Jump to content

tgnaztee

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. tgnaztee
    Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spyder3Express Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.8 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  2. tgnaztee
    Sorry, went out of town. Here is log: Farbar Service Scanner Version: 24-10-2013Ran by Todd (administrator) on 01-11-2013 at 16:42:50Running from "C:\Users\Todd\Downloads"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal**************************************************************** Internet Services:============ Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible. Windows Firewall:============= Firewall Disabled Policy: ================== System Restore:============ System Restore Disabled Policy: ======================== Action Center:============ Windows Update:============ Windows Autoupdate Disabled Policy: ============================ Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ==========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]"DisableAntiSpyware"=DWORD:1 Other Services:============== File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  3. tgnaztee
    Everything's working except Windows Update, but that hasn't worked right in several months. I'm pretty sure it's unrelated to the problem you've been helping me with.
  4. tgnaztee
    Ran fixdamage.exe
  5. tgnaztee
    Computer seems to be running great. Thanks again. One quick, unrelated question: My Windows Update hasn't worked properly in several months. Is there a place like Malware Bytes online that could help me with that? Thanks
  6. tgnaztee
    Report for AdwCleaner: # AdwCleaner v3.010 - Report created 26/10/2013 at 18:46:39# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Todd - NASKEDOV-HP# Running from : C:\Users\Todd\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Todd\AppData\Local\PackageAwareFolder Deleted : C:\Users\Todd\AppData\Local\SanctionedMedia ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pop-art-studio_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pop-art-studio_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\SanctionedMediaKey Deleted : HKCU\Software\Softonic ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16450 -\\ Google Chrome v [ File : C:\Users\Todd\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1963 octets] - [26/10/2013 18:43:07]AdwCleaner[s0].txt - [1825 octets] - [26/10/2013 18:46:39] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1885 octets] ########## And for MBAR: Malwarebytes Anti-Rootkit BETA 1.07.0.1007www.malwarebytes.org Database version: v2013.10.26.09 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Todd :: NASKEDOV-HP [administrator] 10/26/2013 7:00:42 PMmbar-log-2013-10-26 (19-00-42).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 250898Time elapsed: 36 minute(s), 4 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)
  7. tgnaztee
    ComboFix 13-10-26.01 - Todd 10/26/2013 14:16:31.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.3801 [GMT -5:00] Running from: c:\users\Todd\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2013-09-26 to 2013-10-26 ))))))))))))))))))))))))))))))) . . 2013-10-26 19:34 . 2013-10-26 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-26 18:39 . 2013-10-26 18:39 0 ----a-w- c:\windows\SysWow64\shoB9AE.tmp 2013-10-26 18:36 . 2013-10-26 18:36 -------- d-----w- C:\FRST 2013-10-26 18:34 . 2013-10-26 18:34 0 ----a-w- c:\windows\SysWow64\sho4D09.tmp 2013-10-26 16:23 . 2013-10-26 17:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-26 16:23 . 2013-10-26 16:23 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-10-26 16:22 . 2013-10-26 16:22 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-26 14:34 . 2013-10-26 14:34 0 ----a-w- c:\windows\SysWow64\sho8E0C.tmp 2013-10-26 09:05 . 2013-10-26 09:05 0 ----a-w- c:\windows\SysWow64\shoB323.tmp 2013-10-24 09:12 . 2013-10-24 09:12 0 ----a-w- c:\windows\SysWow64\shoFEA8.tmp 2013-10-24 09:07 . 2013-10-24 09:07 0 ----a-w- c:\windows\SysWow64\sho5B34.tmp 2013-10-23 09:08 . 2013-10-23 09:08 0 ----a-w- c:\windows\SysWow64\sho9D38.tmp 2013-10-22 09:33 . 2013-10-22 09:33 0 ----a-w- c:\windows\SysWow64\sho4DFB.tmp 2013-10-21 09:24 . 2013-10-21 09:24 0 ----a-w- c:\windows\SysWow64\sho87FF.tmp 2013-10-20 21:40 . 2013-10-20 21:40 -------- d-----w- c:\users\Todd\AppData\Roaming\Template 2013-10-20 15:44 . 2013-10-20 16:03 -------- d-----w- c:\users\Todd\AppData\Roaming\vlc 2013-10-19 08:54 . 2013-10-19 08:54 0 ----a-w- c:\windows\SysWow64\shoF2C.tmp 2013-10-18 08:47 . 2013-10-18 08:47 0 ----a-w- c:\windows\SysWow64\shoEB71.tmp 2013-10-17 08:54 . 2013-10-17 08:54 0 ----a-w- c:\windows\SysWow64\shoFDCE.tmp 2013-10-17 08:49 . 2013-10-17 08:49 0 ----a-w- c:\windows\SysWow64\shoFA8E.tmp 2013-10-15 08:53 . 2013-10-15 08:53 0 ----a-w- c:\windows\SysWow64\sho7B75.tmp 2013-10-14 08:51 . 2013-10-14 08:51 0 ----a-w- c:\windows\SysWow64\shoDB3C.tmp 2013-10-13 08:40 . 2013-10-13 08:40 0 ----a-w- c:\windows\SysWow64\shoF41E.tmp 2013-10-12 08:40 . 2013-10-12 08:40 0 ----a-w- c:\windows\SysWow64\sho20D3.tmp 2013-10-10 08:57 . 2013-10-10 08:57 0 ----a-w- c:\windows\SysWow64\shoD553.tmp 2013-10-09 08:32 . 2013-10-09 08:32 0 ----a-w- c:\windows\SysWow64\shoF235.tmp 2013-10-08 08:58 . 2013-10-08 08:58 0 ----a-w- c:\windows\SysWow64\sho6E4D.tmp 2013-10-08 08:53 . 2013-10-08 08:53 0 ----a-w- c:\windows\SysWow64\sho37AD.tmp 2013-10-06 08:31 . 2013-10-06 08:31 0 ----a-w- c:\windows\SysWow64\sho34EF.tmp 2013-10-04 09:11 . 2013-10-04 09:11 0 ----a-w- c:\windows\SysWow64\shoCAC8.tmp 2013-10-03 09:08 . 2013-10-03 09:08 0 ----a-w- c:\windows\SysWow64\shoB598.tmp 2013-10-02 09:08 . 2013-10-02 09:08 0 ----a-w- c:\windows\SysWow64\shoEC80.tmp 2013-10-02 09:02 . 2013-10-02 09:02 0 ----a-w- c:\windows\SysWow64\shoC700.tmp 2013-10-01 09:12 . 2013-10-01 09:12 0 ----a-w- c:\windows\SysWow64\shoBA69.tmp 2013-10-01 09:07 . 2013-10-01 09:07 0 ----a-w- c:\windows\SysWow64\sho1B29.tmp 2013-09-29 08:46 . 2013-09-29 08:46 0 ----a-w- c:\windows\SysWow64\sho4EEB.tmp 2013-09-28 08:51 . 2013-09-28 08:51 0 ----a-w- c:\windows\SysWow64\shoC467.tmp 2013-09-28 08:46 . 2013-09-28 08:46 0 ----a-w- c:\windows\SysWow64\sho99D9.tmp 2013-09-27 08:49 . 2013-09-27 08:49 0 ----a-w- c:\windows\SysWow64\shoD53.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-10 08:10 . 2010-11-13 05:14 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-09 11:13 . 2012-04-06 15:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 11:13 . 2011-09-08 15:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-25 09:13 . 2013-09-25 09:13 0 ----a-w- c:\windows\SysWow64\sho523F.tmp 2013-09-24 08:52 . 2013-09-24 08:52 0 ----a-w- c:\windows\SysWow64\shoC8DA.tmp 2013-09-24 08:47 . 2013-09-24 08:47 0 ----a-w- c:\windows\SysWow64\sho994D.tmp 2013-09-21 08:41 . 2013-09-21 08:41 0 ----a-w- c:\windows\SysWow64\sho2833.tmp 2013-09-20 08:49 . 2013-09-20 08:49 0 ----a-w- c:\windows\SysWow64\sho96D2.tmp 2013-09-19 08:42 . 2013-09-19 08:42 0 ----a-w- c:\windows\SysWow64\sho2B5E.tmp 2013-09-18 08:52 . 2013-09-18 08:52 0 ----a-w- c:\windows\SysWow64\sho7EFE.tmp 2013-09-18 08:47 . 2013-09-18 08:47 0 ----a-w- c:\windows\SysWow64\sho2BBC.tmp 2013-09-17 08:21 . 2013-09-17 08:21 0 ----a-w- c:\windows\SysWow64\sho7321.tmp 2013-09-17 03:39 . 2013-09-17 03:39 0 ----a-w- c:\windows\SysWow64\shoF848.tmp 2013-09-16 08:40 . 2013-09-16 08:40 0 ----a-w- c:\windows\SysWow64\shoEDE7.tmp 2013-09-16 08:35 . 2013-09-16 08:35 0 ----a-w- c:\windows\SysWow64\sho4ADF.tmp 2013-09-15 08:34 . 2013-09-15 08:34 0 ----a-w- c:\windows\SysWow64\sho727B.tmp 2013-09-14 08:34 . 2013-09-14 08:34 0 ----a-w- c:\windows\SysWow64\sho7FD4.tmp 2013-09-13 08:35 . 2013-09-13 08:35 0 ----a-w- c:\windows\SysWow64\shoF59E.tmp 2013-09-11 08:56 . 2013-09-11 08:56 0 ----a-w- c:\windows\SysWow64\shoEECC.tmp 2013-09-10 08:48 . 2013-09-10 08:48 0 ----a-w- c:\windows\SysWow64\shoEA3E.tmp 2013-09-09 08:51 . 2013-09-09 08:51 0 ----a-w- c:\windows\SysWow64\shoE33C.tmp 2013-09-09 08:48 . 2013-09-09 08:48 0 ----a-w- c:\windows\SysWow64\sho5692.tmp 2013-09-07 08:48 . 2013-09-07 08:48 0 ----a-w- c:\windows\SysWow64\sho6641.tmp 2013-09-06 09:20 . 2013-09-06 09:20 0 ----a-w- c:\windows\SysWow64\shoEE54.tmp 2013-09-06 09:14 . 2013-09-06 09:14 0 ----a-w- c:\windows\SysWow64\sho7C0D.tmp 2013-09-05 09:00 . 2013-09-05 09:00 0 ----a-w- c:\windows\SysWow64\sho92F6.tmp 2013-09-04 08:50 . 2013-09-04 08:50 0 ----a-w- c:\windows\SysWow64\sho6650.tmp 2013-09-04 08:45 . 2013-09-04 08:45 0 ----a-w- c:\windows\SysWow64\sho12DF.tmp 2013-09-03 08:49 . 2013-09-03 08:49 0 ----a-w- c:\windows\SysWow64\shoAB5C.tmp 2013-09-02 23:32 . 2013-09-02 23:32 0 ----a-w- c:\windows\SysWow64\sho7945.tmp 2013-08-31 18:53 . 2013-08-31 18:53 0 ----a-w- c:\windows\SysWow64\sho6F8F.tmp 2013-08-31 08:45 . 2013-08-31 08:45 0 ----a-w- c:\windows\SysWow64\shoC626.tmp 2013-08-30 08:50 . 2013-08-30 08:50 0 ----a-w- c:\windows\SysWow64\shoD96D.tmp 2013-08-30 08:45 . 2013-08-30 08:45 0 ----a-w- c:\windows\SysWow64\sho4C46.tmp 2013-08-29 08:51 . 2013-08-29 08:51 0 ----a-w- c:\windows\SysWow64\sho14B8.tmp 2013-08-28 08:48 . 2013-08-28 08:48 0 ----a-w- c:\windows\SysWow64\sho884C.tmp 2013-08-26 08:49 . 2013-08-26 08:49 0 ----a-w- c:\windows\SysWow64\sho869C.tmp 2013-08-26 08:44 . 2013-08-26 08:44 0 ----a-w- c:\windows\SysWow64\shoD72.tmp 2013-08-24 08:41 . 2013-08-24 08:41 0 ----a-w- c:\windows\SysWow64\shoB506.tmp 2013-08-23 09:10 . 2013-08-23 09:10 0 ----a-w- c:\windows\SysWow64\shoC617.tmp 2013-08-22 08:47 . 2013-08-22 08:47 0 ----a-w- c:\windows\SysWow64\shoDBAE.tmp 2013-08-21 08:46 . 2013-08-21 08:46 0 ----a-w- c:\windows\SysWow64\sho9C97.tmp 2013-08-18 08:53 . 2013-08-18 08:53 0 ----a-w- c:\windows\SysWow64\shoEA7D.tmp 2013-08-16 08:44 . 2013-08-16 08:44 0 ----a-w- c:\windows\SysWow64\shoFA03.tmp 2013-08-15 08:56 . 2013-08-15 08:56 0 ----a-w- c:\windows\SysWow64\sho58FB.tmp 2013-08-14 15:33 . 2013-08-14 15:33 0 ----a-w- c:\windows\SysWow64\shoF0C4.tmp 2013-08-13 09:05 . 2013-08-13 09:05 0 ----a-w- c:\windows\SysWow64\shoDC4A.tmp 2013-08-13 09:01 . 2013-08-13 09:01 0 ----a-w- c:\windows\SysWow64\sho5951.tmp 2013-08-10 08:47 . 2013-08-10 08:47 0 ----a-w- c:\windows\SysWow64\sho5772.tmp 2013-08-10 08:42 . 2013-08-10 08:42 0 ----a-w- c:\windows\SysWow64\sho6F50.tmp 2013-08-09 08:47 . 2013-08-09 08:47 0 ----a-w- c:\windows\SysWow64\sho2F59.tmp 2013-08-09 08:43 . 2013-08-09 08:43 0 ----a-w- c:\windows\SysWow64\shoFA21.tmp 2013-08-08 08:41 . 2013-08-08 08:41 0 ----a-w- c:\windows\SysWow64\shoE73D.tmp 2013-08-07 08:46 . 2013-08-07 08:46 0 ----a-w- c:\windows\SysWow64\shoBB9B.tmp 2013-08-05 08:41 . 2013-08-05 08:41 0 ----a-w- c:\windows\SysWow64\shoF46.tmp 2013-08-04 08:43 . 2013-08-04 08:43 0 ----a-w- c:\windows\SysWow64\sho797D.tmp 2013-08-02 08:41 . 2013-08-02 08:41 0 ----a-w- c:\windows\SysWow64\sho45E.tmp 2013-08-01 08:43 . 2013-08-01 08:43 0 ----a-w- c:\windows\SysWow64\shoFA02.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 20:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 20:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 20:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768] "Akamai NetSession Interface"="c:\users\Todd\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] "MusicManager"="c:\users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-04-23 7331840] "GoogleChromeAutoLaunch_074FE521E48D2FD943354AD99FDC5BFB"="c:\users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-10-09 844752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Todd\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] NexDef Plug-in.lnk - c:\users\Todd\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-20 65588] PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080] Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMNETS.SYS [x] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 11:13] . 2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3002832799-4013716802-3893733787-1000Core.job - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-20 01:05] . 2013-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3002832799-4013716802-3893733787-1000UA.job - c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-20 01:05] . 2013-10-26 c:\windows\Tasks\HPCeeScheduleForTodd.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . 2013-09-30 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 20:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 20:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 20:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Todd\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-Sharpener Pro 3.0 Stand-Alone - c:\program files (x86)\Nik Software\Sharpener Pro 3.0 for Lightroom\Uninstall.exe AddRemove-{BA3D5FF2-A405-4654-826E-A09FABB01853} - c:\programdata\{91A6AF7F-6DAD-4AE6-91C6-74D71193471A}\fusion2_setup_ext.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-10-26 14:38:07 ComboFix-quarantined-files.txt 2013-10-26 19:38 . Pre-Run: 243,005,521,920 bytes free Post-Run: 252,401,348,608 bytes free . - - End Of File - - 290814CF2DDED9E14BDA2DB9E4435B6B
  8. tgnaztee
    The three items listed appear to be functioning properly.
  9. tgnaztee
    Okay, MBAR said all clear. I've attached the two logs. mbar-log-2013-10-26 (11-23-31).txt system-log.txt
  10. tgnaztee
    Here it is: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01Ran by SYSTEM on MININT-0BCJITH on 26-10-2013 10:36:50Running from G:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()HKLM\...\Run: [Zune Launcher] - c:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Todd\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)HKU\Todd\...\Run: [Google Update] - C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-19] (Google Inc.)HKU\Todd\...\Run: [Akamai NetSession Interface] - C:\Users\Todd\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)HKU\Todd\...\Run: [MusicManager] - C:\Users\Todd\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7331840 2013-04-23] (Google Inc.)HKU\Todd\...\Run: [GoogleChromeAutoLaunch_074FE521E48D2FD943354AD99FDC5BFB] - C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.)HKU\Todd\...\Winlogon: [shell] explorer.exe,C:\Users\Todd\AppData\Roaming\Other.res [153600 2011-11-16] () <==== ATTENTION Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> (No File)Startup: C:\Users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnkShortcutTarget: NexDef Plug-in.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131022.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131025.001\IDSvia64.sys [521816 2013-10-16] (Symantec Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131025.009\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131025.009\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2008-09-08] ()S3 SRTSP; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-27] (Symantec Corporation)S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)S1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)S0 TfFsMon; system32\drivers\TfFsMon.sys [x]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]S0 TfSysMon; system32\drivers\TfSysMon.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-26 10:36 - 2013-10-26 10:36 - 00000000 ____D C:\FRST2013-10-26 06:34 - 2013-10-26 06:34 - 00000000 _____ C:\Windows\SysWOW64\sho8E0C.tmp2013-10-26 06:11 - 2013-10-26 06:11 - 00270472 _____ C:\Windows\Minidump\102613-115159-01.dmp2013-10-26 05:55 - 2013-10-26 05:55 - 00270472 _____ C:\Windows\Minidump\102613-51761-01.dmp2013-10-26 01:05 - 2013-10-26 01:05 - 00000000 _____ C:\Windows\SysWOW64\shoB323.tmp2013-10-25 20:01 - 2013-10-25 20:07 - 00000000 ____D C:\Users\Todd\Desktop\10-25-13 Photo Dump2013-10-24 01:12 - 2013-10-24 01:12 - 00000000 _____ C:\Windows\SysWOW64\shoFEA8.tmp2013-10-24 01:07 - 2013-10-24 01:07 - 00000000 _____ C:\Windows\SysWOW64\sho5B34.tmp2013-10-23 01:08 - 2013-10-23 01:08 - 00000000 _____ C:\Windows\SysWOW64\sho9D38.tmp2013-10-22 01:33 - 2013-10-22 01:33 - 00000000 _____ C:\Windows\SysWOW64\sho4DFB.tmp2013-10-21 01:24 - 2013-10-21 01:24 - 00000000 _____ C:\Windows\SysWOW64\sho87FF.tmp2013-10-20 13:40 - 2013-10-20 13:41 - 00000286 _____ C:\Users\Todd\AppData\Roaming\wklnhst.dat2013-10-20 13:40 - 2013-10-20 13:40 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Template2013-10-20 13:28 - 2013-10-20 13:45 - 00000000 ____D C:\Users\Todd\Downloads\Student papers2013-10-20 07:44 - 2013-10-20 08:03 - 00000000 ____D C:\Users\Todd\AppData\Roaming\vlc2013-10-19 00:54 - 2013-10-19 00:54 - 00000000 _____ C:\Windows\SysWOW64\shoF2C.tmp2013-10-18 00:47 - 2013-10-18 00:47 - 00000000 _____ C:\Windows\SysWOW64\shoEB71.tmp2013-10-17 00:54 - 2013-10-17 00:54 - 00000000 _____ C:\Windows\SysWOW64\shoFDCE.tmp2013-10-17 00:49 - 2013-10-17 00:49 - 00000000 _____ C:\Windows\SysWOW64\shoFA8E.tmp2013-10-15 00:53 - 2013-10-15 00:53 - 00000000 _____ C:\Windows\SysWOW64\sho7B75.tmp2013-10-14 15:49 - 2013-10-14 15:49 - 00020957 _____ C:\Users\Todd\Downloads\Teacher Assignments for PSAT.xlsx2013-10-14 00:51 - 2013-10-14 00:51 - 00000000 _____ C:\Windows\SysWOW64\shoDB3C.tmp2013-10-13 00:40 - 2013-10-13 00:40 - 00000000 _____ C:\Windows\SysWOW64\shoF41E.tmp2013-10-12 00:40 - 2013-10-12 00:40 - 00000000 _____ C:\Windows\SysWOW64\sho20D3.tmp2013-10-10 00:57 - 2013-10-10 00:57 - 00000000 _____ C:\Windows\SysWOW64\shoD553.tmp2013-10-09 00:38 - 2013-10-09 00:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat2013-10-09 00:32 - 2013-10-09 00:32 - 00000000 _____ C:\Windows\SysWOW64\shoF235.tmp2013-10-08 00:58 - 2013-10-08 00:58 - 00000000 _____ C:\Windows\SysWOW64\sho6E4D.tmp2013-10-08 00:53 - 2013-10-08 00:53 - 00000000 _____ C:\Windows\SysWOW64\sho37AD.tmp2013-10-06 00:31 - 2013-10-06 00:31 - 00000000 _____ C:\Windows\SysWOW64\sho34EF.tmp2013-10-04 01:11 - 2013-10-04 01:11 - 00000000 _____ C:\Windows\SysWOW64\shoCAC8.tmp2013-10-03 01:08 - 2013-10-03 01:08 - 00000000 _____ C:\Windows\SysWOW64\shoB598.tmp2013-10-02 01:08 - 2013-10-02 01:08 - 00000000 _____ C:\Windows\SysWOW64\shoEC80.tmp2013-10-02 01:02 - 2013-10-02 01:02 - 00000000 _____ C:\Windows\SysWOW64\shoC700.tmp2013-10-01 01:12 - 2013-10-01 01:12 - 00000000 _____ C:\Windows\SysWOW64\shoBA69.tmp2013-10-01 01:07 - 2013-10-01 01:07 - 00000000 _____ C:\Windows\SysWOW64\sho1B29.tmp2013-09-29 19:07 - 2013-09-29 19:07 - 00239776 _____ C:\Users\Todd\Downloads\Chaucer’s_Characterization (1).pptx2013-09-29 00:46 - 2013-09-29 00:46 - 00000000 _____ C:\Windows\SysWOW64\sho4EEB.tmp2013-09-28 00:51 - 2013-09-28 00:51 - 00000000 _____ C:\Windows\SysWOW64\shoC467.tmp2013-09-28 00:46 - 2013-09-28 00:46 - 00000000 _____ C:\Windows\SysWOW64\sho99D9.tmp2013-09-27 00:49 - 2013-09-27 00:49 - 00000000 _____ C:\Windows\SysWOW64\shoD53.tmp ==================== One Month Modified Files and Folders ======= 2013-10-26 10:36 - 2013-10-26 10:36 - 00000000 ____D C:\FRST2013-10-26 06:34 - 2013-10-26 06:34 - 00000000 _____ C:\Windows\SysWOW64\sho8E0C.tmp2013-10-26 06:34 - 2010-07-12 22:09 - 01772640 _____ C:\Windows\WindowsUpdate.log2013-10-26 06:34 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-26 06:34 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-26 06:25 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-26 06:24 - 2009-07-13 20:51 - 00116826 _____ C:\Windows\setupact.log2013-10-26 06:16 - 2012-02-27 20:49 - 00000000 ___RD C:\Users\Todd\Dropbox2013-10-26 06:16 - 2012-02-27 20:45 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Dropbox2013-10-26 06:13 - 2012-04-06 07:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-10-26 06:11 - 2013-10-26 06:11 - 00270472 _____ C:\Windows\Minidump\102613-115159-01.dmp2013-10-26 06:11 - 2011-02-18 14:34 - 00000000 ____D C:\Windows\Minidump2013-10-26 06:10 - 2011-02-18 14:34 - 388554885 _____ C:\Windows\MEMORY.DMP2013-10-26 05:55 - 2013-10-26 05:55 - 00270472 _____ C:\Windows\Minidump\102613-51761-01.dmp2013-10-26 05:47 - 2011-04-19 17:05 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3002832799-4013716802-3893733787-1000UA.job2013-10-26 01:05 - 2013-10-26 01:05 - 00000000 _____ C:\Windows\SysWOW64\shoB323.tmp2013-10-26 00:39 - 2013-07-03 00:09 - 01026304 _____ C:\Windows\IE10_main.log2013-10-25 20:07 - 2013-10-25 20:01 - 00000000 ____D C:\Users\Todd\Desktop\10-25-13 Photo Dump2013-10-25 19:51 - 2011-11-22 21:46 - 00059280 _____ C:\Users\Todd\Documents\PerfectMaskConduit.log2013-10-25 19:51 - 2011-10-30 13:15 - 00055855 _____ C:\Users\Todd\Documents\DxO Logging Name.log2013-10-25 19:51 - 2010-12-17 07:31 - 00089869 _____ C:\Users\Todd\Documents\FocalPointConduit.log2013-10-25 18:47 - 2011-04-19 17:05 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3002832799-4013716802-3893733787-1000Core.job2013-10-25 17:58 - 2013-01-30 12:17 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForTodd.job2013-10-25 17:58 - 2010-12-10 15:22 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForTodd2013-10-24 01:12 - 2013-10-24 01:12 - 00000000 _____ C:\Windows\SysWOW64\shoFEA8.tmp2013-10-24 01:07 - 2013-10-24 01:07 - 00000000 _____ C:\Windows\SysWOW64\sho5B34.tmp2013-10-23 01:08 - 2013-10-23 01:08 - 00000000 _____ C:\Windows\SysWOW64\sho9D38.tmp2013-10-22 01:33 - 2013-10-22 01:33 - 00000000 _____ C:\Windows\SysWOW64\sho4DFB.tmp2013-10-21 01:24 - 2013-10-21 01:24 - 00000000 _____ C:\Windows\SysWOW64\sho87FF.tmp2013-10-20 13:45 - 2013-10-20 13:28 - 00000000 ____D C:\Users\Todd\Downloads\Student papers2013-10-20 13:41 - 2013-10-20 13:40 - 00000286 _____ C:\Users\Todd\AppData\Roaming\wklnhst.dat2013-10-20 13:40 - 2013-10-20 13:40 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Template2013-10-20 13:40 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp2013-10-20 08:03 - 2013-10-20 07:44 - 00000000 ____D C:\Users\Todd\AppData\Roaming\vlc2013-10-19 00:54 - 2013-10-19 00:54 - 00000000 _____ C:\Windows\SysWOW64\shoF2C.tmp2013-10-18 00:47 - 2013-10-18 00:47 - 00000000 _____ C:\Windows\SysWOW64\shoEB71.tmp2013-10-17 00:54 - 2013-10-17 00:54 - 00000000 _____ C:\Windows\SysWOW64\shoFDCE.tmp2013-10-17 00:49 - 2013-10-17 00:49 - 00000000 _____ C:\Windows\SysWOW64\shoFA8E.tmp2013-10-16 15:21 - 2011-04-19 17:06 - 00002370 _____ C:\Users\Todd\Desktop\Google Chrome.lnk2013-10-15 00:53 - 2013-10-15 00:53 - 00000000 _____ C:\Windows\SysWOW64\sho7B75.tmp2013-10-14 15:49 - 2013-10-14 15:49 - 00020957 _____ C:\Users\Todd\Downloads\Teacher Assignments for PSAT.xlsx2013-10-14 00:51 - 2013-10-14 00:51 - 00000000 _____ C:\Windows\SysWOW64\shoDB3C.tmp2013-10-13 00:40 - 2013-10-13 00:40 - 00000000 _____ C:\Windows\SysWOW64\shoF41E.tmp2013-10-12 00:40 - 2013-10-12 00:40 - 00000000 _____ C:\Windows\SysWOW64\sho20D3.tmp2013-10-10 00:59 - 2012-05-28 00:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-10 00:59 - 2012-05-28 00:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-10 00:57 - 2013-10-10 00:57 - 00000000 _____ C:\Windows\SysWOW64\shoD553.tmp2013-10-10 00:39 - 2010-11-15 16:47 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-10 00:19 - 2009-07-13 21:13 - 00741212 _____ C:\Windows\System32\PerfStringBackup.INI2013-10-10 00:10 - 2013-08-15 00:14 - 00000000 ____D C:\Windows\System32\MRT2013-10-10 00:10 - 2010-11-12 21:14 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-10-09 11:58 - 2010-11-23 06:28 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log2013-10-09 11:57 - 2011-10-26 04:06 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt2013-10-09 11:55 - 2010-11-23 06:27 - 00000000 ____D C:\Users\Todd\AppData\Roaming\HP Support Assistant2013-10-09 11:55 - 2010-11-12 20:51 - 00000000 ____D C:\Users\Todd\AppData\Roaming\HpUpdate2013-10-09 03:13 - 2012-04-06 07:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-10-09 03:13 - 2012-04-06 07:46 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-10-09 03:13 - 2011-09-08 07:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-10-09 00:38 - 2013-10-09 00:38 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat2013-10-09 00:32 - 2013-10-09 00:32 - 00000000 _____ C:\Windows\SysWOW64\shoF235.tmp2013-10-08 00:58 - 2013-10-08 00:58 - 00000000 _____ C:\Windows\SysWOW64\sho6E4D.tmp2013-10-08 00:53 - 2013-10-08 00:53 - 00000000 _____ C:\Windows\SysWOW64\sho37AD.tmp2013-10-07 18:42 - 2011-04-19 17:05 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3002832799-4013716802-3893733787-1000UA2013-10-07 18:42 - 2011-04-19 17:05 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3002832799-4013716802-3893733787-1000Core2013-10-06 00:31 - 2013-10-06 00:31 - 00000000 _____ C:\Windows\SysWOW64\sho34EF.tmp2013-10-04 01:12 - 2010-07-12 23:42 - 00240170 _____ C:\Windows\PFRO.log2013-10-04 01:11 - 2013-10-04 01:11 - 00000000 _____ C:\Windows\SysWOW64\shoCAC8.tmp2013-10-03 01:08 - 2013-10-03 01:08 - 00000000 _____ C:\Windows\SysWOW64\shoB598.tmp2013-10-02 01:08 - 2013-10-02 01:08 - 00000000 _____ C:\Windows\SysWOW64\shoEC80.tmp2013-10-02 01:02 - 2013-10-02 01:02 - 00000000 _____ C:\Windows\SysWOW64\shoC700.tmp2013-10-01 01:12 - 2013-10-01 01:12 - 00000000 _____ C:\Windows\SysWOW64\shoBA69.tmp2013-10-01 01:07 - 2013-10-01 01:07 - 00000000 _____ C:\Windows\SysWOW64\sho1B29.tmp2013-09-30 07:00 - 2010-11-11 20:02 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job2013-09-29 19:07 - 2013-09-29 19:07 - 00239776 _____ C:\Users\Todd\Downloads\Chaucer’s_Characterization (1).pptx2013-09-29 00:46 - 2013-09-29 00:46 - 00000000 _____ C:\Windows\SysWOW64\sho4EEB.tmp2013-09-29 00:43 - 2009-07-13 21:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-09-28 00:51 - 2013-09-28 00:51 - 00000000 _____ C:\Windows\SysWOW64\shoC467.tmp2013-09-28 00:46 - 2013-09-28 00:46 - 00000000 _____ C:\Windows\SysWOW64\sho99D9.tmp2013-09-27 00:49 - 2013-09-27 00:49 - 00000000 _____ C:\Windows\SysWOW64\shoD53.tmp Some content of TEMP:====================C:\Users\Todd\AppData\Local\Temp\an4ywqn-.dllC:\Users\Todd\AppData\Local\Temp\COMAP.EXEC:\Users\Todd\AppData\Local\Temp\FlashPlayerUpdate.exeC:\Users\Todd\AppData\Local\Temp\GC_PCTOOLS.exeC:\Users\Todd\AppData\Local\Temp\HPHelpUpdater.exeC:\Users\Todd\AppData\Local\Temp\i4jdel0.exeC:\Users\Todd\AppData\Local\Temp\InstallFlashPlayer.exeC:\Users\Todd\AppData\Local\Temp\jQJ0cyI.exeC:\Users\Todd\AppData\Local\Temp\jQJ0cyI0.exeC:\Users\Todd\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exeC:\Users\Todd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Todd\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Todd\AppData\Local\Temp\MSETUP4.EXEC:\Users\Todd\AppData\Local\Temp\pcttProtect32.dllC:\Users\Todd\AppData\Local\Temp\Resource.exeC:\Users\Todd\AppData\Local\Temp\SkypeSetup.exeC:\Users\Todd\AppData\Local\Temp\sp46257.exeC:\Users\Todd\AppData\Local\Temp\sp49905.exe.exeC:\Users\Todd\AppData\Local\Temp\sp53904.exeC:\Users\Todd\AppData\Local\Temp\sp54931.exeC:\Users\Todd\AppData\Local\Temp\sp58915.exeC:\Users\Todd\AppData\Local\Temp\Trial.dllC:\Users\Todd\AppData\Local\Temp\u6wct0e2.dllC:\Users\Todd\AppData\Local\Temp\UninstallHPSA.exeC:\Users\Todd\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Todd\AppData\Local\Temp\vcredist_x86.exeC:\Users\Todd\AppData\Local\Temp\wmpfirefoxplugin.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 13Restore point made on: 2013-10-22 00:02:19Restore point made on: 2013-10-22 00:21:08Restore point made on: 2013-10-22 00:47:52Restore point made on: 2013-10-23 00:00:58Restore point made on: 2013-10-23 13:10:57Restore point made on: 2013-10-23 18:59:54Restore point made on: 2013-10-24 00:01:51Restore point made on: 2013-10-24 00:51:08Restore point made on: 2013-10-25 00:00:40Restore point made on: 2013-10-26 00:01:23Restore point made on: 2013-10-26 02:35:38Restore point made on: 2013-10-26 03:53:15Restore point made on: 2013-10-26 05:46:35 ==================== Memory info =========================== Percentage of memory in use: 15%Total physical RAM: 5879.89 MBAvailable physical RAM: 4940.58 MBTotal Pagefile: 5878.04 MBAvailable Pagefile: 4932.18 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.56 GB) (Free:180.63 GB) NTFSDrive e: (HP_RECOVERY) (Fixed) (Total:11.66 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive g: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FATDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 932 GB) (Disk ID: 29888D4D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 2 GB) (Disk ID: 4D0FBD6A)Partition 1: (Not Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-10-21 02:36 ==================== End Of Log ============================
  11. tgnaztee
    Hi, This has taken over my computer. Can't start in safe mode at all and regular mode is simply a static screen. Running Windows 7 64. What do I do first? Thanks T
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.