168.0.1 TCP: Interfaces\{231488E4-F9AB-4BC3-A085-738ED844F091} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-8 55280] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-8-26 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-8-26 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-8-26 1393240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-8-26 169048] R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-9-10 30752] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130830.001\IDSviA64.sys [2013-8-31 520280] R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-4-13 253528] R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2012-4-13 94296] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-8-26 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-8-26 433752] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136] R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-8-26 109352] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-8-3 1072664] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-18 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-18 701512] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-8-26 144368] R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-9-10 82160] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-26 138912] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-8 317480] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520] R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-4-13 25928] R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-13 84568] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"J:\HitmanPro_x64.exe" /crusader:boot --> J:\HitmanPro_x64.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-22 1038088] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-4-13 27936] S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-4-13 84568] S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-4-13 60504] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-25 1255736] S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-8 92160] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-8 203264] S4 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064] . =============== File Associations =============== . FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1" FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1" FileExt: .js: JSFile=NOTEPAD.EXE "%1" FileExt: .jse: JSEFile=NOTEPAD.EXE "%1" FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1" . =============== Created Last 30 ================ . 2013-08-30 19:05:34 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-26 22:50:42 -------- d-----w- C:\Users\Roy\AppData\Local\NPE 2013-08-26 22:36:22 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-08-26 22:36:22 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2013-08-26 22:35:14 433752 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys 2013-08-26 22:35:14 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys 2013-08-26 22:35:13 796760 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys 2013-08-26 22:35:13 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys 2013-08-26 22:35:13 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys 2013-08-26 22:35:13 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys 2013-08-26 22:35:13 169048 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys 2013-08-26 22:35:13 1139800 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys 2013-08-26 22:34:34 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028 2013-08-26 22:34:34 -------- d-----w- C:\Windows\System32\drivers\NISx64 2013-08-26 22:34:30 -------- d-----w- C:\Program Files (x86)\Norton Internet Security 2013-08-26 22:26:01 -------- d-----w- C:\ProgramData\PCSettings 2013-08-26 22:08:47 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-08-26 21:40:09 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-08-26 21:24:45 -------- d-----w- C:\Program Files\HitmanPro 2013-08-26 01:58:29 -------- d-----w- C:\FRST 2013-08-25 20:49:08 -------- d-----w- C:\Users\Roy\AppData\Local\KB7658521 2013-08-19 00:43:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-19 00:43:31 -------- d-----w- C:\Program Files\iTunes 2013-08-19 00:43:31 -------- d-----w- C:\Program Files\iPod 2013-08-19 00:43:31 -------- d-----w- C:\Program Files (x86)\iTunes 2013-08-14 07:14:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-08-14 07:14:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-08-14 02:28:33 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-08-14 02:27:58 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-14 02:27:58 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-14 02:27:57 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-14 02:27:57 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-14 02:27:56 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-14 02:27:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-14 02:27:56 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-14 02:27:55 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-14 02:27:55 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-14 02:27:55 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-14 02:27:55 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-14 02:27:52 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-08-14 02:27:49 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-08-30 19:04:54 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-08-30 19:04:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-07-28 18:05:00 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-28 18:05:00 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2012-08-02 16:54:00 29385784 ----a-w- C:\Program Files (x86)\SystemMechanic.exe . ============= FINISH: 13:31:12.82 =============== Here is attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/3/2010 8:03:47 PM System Uptime: 8/29/2013 10:55:42 PM (39 hours ago) . Motherboard: Dell Inc. | | 0X231R Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 1173/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 717.947 GiB free. D: is CDROM () E: is FIXED (NTFS) - 932 GiB total, 10.105 GiB free. F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SBRE Device ID: ROOT\LEGACY_SBRE\0000 Manufacturer: Name: SBRE PNP Device ID: ROOT\LEGACY_SBRE\0000 Service: SBRE . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Acrobat 7.0 Professional Adobe Acrobat 7.1.0 Professional Adobe AIR Adobe Anchor Service CS4 Adobe Anchor Service x64 CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe CMaps x64 CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe CSI CS4 x64 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe Drive CS4 x64 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Fonts All Adobe Fonts All x64 Adobe Linguistics CS4 Adobe Linguistics CS4 x64 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe PDF Library Files x64 CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 (64 Bit) Adobe Photoshop CS4 Support Adobe Photoshop Lightroom 3 64-bit Adobe Reader XI (11.0.03) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Type Support x64 CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe WinSoft Linguistics Plugin x64 Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Akamai NetSession Interface Akamai NetSession Interface Service Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Control Center Bonjour Brother HL-2170W CameraHelperMsi Canon Easy-PhotoPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MP Navigator EX 5.1 Canon MP830 Canon MX890 series MP Drivers Canon MX890 series On-screen Manual Canon MX890 series User Registration Canon My Printer Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Solution Menu EX Canon Speed Dial Utility Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities CP Printer Guide Canon Utilities Digital Photo Professional 3.5 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities WFT-E1/E2/E3 Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Carbonite Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Portuguese CCC Help Spanish CCC Help Turkish CCleaner Compatibility Pack for the 2007 Office system Connect CP Printer Guide D3DX10 Dell Communications (Support Software) Dell Edoc Viewer Dell Getting Started Guide DirectXInstallService Dropbox Elevated Installer EMC 10 Content EMCGadgets64 erLT Familiar Garmin Communicator Plugin Garmin Communicator Plugin x64 Garmin Express Garmin Express Tray Garmin Update Service Garmin USB Drivers Garmin WebUpdater Google Calendar Sync Google Chrome Google Toolbar for Internet Explorer Google Update Helper HijackThis 2.0.2 HitmanPro 3.7 iCloud iolo technologies' System Mechanic iTunes Java 7 Update 25 Java Auto Updater Java 6 Update 20 (64-bit) Java 6 Update 35 Junk Mail filter update kuler Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mio Transfer MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Multimedia Card Reader Norton Internet Security PDF Settings CS4 Photoshop Camera Raw Photoshop Camera Raw_x64 Picasa 3 PowerDVD DX Quicken 2010 QuickTime RAW Image Task RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Remote Printer Console RemoteCapture Task Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio File Backup Roxio Update Manager Safari Search On TER for IE Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skins Skype Click to Call Skype™ 6.6 Sonic CinePlayer Decoder Pack SplitMediaLabs VH Screen Capture Driver (x86) Stamps.com Stamps.com Address Book Support for Microsoft Outlook 97-2010 Stamps.com Application Support for Microsoft Outlook 2000-2010 Stamps.com support for Microsoft Outlook 2000-2010 Stamps.com support for Microsoft Outlook 97-2010 Suite Shared Configuration CS4 TranslatorBar 2 Toolbar U3Launcher Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VD64Inst Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 8/31/2013 10:15:17 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/31/2013 10:15:17 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/30/2013 4:10:47 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 8/27/2013 12:38:03 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{30fe703c-cc29-11de-bc38-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6FA76BB4-25F6-4CB9-9D02-B93AC8026BF3}' was corrupted and it has been recovered. Some data might have been lost. 8/27/2013 12:37:47 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{30fe703c-cc29-11de-bc38-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{75B70910-C68D-45F8-B0FD-E4EC83B524E8}' was corrupted and it has been recovered. Some data might have been lost. 8/26/2013 7:13:34 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\TEMP\{EB2FF6DE-3298-44FB-B170-1A7D0061E0DF}\CpySys1' was corrupted and it has been recovered. Some data might have been lost. 8/26/2013 7:05:07 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/26/2013 7:05:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 8/26/2013 7:05:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/26/2013 7:05:05 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/26/2013 7:05:03 PM, Error: Service Control Manager [7000] - The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: The system cannot find the file specified. 8/26/2013 6:59:18 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\TEMP\{93E58A74-C9C3-41A1-BB1A-9E4AA0F1CE69}\CpySys1' was corrupted and it has been recovered. Some data might have been lost. 8/26/2013 5:40:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied. 8/26/2013 5:23:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect. 8/26/2013 5:23:54 PM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/25/2013 9:24:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/25/2013 9:24:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/25/2013 9:24:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl ElRawDisk IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SbFw SBRE SbTis spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 9:24:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/25/2013 5:21:47 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. 8/25/2013 11:43:36 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 8/25/2013 11:43:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/25/2013 11:43:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/25/2013 11:43:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/25/2013 11:43:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} 8/25/2013 11:43:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/25/2013 11:43:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl ElRawDisk IDSVia64 SBRE spldr SRTSPX SymIRON SymNetS Wanarpv6 8/25/2013 11:43:16 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/24/2013 10:44:48 AM, Error: volmgr [46] - Crash dump initialization failed! 8/24/2013 10:19:16 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5. . ==== End Of File =========================== I hope that I am in the right forum If I am not please tell me where to go Thanks Roy
  8. Hi, I have the same problem that vexed jb372. Malware bytes finds 2 examples of Trojan.Zaccess but cannot remove them. I have run Norton Internet Security, HitmanPro, HIjackThis and Malware bytes. I ran RogueKiller and it identified 22 registry items but I do not know how to copy it so I can post it. Here is the log from the Malware Bytes scan. Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.27.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Roy :: ROY-PC [administrator] Protection: Enabled 8/31/2013 10:45:41 AM MBAM-log-2013-08-31 (11-15-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251442 Time elapsed: 2 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\‮etadpug (Trojan.Zaccess) -> No action taken. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Trojan.Zaccess) -> Data: -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) I would appreciate help in resolving my problems. I am self-taught on the computer so often technical language escapes me. Thanks. Roy
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.