Pastafarian

Members

View Profile See their activity

Posts
15
Joined
November 4, 2014
Last visited
November 16, 2018

Reputation

0 Neutral

Recent Profile Visitors

808 profile views

jadinolf

October 26, 2017
AlexSmith

October 23, 2017

Access Denied

Pastafarian replied to Pastafarian's topic in Malwarebytes for Windows Support Forum

Uh...well, I restarted into safe mode and the folder is gone. Since then, I've seen other reports of Windows 10 feature updates causing weird permissions issues that clear up after a reboot, so perhaps that's all this was?
- October 26, 2017
- 4 replies
- - windows 10
  - build 1709
  - (and 1 more)
    Tagged with:
    
    windows 10
    
    build 1709
    
    fall creators update
Access Denied

Pastafarian replied to Pastafarian's topic in Malwarebytes for Windows Support Forum

mb-check-results.zip Here you go.
- October 22, 2017
- 4 replies
- - windows 10
  - build 1709
  - (and 1 more)
    Tagged with:
    
    windows 10
    
    build 1709
    
    fall creators update
Access Denied

Pastafarian posted a topic in Malwarebytes for Windows Support Forum

I just installed the Fall Creators Update and got a notice that Malwarebytes had an update. I tried to install it and got an Access Denied error on C:\ProgramData\Malwarebytes\MBAMService\config. I checked permissions and my account isn't able to see the owner of the folder. OK, fine. I tried the cleanup tool, no go. I ran cmd as the built-in administrator account, tried to take ownership of the folder with takeown /F config /R /D y ...access denied. The program isn't installed, so I can't even turn off the self-protection, which I understand people were concerned about prior to this update but had no way of knowing about because, you know, nothing told me that pre-emptively and I hadn't had this problem with prior big Windows 10 updates. As far as I can tell, nothing else is broken, just MBAM. Can someone give me a hand? Don't be afraid to get technical--I'm an IT guy with a lot of experience. I figure I'm probably wasting my time messing with this when I have other protection that's installed and working and someone else here probably already knows the answer. Thanks!
- October 22, 2017
- 4 replies
- - windows 10
  - build 1709
  - (and 1 more)
    Tagged with:
    
    windows 10
    
    build 1709
    
    fall creators update
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

OK, sounds good. Thanks for all your help!
- December 1, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

Sorry for the repeated bumps. I was able to download successfully a picture of a hat from Google Image Search and the 7zip installer from Sourceforge. This appears to be something inherent to DelFix or the website it's on.
- December 1, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

Apparently I can't edit my post. I meant to add that yes, I did try running IE as administrator, but that seems like an unlikely solution anyway just to download a file.
- December 1, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

Gringo, I've uninstalled ComboFix, and now something is preventing both Chrome and IE from downloading the DelFix tool. It's requiring administrative privileges to (apparently) copy a file from the temp directory to the actual download location.
- December 1, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

Here's the scan results. Looks benign to me at this point. C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcastdx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcasttb.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\dtuser.exe.vir a variant of Win32/Toolbar.Visicom.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstrNew.sys.vir Win64/Adware.AddLyrics.D application C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application C:\Users\Pompeani\Desktop\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
- November 24, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

Not going to do that for two reasons... You're not the designated helper for the thread and I don't want to muck anything up by following anyone else's instructions, and He doesn't have that anyway. I already checked.
- November 17, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

CCleaner removed about 1.5 GB of junk. Not too bad given that he likely never cleaned anything up before. He didn't have MBAM installed; I installed it and ran a scan before I even made an account here. ************************************* Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/14/2014Scan Time: 3:28:36 PMLogfile: mbam 20141114.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.14.08Rootkit Database: v2014.11.12.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Pompeani Scan Type: Threat ScanResult: CompletedObjects Scanned: 376904Time Elapsed: 10 min, 21 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.DownloadAdmin, C:\Users\Pompeani\Downloads\4b6.tmp, Quarantined, [3c74c576cab291a58bd8afa9926ead53], Physical Sectors: 0(No malicious items detected) (end) ************************************* Logfile of Trend Micro HijackThis v2.0.4Scan saved at 3:57:48 PM, on 11/14/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17420)Boot mode: Normal Running processes:C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exeC:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Nero\SyncUP\SyncUP.exeC:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exeC:\Users\Pompeani\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120930104544.dll (file missing)O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLO2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.731.2\NativeBHO.dllO2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (file missing)O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dllO4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exeO4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [immunet Protect] "C:\Program Files\Immunet\3.1.13\iptray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeO4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeO4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeO4 - Global Startup: HRBlockDirect.lnk = C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exeO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO17 - HKLM\System\CCS\Services\Tcpip\..\{4150F59C-6B10-4677-A2F0-35F0748918D0}: NameServer = 75.75.75.75,75.75.76.76O17 - HKLM\System\CS1\Services\Tcpip\..\{4150F59C-6B10-4677-A2F0-35F0748918D0}: NameServer = 75.75.75.75,75.75.76.76O17 - HKLM\System\CS2\Services\Tcpip\..\{4150F59C-6B10-4677-A2F0-35F0748918D0}: NameServer = 75.75.75.75,75.75.76.76O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(4).dllO23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXEO23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exeO23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe --End of file - 14382 bytes
- November 14, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

Adobe AIR Adobe Community Help Adobe Flash Player 15 ActiveX Adobe Photoshop Elements 9 Adobe Reader XI (11.0.09) AntiLogger SDK version 1.7.6.367 Apple Application Support Apple Software Update Bejeweled 2 Deluxe Bing Bar Blackhawk Striker 2 BleachBit Blio Bounce Symphony Build-a-lot 2 Cake Mania Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Constant Guard Protection Suite Consumer In-Home Service Agreement Cozi D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Getting Started Guide Dell MusicStage Dell PhotoStage Dell Stage Dell Stage Remote Dell VideoStage Dell Wireless Driver Installation Diner Dash 2 Restaurant Rescue Dora's World Adventure eBay Elements 9 Organizer Elements STI Installer Epson Event Manager EPSON Scan Escape Whisper Valley Farm Frenzy FATE Final Drive Fury Final Drive Nitro Google Chrome Google Drive Google Toolbar for Internet Explorer Google Update Helper H&R Block Deluxe + Efile + State 2012 H&R Block Deluxe + Efile + State 2013 H&R Block Pennsylvania 2012 H&R Block Pennsylvania 2013 HRBlockDirect version 1.1.2.0 Immunet 3 Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Java 7 Update 71 Java Auto Updater Jewel Quest Jewel Quest Solitaire 2 Junk Mail filter update Luxor Malwarebytes Anti-Malware version 2.0.3.1025 Mesh Runtime Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 MSVCRT MSVCRT_amd64 Namco All-Stars PAC-MAN Nero 10 Movie ThemePack Basic Nero Blu-ray Player Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update Norton Security Suite Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer QuickTime 7 Realtek High Definition Audio Driver Samantha Swift Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Skype™ 6.11 SyncUP Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life Wedding Dash - Ready, Aim, Love! WildTangent Games WildTangent Games App (Dell Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zinio Reader 4 Zuma Deluxe
- November 12, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

I had difficulty running the script using the copy of ComboFix that I had downloaded from Bleeping Computer; it seems to be out of date, and the self-updater didn't put the new copy anywhere I could find it. I rebooted and downloaded straight from subs's files on geekstogo.com instead and that worked. It also did a lot more than I was expecting it to. You'll notice that the script text file was named incorrectly. That's totally my fault; the setting to hide known file extensions was turned on, which I hate and didn't notice until after the fact. Should I re-run the script? Also, as before, I'm still not noticing any obvious problems at this point. ComboFix 14-11-12.01 - Pompeani 11/12/2014 10:45:12.3.2 - x64Running from: c:\users\Pompeani\Desktop\ComboFix.exeCommand switches used :: c:\users\Pompeani\Desktop\CFScript.txt.txt..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\6426\AddOnDownloaded\c20a0fa8-50ad-45ec-b66b-89e3b80e5e9d.dllc:\programdata\PCDr\6426\AddOnDownloaded\c234a47d-843f-4a61-889b-e1538e961da5.dllc:\programdata\PCDr\6426\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\_ctypes.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\_elementtree.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\_hashlib.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\_multiprocessing.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\_socket.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\_ssl.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\hashobjs_ext.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\pyexpat.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\pysqlite2._sqlite.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\python27.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\pythoncom27.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\PyWinTypes27.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\select.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\unicodedata.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32api.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32com.shell.shell.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32crypt.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32event.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32file.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32gui.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32inet.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32pdh.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32pipe.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32process.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32profile.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32security.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\win32ts.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\windows._lib_cacheinvalidation.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._animate.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._controls_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._core_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._gdi_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._html2.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._misc_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._windows_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wx._wizard.pydc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wxbase294u_net_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wxbase294u_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wxmsw294u_adv_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wxmsw294u_core_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wxmsw294u_html_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI22682\wxmsw294u_webview_vc90.dll..((((((((((((((((((((((((( Files Created from 2014-10-12 to 2014-11-12 )))))))))))))))))))))))))))))))..2014-11-12 15:54 . 2014-11-12 15:54 -------- d-----w- c:\users\Mary Jo Pompeani\AppData\Local\temp2014-11-12 15:54 . 2014-11-12 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp2014-11-03 20:01 . 2014-11-03 20:01 -------- d-----w- c:\windows\ERUNT2014-11-03 19:55 . 2014-11-03 19:55 -------- d-----w- c:\users\Pompeani\AppData\Roaming\BleachBit2014-11-03 19:55 . 2014-11-03 19:58 -------- d-----w- c:\program files (x86)\BleachBit2014-11-03 19:43 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-11-03 19:42 . 2014-11-10 16:31 -------- d-----w- C:\AdwCleaner2014-11-03 19:33 . 2014-11-04 15:26 -------- d-----w- C:\FRST2014-11-03 17:00 . 2014-11-03 18:43 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-11-03 16:59 . 2014-11-03 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-11-03 16:59 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-11-03 16:59 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-11-03 16:55 . 2014-11-03 16:55 -------- d-----w- c:\users\Pompeani\AppData\Roaming\Malwarebytes2014-11-03 16:54 . 2014-11-03 16:59 -------- d-----w- c:\programdata\Malwarebytes2014-11-03 16:54 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-11-03 16:23 . 2014-11-03 16:23 -------- d-----w- c:\program files (x86)\Common Files\Java2014-11-03 16:23 . 2014-11-03 16:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-11-03 16:23 . 2014-11-03 16:23 -------- d-----w- c:\program files (x86)\Java2014-10-31 09:01 . 2014-10-31 09:01 -------- d-----w- C:\NPE2014-10-31 08:57 . 2014-10-31 09:16 -------- d-----w- c:\users\Pompeani\AppData\Local\NPE2014-10-30 00:53 . 2014-10-30 00:53 1936 ----a-w- c:\windows\patsearch.bin2014-10-28 13:32 . 2014-10-28 13:32 -------- d-----w- c:\programdata\ArcSoft2014-10-28 13:32 . 2014-10-28 13:32 -------- d-----w- c:\users\Pompeani\AppData\Local\ArcSoft2014-10-22 21:53 . 2014-10-22 21:53 -------- d-----w- c:\program files\iPod2014-10-22 21:53 . 2014-10-22 21:55 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-10-22 21:53 . 2014-10-22 21:55 -------- d-----w- c:\program files\iTunes2014-10-22 21:53 . 2014-10-22 21:55 -------- d-----w- c:\program files (x86)\iTunes2014-10-16 06:50 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll2014-10-16 06:50 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-10-16 07:48 . 2012-12-08 15:32 49752 ----a-w- c:\windows\system32\drivers\AntiLog64.sys2014-10-16 07:02 . 2012-10-04 11:52 103265616 ----a-w- c:\windows\system32\MRT.exe2014-09-25 02:08 . 2014-09-30 22:19 371712 ----a-w- c:\windows\system32\qdvd.dll2014-09-25 01:40 . 2014-09-30 22:19 519680 ----a-w- c:\windows\SysWow64\qdvd.dll2014-09-24 07:02 . 2012-05-26 02:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-09-24 07:02 . 2012-05-26 02:19 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-09-13 07:45 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2014-09-09 22:11 . 2014-09-23 20:33 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-09 21:47 . 2014-09-23 20:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll2014-09-08 23:15 . 2014-09-08 23:15 100048 ----a-w- c:\windows\system32\drivers\ImmunetNetworkMonitor.sys2014-09-08 23:15 . 2014-09-08 23:15 58064 ----a-w- c:\windows\system32\drivers\immunetprotect.sys2014-09-08 23:15 . 2014-09-08 23:15 32976 ----a-w- c:\windows\system32\drivers\immunetselfprotect.sys2014-09-08 23:15 . 2014-09-08 23:15 329800 ----a-w- c:\windows\system32\drivers\trufos.sys2014-08-26 02:26 . 2014-10-03 10:49 593112 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symnets.sys2014-08-26 02:26 . 2014-10-03 10:49 1148120 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symefa64.sys2014-08-26 02:20 . 2014-10-03 10:49 876248 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtsp64.sys2014-08-26 02:20 . 2014-10-03 10:49 37592 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtspx64.sys2014-08-23 02:07 . 2014-08-27 20:01 404480 ----a-w- c:\windows\system32\gdi32.dll2014-08-23 01:45 . 2014-08-27 20:01 311808 ----a-w- c:\windows\SysWow64\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 133400]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"Immunet Protect"="c:\program files\Immunet\3.1.13\iptray.exe" [2014-09-08 3232464]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(4).dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51420840.sys]@="Driver".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141111.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141111.001\IDSvia64.sys [x]S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\System32\Drivers\immunetprotect.sys;c:\windows\SYSNATIVE\Drivers\immunetprotect.sys [x]S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\System32\Drivers\immunetselfprotect.sys;c:\windows\SYSNATIVE\Drivers\immunetselfprotect.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]S2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;c:\windows\System32\Drivers\ImmunetNetworkMonitor.sys;c:\windows\SYSNATIVE\Drivers\ImmunetNetworkMonitor.sys [x]S2 ImmunetProtect;Immunet 3;c:\program files\Immunet\3.1.13\sfc.exe;c:\program files\Immunet\3.1.13\sfc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-10-28 13:13 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 07:02].2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30 11:55].2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30 11:55]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-22 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-22 398616]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-22 439064]"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(4).dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <-loopback>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sTCP: DhcpNameServer = 10.0.0.1TCP: Interfaces\{4150F59C-6B10-4677-A2F0-35F0748918D0}: NameServer = 75.75.75.75,75.75.76.76.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1""ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS""TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2014-11-12 11:01:01 - machine was rebootedComboFix-quarantined-files.txt 2014-11-12 16:01ComboFix2.txt 2014-11-10 19:09ComboFix3.txt 2014-11-03 20:29.Pre-Run: 390,637,375,488 bytes freePost-Run: 390,297,866,240 bytes free.- - End Of File - - 4878DFE2AC3C3693965545B2A4021A39
- November 12, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

No problems before this post. ComboFix 14-11-10.02 - Pompeani 11/10/2014 13:56:05.2.2 - x64Running from: c:\users\Pompeani\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\6426\AddOnDownloaded\8996ad0f-b495-44ab-a09b-997642f10f32.dllc:\programdata\PCDr\6426\AddOnDownloaded\c20a0fa8-50ad-45ec-b66b-89e3b80e5e9d.dllc:\programdata\PCDr\6426\AddOnDownloaded\c234a47d-843f-4a61-889b-e1538e961da5.dllc:\programdata\PCDr\6426\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\_ctypes.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\_elementtree.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\_hashlib.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\_multiprocessing.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\_socket.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\_ssl.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\hashobjs_ext.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\pyexpat.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\pysqlite2._sqlite.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\python27.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\pythoncom27.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\PyWinTypes27.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\select.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\unicodedata.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32api.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32com.shell.shell.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32crypt.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32event.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32file.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32gui.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32inet.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32pdh.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32pipe.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32process.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32profile.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32security.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\win32ts.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\windows._lib_cacheinvalidation.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._animate.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._controls_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._core_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._gdi_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._html2.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._misc_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._windows_.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wx._wizard.pydc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wxbase294u_net_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wxbase294u_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wxmsw294u_adv_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wxmsw294u_core_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wxmsw294u_html_vc90.dllc:\users\Pompeani\AppData\Local\Temp\_MEI24562\wxmsw294u_webview_vc90.dll..((((((((((((((((((((((((( Files Created from 2014-10-10 to 2014-11-10 )))))))))))))))))))))))))))))))..2014-11-10 19:03 . 2014-11-10 19:03 -------- d-----w- c:\users\Mary Jo Pompeani\AppData\Local\temp2014-11-10 19:03 . 2014-11-10 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp2014-11-03 20:01 . 2014-11-03 20:01 -------- d-----w- c:\windows\ERUNT2014-11-03 19:55 . 2014-11-03 19:55 -------- d-----w- c:\users\Pompeani\AppData\Roaming\BleachBit2014-11-03 19:55 . 2014-11-03 19:58 -------- d-----w- c:\program files (x86)\BleachBit2014-11-03 19:43 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-11-03 19:42 . 2014-11-10 16:31 -------- d-----w- C:\AdwCleaner2014-11-03 19:33 . 2014-11-04 15:26 -------- d-----w- C:\FRST2014-11-03 17:00 . 2014-11-03 18:43 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-11-03 16:59 . 2014-11-03 16:59 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-11-03 16:59 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-11-03 16:59 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-11-03 16:55 . 2014-11-03 16:55 -------- d-----w- c:\users\Pompeani\AppData\Roaming\Malwarebytes2014-11-03 16:54 . 2014-11-03 16:59 -------- d-----w- c:\programdata\Malwarebytes2014-11-03 16:54 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-11-03 16:23 . 2014-11-03 16:23 -------- d-----w- c:\program files (x86)\Common Files\Java2014-11-03 16:23 . 2014-11-03 16:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-11-03 16:23 . 2014-11-03 16:23 -------- d-----w- c:\program files (x86)\Java2014-10-31 09:01 . 2014-10-31 09:01 -------- d-----w- C:\NPE2014-10-31 08:57 . 2014-10-31 09:16 -------- d-----w- c:\users\Pompeani\AppData\Local\NPE2014-10-30 00:53 . 2014-10-30 00:53 1936 ----a-w- c:\windows\patsearch.bin2014-10-28 13:32 . 2014-10-28 13:32 -------- d-----w- c:\programdata\ArcSoft2014-10-28 13:32 . 2014-10-28 13:32 -------- d-----w- c:\users\Pompeani\AppData\Local\ArcSoft2014-10-22 21:53 . 2014-10-22 21:53 -------- d-----w- c:\program files\iPod2014-10-22 21:53 . 2014-10-22 21:55 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-10-22 21:53 . 2014-10-22 21:55 -------- d-----w- c:\program files\iTunes2014-10-22 21:53 . 2014-10-22 21:55 -------- d-----w- c:\program files (x86)\iTunes2014-10-16 06:50 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll2014-10-16 06:50 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-10-16 07:48 . 2012-12-08 15:32 49752 ----a-w- c:\windows\system32\drivers\AntiLog64.sys2014-10-16 07:02 . 2012-10-04 11:52 103265616 ----a-w- c:\windows\system32\MRT.exe2014-09-25 02:08 . 2014-09-30 22:19 371712 ----a-w- c:\windows\system32\qdvd.dll2014-09-25 01:40 . 2014-09-30 22:19 519680 ----a-w- c:\windows\SysWow64\qdvd.dll2014-09-24 07:02 . 2012-05-26 02:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-09-24 07:02 . 2012-05-26 02:19 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-09-13 07:45 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2014-09-09 22:11 . 2014-09-23 20:33 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-09 21:47 . 2014-09-23 20:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll2014-09-08 23:15 . 2014-09-08 23:15 100048 ----a-w- c:\windows\system32\drivers\ImmunetNetworkMonitor.sys2014-09-08 23:15 . 2014-09-08 23:15 58064 ----a-w- c:\windows\system32\drivers\immunetprotect.sys2014-09-08 23:15 . 2014-09-08 23:15 32976 ----a-w- c:\windows\system32\drivers\immunetselfprotect.sys2014-09-08 23:15 . 2014-09-08 23:15 329800 ----a-w- c:\windows\system32\drivers\trufos.sys2014-08-26 02:26 . 2014-10-03 10:49 593112 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symnets.sys2014-08-26 02:26 . 2014-10-03 10:49 1148120 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symefa64.sys2014-08-26 02:20 . 2014-10-03 10:49 876248 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtsp64.sys2014-08-26 02:20 . 2014-10-03 10:49 37592 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtspx64.sys2014-08-23 02:07 . 2014-08-27 20:01 404480 ----a-w- c:\windows\system32\gdi32.dll2014-08-23 01:45 . 2014-08-27 20:01 311808 ----a-w- c:\windows\SysWow64\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-12-16 133400]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"Immunet Protect"="c:\program files\Immunet\3.1.13\iptray.exe" [2014-09-08 3232464]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(4).dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51420840.sys]@="Driver".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSvia64.sys [x]S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\System32\Drivers\immunetprotect.sys;c:\windows\SYSNATIVE\Drivers\immunetprotect.sys [x]S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\System32\Drivers\immunetselfprotect.sys;c:\windows\SYSNATIVE\Drivers\immunetselfprotect.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]S2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;c:\windows\System32\Drivers\ImmunetNetworkMonitor.sys;c:\windows\SYSNATIVE\Drivers\ImmunetNetworkMonitor.sys [x]S2 ImmunetProtect;Immunet 3;c:\program files\Immunet\3.1.13\sfc.exe;c:\program files\Immunet\3.1.13\sfc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-10-28 13:13 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 07:02].2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30 11:55].2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-30 11:55]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-10-21 22:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-22 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-22 398616]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-22 439064]"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(4).dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <-loopback>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sTCP: DhcpNameServer = 10.0.0.1TCP: Interfaces\{4150F59C-6B10-4677-A2F0-35F0748918D0}: NameServer = 75.75.75.75,75.75.76.76.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1""ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS""TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEc:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2014-11-10 14:09:44 - machine was rebootedComboFix-quarantined-files.txt 2014-11-10 19:09ComboFix2.txt 2014-11-03 20:29.Pre-Run: 389,355,675,648 bytes freePost-Run: 389,281,755,136 bytes free.- - End Of File - - A3E389B8BA893ABDDB0338CC595F8032
- November 10, 2014
- 22 replies
Ads by Speed Check

Pastafarian replied to Pastafarian's topic in Resolved Malware Removal Logs

I ran both of those and things seem OK at first blush. I don't understand--I ran both of those tools already and they didn't fix the problem. Here are the logs. ******************************************************************** # AdwCleaner v4.101 - Report created 10/11/2014 at 11:30:52# Updated 09/11/2014 by Xplode# Database : 2014-11-07.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Pompeani - POMPEANI-PC# Running from : C:\Users\Pompeani\Desktop\adwcleaner_4.101.exe# Option : Clean ***** [ Services ] ***** Service Deleted : webinstrNew ***** [ Files / Folders ] ***** File Deleted : C:\Windows\System32\drivers\webinstrNew.sysFile Deleted : C:\Users\Pompeani\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorageFile Deleted : C:\Users\Pompeani\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.comKey Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v38.0.2125.111 ************************* AdwCleaner[R0].txt - [4905 octets] - [03/11/2014 14:42:47]AdwCleaner[R1].txt - [1510 octets] - [10/11/2014 11:25:07]AdwCleaner[R2].txt - [1570 octets] - [10/11/2014 11:29:44]AdwCleaner[s0].txt - [4915 octets] - [03/11/2014 14:44:21]AdwCleaner[s1].txt - [1505 octets] - [10/11/2014 11:30:52] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1565 octets] ########## ******************************************************************** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.7 (11.08.2014:1)OS: Windows 7 Home Premium x64Ran by Pompeani on Mon 11/10/2014 at 11:39:03.44~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 11/10/2014 at 11:43:15.20End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- November 10, 2014
- 22 replies
Ads by Speed Check

Pastafarian posted a topic in Resolved Malware Removal Logs

Hi, I'm trying to help a friend get rid of an infection on his PC. Popup ads on nearly every website, all labeled, "Ads by Speed Check". Usually I can get rid of stuff pretty quickly, but this one has me stumped. I uninstalled several things that jumped out at me and that proved problematic with research: Ask.com stuff, StormWatch, MapsGalaxy, FileCure, GeniusBox, and IdleCrawler. I've run several tools already (Malwarebytes, AdwCleaner, Junkware Removal Tool, TDSSKiller) to no avail. I even ran an OTL scan and started looking over the log, but what I was expecting to see wasn't there. So...here I am. ************************************************* Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014Ran by Pompeani (administrator) on POMPEANI-PC on 04-11-2014 10:25:59Running from C:\Users\Pompeani\DesktopLoaded Profile: Pompeani (Available profiles: Pompeani)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe(Sourcefire, Inc.) C:\Program Files\Immunet\3.1.13\sfc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe(Immunet) C:\Program Files\Immunet\3.1.13\iptray.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463080 2012-01-16] (Realtek Semiconductor)HKLM\...\Run: [stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [immunet Protect] => C:\Program Files\Immunet\3.1.13\iptray.exe [3232464 2014-09-08] (Immunet)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2230876663-2620306521-2540192324-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)HKU\S-1-5-21-2230876663-2620306521-2540192324-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)HKU\S-1-5-21-2230876663-2620306521-2540192324-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(4).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(4).dll [88376 2013-07-24] (Zemana Ltd.)AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(4).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(4).dll [81160 2013-07-24] (Zemana Ltd.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnkShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnkShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block )ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-2230876663-2620306521-2540192324-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - {3E144148-7D59-4397-8A87-DEDD919A4179} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120930104544.dll No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120930104544.dll No FileBHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.731.2\NativeBHO.dll (WhiteSky)BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No FileBHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No FileHandler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 10.0.0.1Tcpip\..\Interfaces\{4150F59C-6B10-4677-A2F0-35F0748918D0}: [NameServer] 75.75.75.75,75.75.76.76 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCoreFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-04]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: =======CHR HomePage: Default -> hxxp://www.esbbank.com/CHR StartupUrls: Default -> "hxxp://www.esbbank.com/", "hxxp://www.google.com/"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Pompeani\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Pompeani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pompeani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]CHR Extension: (Norton Identity Safe) - C:\Users\Pompeani\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-13]CHR Extension: (Google Wallet) - C:\Users\Pompeani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Pompeani\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ImmunetProtect; C:\Program Files\Immunet\3.1.13\sfc.exe [546208 2014-09-08] (Sourcefire, Inc.)R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)S3 scan; C:\Program Files\Immunet\tetra\scan.dll [447744 2014-09-08] (BitDefender)R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-10-16] (Zemana Ltd.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141103.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)R2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [100048 2014-09-08] (Sourcefire, Inc.)R1 ImmunetProtectDriver; C:\Windows\System32\Drivers\immunetprotect.sys [58064 2014-09-08] (Windows ® Win 7 DDK provider)R1 ImmunetSelfProtectDriver; C:\Windows\System32\Drivers\immunetselfprotect.sys [32976 2014-09-08] (Windows ® Win 7 DDK provider)R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141103.034\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141103.034\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-02] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)S3 Trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2014-09-08] (BitDefender S.R.L.)R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [58040 2014-10-29] (Corsica)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 10:25 - 2014-11-04 10:26 - 00021628 _____ () C:\Users\Pompeani\Desktop\FRST.txt2014-11-04 10:18 - 2014-11-03 14:33 - 02114560 _____ (Farbar) C:\Users\Pompeani\Desktop\FRST64.exe2014-11-03 15:29 - 2014-11-03 15:29 - 00029559 _____ () C:\ComboFix.txt2014-11-03 15:08 - 2014-11-03 15:30 - 00000000 ____D () C:\Qoobox2014-11-03 15:08 - 2014-11-03 15:28 - 00000000 ____D () C:\Windows\erdnt2014-11-03 15:08 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2014-11-03 15:08 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2014-11-03 15:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-11-03 15:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-11-03 15:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-11-03 15:08 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2014-11-03 15:08 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2014-11-03 15:08 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2014-11-03 15:01 - 2014-11-03 15:01 - 00000000 ____D () C:\Windows\ERUNT2014-11-03 14:55 - 2014-11-03 14:58 - 00000000 ____D () C:\Program Files (x86)\BleachBit2014-11-03 14:55 - 2014-11-03 14:55 - 00001025 _____ () C:\Users\Pompeani\Desktop\BleachBit.lnk2014-11-03 14:55 - 2014-11-03 14:55 - 00000000 ____D () C:\Users\Pompeani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit2014-11-03 14:55 - 2014-11-03 14:55 - 00000000 ____D () C:\Users\Pompeani\AppData\Roaming\BleachBit2014-11-03 14:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-11-03 14:42 - 2014-11-03 14:44 - 00000000 ____D () C:\AdwCleaner2014-11-03 14:33 - 2014-11-04 10:26 - 00000000 ____D () C:\FRST2014-11-03 12:00 - 2014-11-03 13:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-03 11:59 - 2014-11-03 11:59 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-03 11:59 - 2014-11-03 11:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-03 11:59 - 2014-11-03 11:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-03 11:59 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-03 11:59 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-03 11:55 - 2014-11-03 11:55 - 00000000 ____D () C:\Users\Pompeani\AppData\Roaming\Malwarebytes2014-11-03 11:54 - 2014-11-03 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-03 11:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-11-03 11:23 - 2014-11-03 11:23 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-11-03 11:23 - 2014-11-03 11:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-11-03 11:23 - 2014-11-03 11:23 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-11-03 11:23 - 2014-11-03 11:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-11-03 11:23 - 2014-11-03 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-11-03 11:23 - 2014-11-03 11:23 - 00000000 ____D () C:\Program Files (x86)\Java2014-11-03 11:21 - 2014-11-04 10:18 - 00000000 ____D () C:\Users\Pompeani\Desktop\virus cleaning2014-11-03 11:17 - 2014-11-03 11:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-11-03 11:17 - 2014-11-03 11:17 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk2014-10-31 04:01 - 2014-10-31 04:01 - 00000000 ____D () C:\NPE2014-10-31 03:57 - 2014-10-31 04:16 - 00000000 ____D () C:\Users\Pompeani\AppData\Local\NPE2014-10-29 19:53 - 2014-10-29 19:53 - 00001936 _____ () C:\Windows\patsearch.bin2014-10-29 19:53 - 2014-10-29 19:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf2014-10-29 19:53 - 2014-10-29 19:52 - 00058040 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys2014-10-29 19:50 - 2014-10-29 19:50 - 00000064 _____ () C:\Users\Pompeani\AppData\Local\edcbe9083787748624247553774373912014-10-29 19:49 - 2014-10-29 19:49 - 00000000 ____D () C:\Users\Pompeani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-10-28 08:32 - 2014-10-28 08:32 - 00000000 ____D () C:\Users\Pompeani\AppData\Local\ArcSoft2014-10-28 08:32 - 2014-10-28 08:32 - 00000000 ____D () C:\ProgramData\ArcSoft2014-10-23 18:18 - 2014-10-23 18:18 - 00003132 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry2014-10-22 16:55 - 2014-10-22 16:55 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-10-22 16:55 - 2014-10-22 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-10-22 16:53 - 2014-10-22 16:55 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-10-22 16:53 - 2014-10-22 16:55 - 00000000 ____D () C:\Program Files\iTunes2014-10-22 16:53 - 2014-10-22 16:55 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-10-22 16:53 - 2014-10-22 16:53 - 00000000 ____D () C:\Program Files\iPod2014-10-16 01:52 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-16 01:52 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-16 01:52 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-16 01:52 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-16 01:52 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-16 01:52 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-16 01:52 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-16 01:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-16 01:52 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-16 01:52 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-16 01:52 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-16 01:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-16 01:52 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-16 01:52 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-16 01:52 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-16 01:52 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-16 01:52 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-16 01:52 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-16 01:52 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-16 01:52 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-16 01:52 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-16 01:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-16 01:52 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-16 01:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-16 01:52 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-16 01:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-16 01:52 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 01:52 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 01:52 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 01:52 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 01:52 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 01:52 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 01:51 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-16 01:51 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-16 01:51 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-16 01:51 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-16 01:51 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-16 01:51 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-16 01:51 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-16 01:51 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-16 01:51 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-16 01:51 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-16 01:51 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-16 01:51 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-16 01:51 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-16 01:51 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-16 01:51 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-16 01:51 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-16 01:51 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-16 01:51 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-16 01:51 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-16 01:51 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-16 01:51 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-16 01:51 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-16 01:51 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-16 01:51 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-16 01:51 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-16 01:51 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-16 01:51 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-16 01:51 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-16 01:51 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-16 01:51 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-16 01:51 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-16 01:51 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-16 01:51 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-16 01:51 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-16 01:51 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-16 01:51 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-16 01:51 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 01:51 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 01:51 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 01:51 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-16 01:51 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-16 01:51 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 01:51 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 01:51 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 01:51 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-16 01:51 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-16 01:51 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 01:51 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 01:51 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-16 01:51 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-16 01:51 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-16 01:51 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-16 01:51 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 01:51 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-16 01:50 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-16 01:50 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-08 16:26 - 2014-10-08 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 10:17 - 2012-05-25 21:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-04 10:00 - 2012-09-30 11:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-04 09:57 - 2012-09-30 13:04 - 00000000 ____D () C:\Users\Pompeani\AppData\Local\Nero2014-11-04 09:48 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-04 09:48 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-04 09:45 - 2012-05-25 21:17 - 01168759 _____ () C:\Windows\WindowsUpdate.log2014-11-04 09:45 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-04 09:42 - 2012-05-25 21:42 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2014-11-04 09:41 - 2012-09-30 11:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-04 09:41 - 2012-05-25 21:46 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2014-11-04 09:41 - 2012-05-25 21:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2014-11-04 09:40 - 2010-11-20 22:47 - 00742954 _____ () C:\Windows\PFRO.log2014-11-04 09:40 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-04 09:40 - 2009-07-13 23:51 - 00042722 _____ () C:\Windows\setupact.log2014-11-04 08:24 - 2012-12-08 10:31 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite2014-11-03 15:30 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default2014-11-03 15:23 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2014-11-03 13:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration2014-11-03 11:50 - 2012-11-25 10:39 - 00000048 _____ () C:\RB.rdat2014-11-03 11:50 - 2012-11-25 10:39 - 00000048 _____ () C:\License_Time.rdat2014-11-03 11:27 - 2012-12-21 08:48 - 00000000 __SHD () C:\Users\Pompeani\PrivacIE2014-11-03 11:25 - 2012-09-30 11:11 - 00000000 ____D () C:\Users\Mary Jo Pompeani2014-11-03 11:24 - 2014-08-09 05:39 - 00000000 ____D () C:\ProgramData\Oracle2014-11-03 11:17 - 2012-05-25 21:56 - 00000000 ____D () C:\ProgramData\Adobe2014-11-03 11:17 - 2012-05-25 21:56 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-11-03 11:10 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-11-02 09:47 - 2014-09-08 18:15 - 00000000 ____D () C:\Program Files\Immunet2014-11-01 14:02 - 2013-05-21 16:13 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask2014-10-31 03:58 - 2012-12-08 10:40 - 00000000 ____D () C:\ProgramData\Norton2014-10-31 03:54 - 2012-09-30 10:15 - 00000000 ____D () C:\Users\Pompeani\Documents\Outlook Files2014-10-28 08:14 - 2012-09-30 11:51 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-25 06:55 - 2012-09-30 11:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-25 06:55 - 2012-09-30 11:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-22 16:53 - 2014-09-17 16:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-10-22 16:53 - 2012-09-30 12:46 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-10-21 15:59 - 2014-04-08 18:29 - 00000000 ____D () C:\Users\Pompeani\AppData\Local\Windows Live2014-10-16 17:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-16 02:48 - 2012-12-08 10:32 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys2014-10-16 02:48 - 2012-12-08 10:32 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst2014-10-16 02:47 - 2012-12-08 10:32 - 00000000 ____D () C:\Users\Pompeani\AppData\Roaming\ID Vault2014-10-16 02:47 - 2012-12-08 10:31 - 00001984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk2014-10-16 02:47 - 2012-12-08 10:31 - 00001972 _____ () C:\Users\Public\Desktop\Constant Guard.lnk2014-10-16 02:41 - 2009-07-13 23:45 - 00414064 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-16 02:38 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-16 02:17 - 2012-09-30 09:47 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-16 02:10 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT2014-10-16 02:02 - 2012-10-04 06:52 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-14 16:08 - 2013-04-06 10:58 - 00000000 ____D () C:\Users\Pompeani\AppData\Local\CrashDumps2014-10-07 16:50 - 2013-10-26 07:34 - 00012667 _____ () C:\Users\Pompeani\Documents\Personal Financial Statement.xlsx2014-10-07 16:43 - 2014-08-18 16:50 - 00010254 _____ () C:\Users\Pompeani\Documents\options.xlsx2014-10-05 08:33 - 2014-01-07 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013 Some content of TEMP:====================C:\Users\Pompeani\AppData\Local\Temp\{ABF86757-C60A-49C7-B3AF-F9EE8239914C}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 17:40 ==================== End Of Log ============================ ************************************************* Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014Ran by Pompeani at 2014-11-04 10:26:29Running from C:\Users\Pompeani\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AV: Immunet 3 (Enabled - Up to date) {D3417D79-6FAC-4B50-D487-4BA8768A0AA4}AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBleachBit (HKLM-x32\...\BleachBit) (Version: - BleachBit)Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) HiddenBuild-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenCake Mania (x32 Version: 2.2.0.95 - WildTangent) HiddenChuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) HiddenDell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddeneBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) HiddenElements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenEpson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version: - SEIKO EPSON Corporation)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)Escape Whisper Valley (x32 Version: 2.2.0.95 - WildTangent) HiddenFarm Frenzy (x32 Version: 2.2.0.95 - WildTangent) HiddenFATE (x32 Version: 2.2.0.95 - WildTangent) HiddenFinal Drive Fury (x32 Version: 2.2.0.95 - WildTangent) HiddenFinal Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenH&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.7601 - HRB Technology, LLC.)H&R Block Pennsylvania 2012 (HKLM-x32\...\{E8DD8C86-E233-4AE4-BB8A-C52D36D7756D}) (Version: 1.12.3501 - HRB Technology, LLC.)H&R Block Pennsylvania 2013 (HKLM-x32\...\{7F62C83B-2474-498A-8F5C-E5C452DF2D15}) (Version: 1.13.4601 - HRB Technology, LLC.)HRBlockDirect version 1.1.2.0 (HKLM-x32\...\{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1) (Version: 1.1.2.0 - HRBlock)iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)Immunet 3 (HKLM-x32\...\Immunet Protect) (Version: 3.1.13.9671 - Sourcefire, Inc.)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) HiddenJewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLuxor (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenNorton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenQuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVirtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenVS10Runtimex64 (Version: 1.0.0 - sourcefire) HiddenWedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)WildTangent Games App (Dell Games) (x32 Version: 4.0.10.2 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) HiddenZuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 24-10-2014 21:12:12 Scheduled Checkpoint01-11-2014 04:00:02 Scheduled Checkpoint03-11-2014 16:21:44 Installed Java 7 Update 71 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-11-03 15:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {169264DE-4A48-40A8-BE76-AC1F2D9EBDBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)Task: {2A6FB498-15DD-4177-8E8F-6182C391A4FC} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {2B57681E-3CD0-413B-87C3-6617B45A20DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)Task: {38F63A00-E869-4212-BB7C-BBE157AAA497} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)Task: {66EEB351-DF41-4D10-9115-E347BF4410CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {9AD707FA-E05C-401D-AD66-A4AD62A12751} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {A380D9EB-CF1E-443D-A8C4-8A7838FA03C4} - \Microsoft\Windows\Maintenance\IC Update Procedure No Task File <==== ATTENTIONTask: {A6D3E331-5D00-45A4-8659-6E73A01E5F45} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)Task: {ADA4A455-7D4A-4583-90C6-38ADF1C99EFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {C3D53E56-29D6-48DF-AB66-BA54BC170BD7} - \IC Runner Procedure No Task File <==== ATTENTIONTask: {D05B3E24-8E05-4A3C-A875-F2EB9D8C927C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)Task: {DBD307A6-BC66-4EB9-8524-96E1F9F29FF2} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)Task: {E7B09A23-369C-4E6A-BC33-34EF2A1DCCD8} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-08 18:15 - 2014-09-08 18:15 - 01501696 _____ () C:\Program Files\Immunet\3.1.13\LIBEAY32.dll2014-09-08 18:15 - 2014-09-08 18:15 - 00440016 _____ () C:\Program Files\Immunet\3.1.13\dhr.dll2014-09-08 18:15 - 2014-09-08 18:15 - 00331776 _____ () C:\Program Files\Immunet\3.1.13\SSLEAY32.dll2014-09-08 18:15 - 2014-09-08 18:15 - 00573648 _____ () C:\Program Files\Immunet\3.1.13\dsp.dll2012-05-25 21:42 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE2012-05-25 22:50 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-06-27 19:26 - 2011-06-27 19:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe2011-06-29 08:52 - 2011-06-29 08:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll2014-11-04 09:42 - 2014-11-04 09:42 - 00098816 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32api.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00110080 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\pywintypes27.dll2014-11-04 09:42 - 2014-11-04 09:42 - 00364544 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\pythoncom27.dll2014-11-04 09:42 - 2014-11-04 09:42 - 00045568 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\_socket.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 01160704 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\_ssl.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00320512 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32com.shell.shell.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00713216 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\_hashlib.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 01175040 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._core_.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00805888 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._gdi_.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00811008 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._windows_.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 01062400 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._controls_.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00735232 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._misc_.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00128512 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\_elementtree.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00127488 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\pyexpat.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00557056 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\pysqlite2._sqlite.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00007168 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\hashobjs_ext.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00087552 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\_ctypes.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00119808 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32file.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00108544 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32security.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00018432 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32event.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00038912 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32inet.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00070656 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._html2.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00167936 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32gui.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00011264 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32crypt.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00027136 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\_multiprocessing.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00686080 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\unicodedata.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00122368 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._wizard.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00010240 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\select.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00024064 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32pipe.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00025600 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32pdh.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00525640 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\windows._lib_cacheinvalidation.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00035840 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32process.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00017408 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32profile.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00022528 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\win32ts.pyd2014-11-04 09:42 - 2014-11-04 09:42 - 00078336 _____ () C:\Users\Pompeani\AppData\Local\Temp\_MEI42322\wx._animate.pyd2014-10-16 02:54 - 2014-10-16 02:54 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll2012-05-25 21:35 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2012-05-25 21:33 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2011-12-31 17:04 - 2011-12-31 17:04 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll2011-12-31 17:04 - 2011-12-31 17:04 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll2011-12-31 17:04 - 2011-12-31 17:04 - 00026408 _____ () C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51420840.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51420840.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2230876663-2620306521-2540192324-500 - Administrator - Disabled)Guest (S-1-5-21-2230876663-2620306521-2540192324-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2230876663-2620306521-2540192324-1002 - Limited - Enabled)Pompeani (S-1-5-21-2230876663-2620306521-2540192324-1001 - Administrator - Enabled) => C:\Users\Pompeani ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/04/2014 09:41:49 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 03:50:59 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/03/2014 03:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (11/03/2014 03:20:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/03/2014 03:19:31 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (11/03/2014 03:18:53 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (11/03/2014 03:15:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions:=========================Error: (11/04/2014 09:41:49 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 03:50:59 PM) (Source: SideBySide) (EventID: 80) (User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe Error: (11/03/2014 03:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2014-11-03 15:19:31.460 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-03 15:19:31.382 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Pentium® CPU G630 @ 2.70GHzPercentage of memory in use: 43%Total physical RAM: 3974.16 MBAvailable physical RAM: 2229.16 MBTotal Pagefile: 7946.51 MBAvailable Pagefile: 5779.67 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:449.18 GB) (Free:362.79 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 28421A7F)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=16.5 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- November 4, 2014
- 22 replies

Sign In

Pastafarian

Posts

Joined

Last visited

Reputation

Recent Profile Visitors

jadinolf

AlexSmith

Access Denied

Access Denied

Access Denied

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Ads by Speed Check

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information