Charles W

Honorary Members

View Profile See their activity

Posts
46
Joined
January 3, 2010
Last visited
November 21, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Charles W

Strange Folder called "Hacknet"

Charles W replied to Charles W's topic in General Windows PC Help

I just realized that Hacknet is actually a game. I had previously assumed it was NOT a game, but something to enhance games. But still, the logs on it are quite strange... Maybe just internet folks
- July 4, 2013
- 1 reply
Strange Folder called "Hacknet"

Charles W posted a topic in General Windows PC Help

So a while ago (maybe 1 or 2 years ago), a classmate and friend of mine downloaded this thing called "Hacknet" on my computer. I asked him what it was, because the name itself was suspicious, but he assured me it was nothing dangerous, and that he was just using it for gaming. I didn't question him further. He likes to play games a lot, and often uses my computer to play League of Legends. However, he doesn't seem to have any other interest in my computer besides gaming. I've looked in the folder a number of times, and there are some strange things in there. The only things I can read are .txt files, but there are numerous .xnb files. The .txt files have really strange chat logs and messages on them. I really doubt they belong to my friend. I tried googling "Hacknet" but it's either very very obscure or an alias. I don't think it's done anything bad to my computer, but I just don't feel comfortable having it around... I was wondering if anyone could take a look and...analyze it for me? I'm not sure what to do. I don't know what .xnb files are, and I don't think I have a program that can open them. I'll attach the Hacknet zip folder. Sorry about all this description. I just checked again, and there's a .doc file that suggests that Hacknet is an actual licensed program... And there's also a Hacknet .exe file...which I don't really want to try out... This was already in the folder, but I must have forgotten about it.
- July 4, 2013
- 1 reply
Spotty Internet

Charles W replied to Charles W's topic in General Windows PC Help

Yep. Thank you all for your help!
- June 19, 2013
- 6 replies
Spotty Internet

Charles W replied to Charles W's topic in General Windows PC Help

My sister is currently visiting our family, and I'll ask her if she's had any problems. I tried safe mode with networking, but it didn't seem better. The videos also loaded and started playing, but then the buffer disappears. The video tries to play again, but gets cut short once more. Finally, it stops trying and goes static and says there's an error.
- June 18, 2013
- 6 replies
Spotty Internet

Charles W posted a topic in General Windows PC Help

Hello, My internet has been spotty recently. When I watch youtube videos, the video often takes 10-30 seconds to begin to load, and then needs to pause every 10 seconds to buffer. Surfing the web also yields similar lulls, as no pages will load for a given time, and then suddenly all the pages will load after the lull. I thought it was a problem specific to my computer, but my dad told me today that he has had the same problem for around two weeks, just like me. Marius from Malware Removal Help has helped me with the Malware Removal process, and he directed me here for further internet help. My dad and I tried to reset our internet cable box, but the problem persists. Our internet service provider is RCN. I'd greatly appreciate any help. Thanks! Charles
- June 18, 2013
- 6 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Hi Marius, I've followed through with your last instructions. Thanks so much for your help! Sincerely, Charles
- June 18, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

# AdwCleaner v2.303 - Logfile created 06/18/2013 at 02:08:58 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Charles - CHARLES-HP # Boot Mode : Normal # Running from : C:\Users\Charles\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [324 octets] - [17/06/2013 03:21:06] AdwCleaner[s2].txt - [6432 octets] - [17/06/2013 03:21:36] AdwCleaner[s3].txt - [324 octets] - [18/06/2013 02:08:34] AdwCleaner[s4].txt - [854 octets] - [18/06/2013 02:08:58] ########## EOF - C:\AdwCleaner[s4].txt - [913 octets] ########## Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
- June 18, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

The videos need to buffer every 10 seconds again. My dad also told me that he's having the same problem with his computer. We reset our internet box, and the videos seemed fine. But the problem's back. My dad also said that the problem started 2 weeks ago, just like me. Our internet service provider is RCN.
- June 18, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

I ran the ESET scan, and no threats were found.
- June 17, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

There's a clear improvement! Youtube videos still take 10-30 seconds to begin loading, but once it's started to load, it loads at full speed. Before, I could only watch 10 seconds before having to wait for the video to load for another 10 seconds. In addition, even if I click to a different part of the video and it needs to restart loading, it does it instantly. So I think the main problem now is getting the video to begin loading. The page itself loads fine. The page, comments, and links on the side are all fine. But I still need to wait 10-30 seconds before the video starts to load.
- June 17, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

ComboFix 13-06-17.01 - Charles 06/17/2013 4:23.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.4215 [GMT -4:00] Running from: c:\users\Charles\Desktop\ComboFix.exe Command switches used :: c:\users\Charles\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Updater By SweetPacks c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe c:\program files\Updater By SweetPacks\Firefox\chrome.manifest c:\program files\Updater By SweetPacks\Firefox\chrome\content\libraries\DataExchangeScript.js c:\program files\Updater By SweetPacks\Firefox\chrome\content\main.js c:\program files\Updater By SweetPacks\Firefox\chrome\content\main.xul c:\program files\Updater By SweetPacks\Firefox\chrome\content\resources\localscript.js c:\program files\Updater By SweetPacks\Firefox\chrome\locale\en-US\overlay.dtd c:\program files\Updater By SweetPacks\Firefox\chrome\skin\overlay.css c:\program files\Updater By SweetPacks\Firefox\defaults\preferences\defaults.js c:\program files\Updater By SweetPacks\Firefox\install.rdf c:\program files\Updater By SweetPacks\InstallerHelper.dll c:\program files\Updater By SweetPacks\libraries\DataExchangeScript.js c:\program files\Updater By SweetPacks\resources\localscript.js c:\program files\Updater By SweetPacks\unins000.dat c:\program files\Updater By SweetPacks\unins000.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Updater By SweetPacks . . ((((((((((((((((((((((((( Files Created from 2013-05-17 to 2013-06-17 ))))))))))))))))))))))))))))))) . . 2013-06-17 07:21 . 2013-06-17 07:21 106 ----a-w- c:\windows\DeleteOnReboot.bat 2013-06-14 21:20 . 2013-06-14 21:20 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028 2013-06-14 03:11 . 2013-06-14 03:11 -------- d-----w- c:\program files (x86)\Jpg2Pdf 2013-06-11 18:24 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 07:02 . 2012-07-31 02:03 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-11 20:17 . 2012-04-21 00:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 20:17 . 2011-07-21 04:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 19:06 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-10 07:04 . 2013-05-10 07:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-05-10 07:04 . 2013-05-10 07:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-05-10 07:04 . 2013-05-10 07:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-05-10 07:04 . 2013-05-10 07:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-10 07:04 . 2013-05-10 07:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-05-10 07:04 . 2013-05-10 07:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-05-10 07:04 . 2013-05-10 07:04 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-05-10 07:04 . 2013-05-10 07:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-05-10 07:04 . 2013-05-10 07:04 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-05-10 07:04 . 2013-05-10 07:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-05-10 07:04 . 2013-05-10 07:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-05-10 07:04 . 2013-05-10 07:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-05-10 07:04 . 2013-05-10 07:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-10 07:04 . 2013-05-10 07:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-05-10 07:04 . 2013-05-10 07:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-10 07:04 . 2013-05-10 07:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-05-10 07:04 . 2013-05-10 07:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-05-10 07:04 . 2013-05-10 07:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-10 07:04 . 2013-05-10 07:04 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-10 07:04 . 2013-05-10 07:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-10 07:04 . 2013-05-10 07:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-10 07:04 . 2013-05-10 07:04 81408 ----a-w- c:\windows\system32\icardie.dll 2013-05-10 07:04 . 2013-05-10 07:04 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-05-10 07:04 . 2013-05-10 07:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-10 07:04 . 2013-05-10 07:04 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-05-10 07:04 . 2013-05-10 07:04 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-05-10 07:04 . 2013-05-10 07:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-05-10 07:04 . 2013-05-10 07:04 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-05-10 07:04 . 2013-05-10 07:04 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-10 07:04 . 2013-05-10 07:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-05-10 07:04 . 2013-05-10 07:04 441856 ----a-w- c:\windows\system32\html.iec 2013-05-10 07:04 . 2013-05-10 07:04 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-05-10 07:04 . 2013-05-10 07:04 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-10 07:04 . 2013-05-10 07:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-05-10 07:04 . 2013-05-10 07:04 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-05-10 07:04 . 2013-05-10 07:04 235008 ----a-w- c:\windows\system32\url.dll 2013-05-10 07:04 . 2013-05-10 07:04 216064 ----a-w- c:\windows\system32\msls31.dll 2013-05-10 07:04 . 2013-05-10 07:04 197120 ----a-w- c:\windows\system32\msrating.dll 2013-05-10 07:04 . 2013-05-10 07:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-10 07:04 . 2013-05-10 07:04 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-05-10 07:04 . 2013-05-10 07:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-10 07:04 . 2013-05-10 07:04 149504 ----a-w- c:\windows\system32\occache.dll 2013-05-10 07:04 . 2013-05-10 07:04 144896 ----a-w- c:\windows\system32\wextract.exe 2013-05-10 07:04 . 2013-05-10 07:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-05-10 07:04 . 2013-05-10 07:04 13824 ----a-w- c:\windows\system32\mshta.exe 2013-05-10 07:04 . 2013-05-10 07:04 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-05-10 07:04 . 2013-05-10 07:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-10 07:04 . 2013-05-10 07:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-05-10 07:04 . 2013-05-10 07:04 102912 ----a-w- c:\windows\system32\inseng.dll 2013-05-10 07:03 . 2013-05-10 07:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-05-10 07:03 . 2013-05-10 07:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-05-10 07:03 . 2013-05-10 07:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-05-10 07:03 . 2013-05-10 07:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-05-10 07:03 . 2013-05-10 07:03 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-05-10 07:03 . 2013-05-10 07:03 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-05-10 07:03 . 2013-05-10 07:03 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-05-10 07:03 . 2013-05-10 07:03 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-05-10 07:03 . 2013-05-10 07:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-05-10 07:03 . 2013-05-10 07:03 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-05-10 07:03 . 2013-05-10 07:03 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-05-10 07:03 . 2013-05-10 07:03 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-05-10 07:03 . 2013-05-10 07:03 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-05-10 07:03 . 2013-05-10 07:03 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-05-10 07:03 . 2013-05-10 07:03 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-05-10 07:03 . 2013-05-10 07:03 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-05-10 07:03 . 2013-05-10 07:03 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-05-10 07:03 . 2013-05-10 07:03 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-05-10 07:03 . 2013-05-10 07:03 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-05-10 07:03 . 2013-05-10 07:03 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-05-10 07:03 . 2013-05-10 07:03 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-05-10 07:03 . 2013-05-10 07:03 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-05-10 07:03 . 2013-05-10 07:03 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-05-10 07:03 . 2013-05-10 07:03 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-05-10 07:03 . 2013-05-10 07:03 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-05-10 07:03 . 2013-05-10 07:03 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-05-10 07:03 . 2013-05-10 07:03 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-05-10 07:03 . 2013-05-10 07:03 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-05-10 07:03 . 2013-05-10 07:03 1238528 ----a-w- c:\windows\system32\d3d10.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] c:\program files\Updater By SweetPacks\Extension32.dll [bU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-07 3093624] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130614.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130614.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1403010.016\SYMNETS.SYS [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 20:17] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737977147-3004369544-2853548760-1000Core.job - c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 15:14] . 2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737977147-3004369544-2853548760-1000UA.job - c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 15:14] . 2013-06-11 c:\windows\Tasks\HPCeeScheduleForCharles.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-08 1128448] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 208.59.247.45 208.59.247.46 FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - ExtSQL: 2013-06-13 23:11; {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}; c:\program files\Updater By SweetPacks\Firefox . - - - - ORPHANS REMOVED - - - - . AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2013-06-17 04:33:05 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-17 08:33 ComboFix2.txt 2013-06-17 08:12 . Pre-Run: 655,177,531,392 bytes free Post-Run: 654,699,417,600 bytes free . - - End Of File - - 0627960A11D17133EEDD8FD7971B7E48 D41D8CD98F00B204E9800998ECF8427E
- June 17, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Hi, I'm not sure if I completely disabled Norton. After the second warning, before pressing the final "ok", I disabled the "real time antispyware protection". Anyways, here's the log. Please tell me if I need to disable some other components of Norton. ComboFix 13-06-17.01 - Charles 06/17/2013 4:06.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3851 [GMT -4:00] Running from: c:\users\Charles\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-05-17 to 2013-06-17 ))))))))))))))))))))))))))))))) . . 2013-06-17 08:10 . 2013-06-17 08:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-17 07:21 . 2013-06-17 07:21 106 ----a-w- c:\windows\DeleteOnReboot.bat 2013-06-14 21:20 . 2013-06-14 21:20 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028 2013-06-14 03:11 . 2013-06-17 07:21 -------- d-----w- c:\program files\Updater By SweetPacks 2013-06-14 03:11 . 2013-06-14 03:11 -------- d-----w- c:\program files (x86)\Jpg2Pdf 2013-06-11 18:24 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 07:02 . 2012-07-31 02:03 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-11 20:17 . 2012-04-21 00:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 20:17 . 2011-07-21 04:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 19:06 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-10 07:04 . 2013-05-10 07:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-05-10 07:04 . 2013-05-10 07:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-05-10 07:04 . 2013-05-10 07:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-05-10 07:04 . 2013-05-10 07:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-10 07:04 . 2013-05-10 07:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-05-10 07:04 . 2013-05-10 07:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-05-10 07:04 . 2013-05-10 07:04 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-05-10 07:04 . 2013-05-10 07:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-05-10 07:04 . 2013-05-10 07:04 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-05-10 07:04 . 2013-05-10 07:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-05-10 07:04 . 2013-05-10 07:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-05-10 07:04 . 2013-05-10 07:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-05-10 07:04 . 2013-05-10 07:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-10 07:04 . 2013-05-10 07:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-05-10 07:04 . 2013-05-10 07:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-10 07:04 . 2013-05-10 07:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-05-10 07:04 . 2013-05-10 07:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-05-10 07:04 . 2013-05-10 07:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-10 07:04 . 2013-05-10 07:04 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-10 07:04 . 2013-05-10 07:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-10 07:04 . 2013-05-10 07:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-10 07:04 . 2013-05-10 07:04 81408 ----a-w- c:\windows\system32\icardie.dll 2013-05-10 07:04 . 2013-05-10 07:04 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-05-10 07:04 . 2013-05-10 07:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-10 07:04 . 2013-05-10 07:04 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-05-10 07:04 . 2013-05-10 07:04 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-05-10 07:04 . 2013-05-10 07:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-05-10 07:04 . 2013-05-10 07:04 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-05-10 07:04 . 2013-05-10 07:04 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-10 07:04 . 2013-05-10 07:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-05-10 07:04 . 2013-05-10 07:04 441856 ----a-w- c:\windows\system32\html.iec 2013-05-10 07:04 . 2013-05-10 07:04 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-05-10 07:04 . 2013-05-10 07:04 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-10 07:04 . 2013-05-10 07:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-05-10 07:04 . 2013-05-10 07:04 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-05-10 07:04 . 2013-05-10 07:04 235008 ----a-w- c:\windows\system32\url.dll 2013-05-10 07:04 . 2013-05-10 07:04 216064 ----a-w- c:\windows\system32\msls31.dll 2013-05-10 07:04 . 2013-05-10 07:04 197120 ----a-w- c:\windows\system32\msrating.dll 2013-05-10 07:04 . 2013-05-10 07:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-10 07:04 . 2013-05-10 07:04 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-05-10 07:04 . 2013-05-10 07:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-10 07:04 . 2013-05-10 07:04 149504 ----a-w- c:\windows\system32\occache.dll 2013-05-10 07:04 . 2013-05-10 07:04 144896 ----a-w- c:\windows\system32\wextract.exe 2013-05-10 07:04 . 2013-05-10 07:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-05-10 07:04 . 2013-05-10 07:04 13824 ----a-w- c:\windows\system32\mshta.exe 2013-05-10 07:04 . 2013-05-10 07:04 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-05-10 07:04 . 2013-05-10 07:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-10 07:04 . 2013-05-10 07:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-05-10 07:04 . 2013-05-10 07:04 102912 ----a-w- c:\windows\system32\inseng.dll 2013-05-10 07:03 . 2013-05-10 07:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-05-10 07:03 . 2013-05-10 07:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-05-10 07:03 . 2013-05-10 07:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-05-10 07:03 . 2013-05-10 07:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-05-10 07:03 . 2013-05-10 07:03 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-05-10 07:03 . 2013-05-10 07:03 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-10 07:03 . 2013-05-10 07:03 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-05-10 07:03 . 2013-05-10 07:03 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-05-10 07:03 . 2013-05-10 07:03 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-05-10 07:03 . 2013-05-10 07:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-05-10 07:03 . 2013-05-10 07:03 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-05-10 07:03 . 2013-05-10 07:03 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-05-10 07:03 . 2013-05-10 07:03 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-05-10 07:03 . 2013-05-10 07:03 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-05-10 07:03 . 2013-05-10 07:03 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-05-10 07:03 . 2013-05-10 07:03 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-05-10 07:03 . 2013-05-10 07:03 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-05-10 07:03 . 2013-05-10 07:03 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-05-10 07:03 . 2013-05-10 07:03 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-05-10 07:03 . 2013-05-10 07:03 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-05-10 07:03 . 2013-05-10 07:03 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-05-10 07:03 . 2013-05-10 07:03 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-05-10 07:03 . 2013-05-10 07:03 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-05-10 07:03 . 2013-05-10 07:03 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2013-05-10 07:03 . 2013-05-10 07:03 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-05-10 07:03 . 2013-05-10 07:03 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-05-10 07:03 . 2013-05-10 07:03 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-05-10 07:03 . 2013-05-10 07:03 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-05-10 07:03 . 2013-05-10 07:03 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-05-10 07:03 . 2013-05-10 07:03 1238528 ----a-w- c:\windows\system32\d3d10.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-07 3093624] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130614.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130614.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1403010.016\SYMNETS.SYS [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PWTIRKOB *Deregistered* - pwtirkob . Contents of the 'Scheduled Tasks' folder . 2013-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 20:17] . 2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737977147-3004369544-2853548760-1000Core.job - c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 15:14] . 2013-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3737977147-3004369544-2853548760-1000UA.job - c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09 15:14] . 2013-06-11 c:\windows\Tasks\HPCeeScheduleForCharles.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-08 1128448] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 208.59.247.45 208.59.247.46 FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - ExtSQL: 2013-06-13 23:11; {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}; c:\program files\Updater By SweetPacks\Firefox . - - - - ORPHANS REMOVED - - - - . BHO-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - c:\program files\Updater By SweetPacks\Extension32.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - c:\program files\Updater By SweetPacks\Extension64.dll HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-17 04:12:52 ComboFix-quarantined-files.txt 2013-06-17 08:12 . Pre-Run: 654,554,820,608 bytes free Post-Run: 654,754,164,736 bytes free . - - End Of File - - F867D327CEC7F338D47289A715987F95 D41D8CD98F00B204E9800998ECF8427E
- June 17, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2 Run by Charles at 3:48:01 on 2013-06-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3987 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll uRun: [Google Update] "C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Charles\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab TCP: NameServer = 208.59.247.45 208.59.247.46 TCP: Interfaces\{732EB76E-6DDB-409D-8271-99B1731DBCD1} : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113} : DHCPNameServer = 208.59.247.45 208.59.247.46 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\14C62616E697D4564675966496 : DHCPNameServer = 66.109.38.250 66.109.38.251 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\245502822756175796275637026505E492 : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\3416C64756368602245616675627E45647 : DHCPNameServer = 131.215.254.100 131.215.139.100 131.215.9.49 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\3416C647563686027457563747 : DHCPNameServer = 131.215.254.100 131.215.139.100 131.215.9.49 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\353686164656E6662756574656 : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\5573848323 : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: 2013-06-13 23:11; {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}; C:\Program Files\Updater By SweetPacks\Firefox . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130614.001\IDSviA64.sys [2013-6-14 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-11 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-11 2375168] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-11 2538520] R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-6-13 188760] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-21 138912] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-3 539240] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-11-11 1145960] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-11 338536] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-06-17 07:21:41 106 ----a-w- C:\Windows\DeleteOnReboot.bat 2013-06-14 21:20:48 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys 2013-06-14 21:20:48 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys 2013-06-14 21:20:48 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys 2013-06-14 21:20:48 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys 2013-06-14 21:20:48 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys 2013-06-14 21:20:47 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys 2013-06-14 21:20:47 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys 2013-06-14 21:20:47 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys 2013-06-14 21:20:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028 2013-06-14 03:11:41 -------- d-----w- C:\Program Files\Updater By SweetPacks 2013-06-14 03:11:06 -------- d-----w- C:\Program Files (x86)\Jpg2Pdf 2013-06-11 18:24:58 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-22 04:09:34 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll . ==================== Find3M ==================== . 2013-06-11 20:17:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 20:17:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 07:03:33 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-04 21:09:38 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-04-04 21:09:38 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-04 09:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 3:48:24.29 =============== attach.txt mbam-log-2013-06-15 (10-55-51).zip
- June 17, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 03:21:36 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Charles - CHARLES-HP # Boot Mode : Normal # Running from : C:\Users\Charles\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Updater By SweetPacks File Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\SweetIM Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Windows\SysWOW64\WNLT ***** [Registry] ***** Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405} --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405} --> hxxp://www.google.com -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\prefs.js C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\user.js ... Deleted ! Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={EFB888[...] Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); ************************* AdwCleaner[s1].txt - [324 octets] - [17/06/2013 03:21:06] AdwCleaner[s2].txt - [6327 octets] - [17/06/2013 03:21:36] ########## EOF - C:\AdwCleaner[s2].txt - [6387 octets] ########## GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-17 03:35:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698.64GB Running: e9rioqk6.exe; Driver: C:\Users\Charles\AppData\Local\Temp\pwtirkob.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:3356] 0000000077b73e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:3364] 0000000077b73e45 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:5076] 0000000075f17587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:5072] 000000006e470cb3 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:2284] 0000000077b72e25 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3360:3916] 0000000077b73e45 ---- EOF - GMER 2.1 ----
- June 17, 2013
- 21 replies
Spotty Internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Hi Marius, I've been able to uninstall "SweetPacks Updater Service" and "WebCake 3.00". However, I could not find "swMSM" on my list of programs. I see it listed among the programs in my earlier post, but it didn't show up on the "Uninstall a Program" page. I also noticed that "Slingo Supreme" doesn't show up on the "Uninstall a Program" page either, even though it's also listed in my earlier post. And I also tried to uninstall "Internet Explorer Toolbar 4.8 by SweetPacks", but it gave me the message: "Please wait until the current program is finished uninstalling or being changed". I actually tried to uninstall this one second and found that I couldn't. I then uninstalled "WebCake 3.00" and then tried to uninstall the Toolbar 4.8 again, but got the same message. Charles
- June 17, 2013
- 21 replies
Spotty Internet

Charles W posted a topic in Resolved Malware Removal Logs

Dear MBAM, I've recently had spotty internet, including when I watch Youtube videos, when I game, and when I'm just on the web. I ran MBAM a couple days ago, and it found one item and told me I needed to restart the computer immediately. I did, and ran MBAM again, and this time it found nothing suspicious. However, my internet's still a bit problematic. Here are the DDS and Attach files. Thanks, Charles DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2 Run by Charles at 2:47:23 on 2013-06-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5942.3013 [GMT -4:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Charles\AppData\Roaming\WebCake\WebCakeDesktop.exe C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Charles\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405} mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405} mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coieplg.dll TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll uRun: [Google Update] "C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [WebCake Desktop] "C:\Users\Charles\AppData\Roaming\WebCake\WebCakeDesktop.exe" mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Charles\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab TCP: NameServer = 208.59.247.45 208.59.247.46 TCP: Interfaces\{732EB76E-6DDB-409D-8271-99B1731DBCD1} : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113} : DHCPNameServer = 208.59.247.45 208.59.247.46 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\14C62616E697D4564675966496 : DHCPNameServer = 66.109.38.250 66.109.38.251 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\245502822756175796275637026505E492 : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\3416C64756368602245616675627E45647 : DHCPNameServer = 131.215.254.100 131.215.139.100 131.215.9.49 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\3416C647563686027457563747 : DHCPNameServer = 131.215.254.100 131.215.139.100 131.215.9.49 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\353686164656E6662756574656 : DHCPNameServer = 128.197.253.183 128.197.253.120 128.197.253.254 TCP: Interfaces\{A4E0C305-9C91-4B83-842E-D401C4FDA113}\5573848323 : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10042&barid={EFB8889F-D49F-11E2-A8A4-78E3B561A405}&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: 2013-06-13 23:10; plugin@getwebcake.com; C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\extensions\plugin@getwebcake.com FF - ExtSQL: 2013-06-13 23:11; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\1cfmx81n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2013-06-13 23:11; {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}; C:\Program Files\Updater By SweetPacks\Firefox . ---- FIREFOX POLICIES ---- FF - user.js: extentions.webcake.installId - b643189d-d730-46e0-844e-f73cb7bd7e92 FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1403010.016\symds64.sys [2013-4-15 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1403010.016\symefa64.sys [2013-4-15 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1403010.016\ccsetx64.sys [2013-4-15 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130614.001\IDSviA64.sys [2013-6-14 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1403010.016\ironx64.sys [2013-4-15 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1403010.016\symnets.sys [2013-4-15 432800] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-11 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-11 2375168] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-11 2538520] R2 Updater By SweetPacks;Updater By SweetPacks;C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-6-13 188760] R2 WebCake Desktop Updater;WebCake Desktop Updater;C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe [2013-6-13 23552] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-21 138912] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-3 539240] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-11-11 1145960] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-11-11 338536] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-20 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-06-14 21:20:48 493656 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys 2013-06-14 21:20:48 433752 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys 2013-06-14 21:20:48 36952 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtspx64.sys 2013-06-14 21:20:48 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1404000.028\symelam.sys 2013-06-14 21:20:48 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys 2013-06-14 21:20:47 796760 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\srtsp64.sys 2013-06-14 21:20:47 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys 2013-06-14 21:20:47 169048 ----a-w- C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys 2013-06-14 21:20:33 -------- d-----w- C:\Windows\System32\drivers\NISx64\1404000.028 2013-06-14 03:11:41 -------- d-----w- C:\Program Files\Updater By SweetPacks 2013-06-14 03:11:06 -------- d-----w- C:\Program Files (x86)\Jpg2Pdf 2013-06-14 03:10:52 -------- d-----w- C:\Program Files (x86)\SweetIM 2013-06-14 03:10:24 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll 2013-06-14 03:10:24 1447728 ----a-w- C:\Windows\System32\dmwu.exe 2013-06-14 03:10:24 -------- d-----w- C:\Windows\SysWow64\WNLT 2013-06-14 03:10:24 -------- d-----w- C:\Windows\SysWow64\jmdp 2013-06-14 03:10:24 -------- d-----w- C:\Windows\SysWow64\ARFC 2013-06-14 03:10:08 -------- d-----w- C:\Users\Charles\AppData\Roaming\WebCake 2013-06-14 03:10:08 -------- d-----w- C:\Program Files (x86)\WebCake 2013-06-14 03:10:00 -------- d-----w- C:\ProgramData\Tarma Installer 2013-06-11 18:24:58 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-22 04:09:34 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll . ==================== Find3M ==================== . 2013-06-11 20:17:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-11 20:17:18 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 07:03:33 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-04 21:09:38 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-04-04 21:09:38 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-04 09:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 2:47:51.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/17/2011 1:11:08 PM System Uptime: 6/16/2013 11:28:49 AM (15 hours ago) . Motherboard: Hewlett-Packard | | 1693 Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 680 GiB total, 605.562 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.586 GiB free. E: is FIXED (FAT32) - 4 GiB total, 1.078 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP200: 6/7/2013 11:38:59 AM - Removed Hacknet RP201: 6/12/2013 3:00:22 AM - Windows Update RP202: 6/15/2013 3:00:14 AM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) MUI Adobe Shockwave Player 11.6 Agatha Christie - Peril at End House Aleks 3.18 Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 3 Blackhawk Striker 2 Blasterball 3 Blio Bonjour Bounce Symphony Cake Mania Canon MP490 series MP Drivers Chronicles of Albian Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Cradle of Rome 2 CyberLink YouCam D3DX10 Dropbox ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy FATE File Type Assistant FirstClass Client Google Chrome Canary Google Talk Plugin Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.1.1 HP Auto HP Client Services HP Customer Experience Enhancements HP Documentation HP Games HP Launch Box HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Setup HP Setup Manager HP Software Framework HP Support Assistant IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Internet Explorer Toolbar 4.8 by SweetPacks iTunes Java 7 Update 21 Java Auto Updater Jewel Quest: The Sleepless Star - Collector's Edition Jpg2Pdf version 1.2 Junk Mail filter update Mah Jong Medley Malwarebytes Anti-Malware version 1.75.0.1300 MapleStory Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Mitosis and Meiosis demystified Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN Nexon Game Manager Norton Internet Security Pando Media Booster Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Project64 1.7 QuickTime Realtek Ethernet Controller Driver Realtek PCIE Card Reader REALTEK Wireless LAN Driver Recovery Manager RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Skype™ 6.3 Slingo Supreme SweetPacks Updater Service swMSM Synaptics TouchPad Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App Updater By SweetPacks 2.0.0.586 Vacation Quest - The Hawaiian Islands Virtual Villagers 5 - New Believers WebCake 3.00 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Zuma Deluxe . ==== End Of File ===========================
- June 17, 2013
- 21 replies
Generic Host Process for win32 services - no internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Hi, here's are the logs: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6526 # api_version=3.0.2 # EOSSerial=eb09dded7cc2e94db18b7f13e1572880 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-11 07:18:16 # local_time=2011-06-11 03:18:16 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 26875875 26875875 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=51131 # found=2 # cleaned=2 # scan_time=4029 C:\Documents and Settings\NetworkService\Local Settings\Application Data\meretag.dll probably a variant of Win32/TrojanProxy.Agent.HLSQWSL trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\Temp\ieou\setup.exe probably a variant of Win32/TrojanProxy.Agent.KKXYHKC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.13 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! ESET Online Scanner v3 Trend Micro OfficeScan Client Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 23 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.0.12.36 Adobe Reader 9 Out of date Adobe Reader installed! Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Trend Micro OfficeScan Client pccntmon.exe Trend Micro OfficeScan Client ntrtscan.exe Trend Micro OfficeScan Client tmlisten.exe Trend Micro OfficeScan Client CNTAoSMgr.exe Trend Micro OfficeScan Client TmProxy.exe Trend Micro BM TMBMSRV.exe ``````````End of Log```````````` I was able to access internet after following the instructions prior to your most recent ones. It's slower than usual, but that's probably due to the heat. ~Charles Wang
- June 11, 2011
- 8 replies
Generic Host Process for win32 services - no internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

2011/06/08 15:01:54.0812 3740 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/08 15:01:55.0031 3740 ================================================================================ 2011/06/08 15:01:55.0031 3740 SystemInfo: 2011/06/08 15:01:55.0031 3740 2011/06/08 15:01:55.0031 3740 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/08 15:01:55.0031 3740 Product type: Workstation 2011/06/08 15:01:55.0031 3740 ComputerName: VGN-TX750P 2011/06/08 15:01:55.0031 3740 UserName: Administrator 2011/06/08 15:01:55.0031 3740 Windows directory: C:\WINDOWS 2011/06/08 15:01:55.0031 3740 System windows directory: C:\WINDOWS 2011/06/08 15:01:55.0031 3740 Processor architecture: Intel x86 2011/06/08 15:01:55.0031 3740 Number of processors: 1 2011/06/08 15:01:55.0031 3740 Page size: 0x1000 2011/06/08 15:01:55.0031 3740 Boot type: Safe boot with network 2011/06/08 15:01:55.0031 3740 ================================================================================ 2011/06/08 15:01:58.0562 3740 Initialize success 2011/06/08 15:02:10.0875 3808 ================================================================================ 2011/06/08 15:02:10.0875 3808 Scan started 2011/06/08 15:02:10.0875 3808 Mode: Manual; 2011/06/08 15:02:10.0875 3808 ================================================================================ 2011/06/08 15:02:13.0250 3808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/08 15:02:13.0500 3808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/06/08 15:02:13.0906 3808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/08 15:02:14.0343 3808 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/06/08 15:02:14.0531 3808 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/06/08 15:02:15.0562 3808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/08 15:02:16.0859 3808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/08 15:02:17.0218 3808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/08 15:02:17.0765 3808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/08 15:02:18.0015 3808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/08 15:02:18.0296 3808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/08 15:02:18.0625 3808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/08 15:02:18.0953 3808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/08 15:02:19.0312 3808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/08 15:02:19.0593 3808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/08 15:02:20.0078 3808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/06/08 15:02:20.0531 3808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/06/08 15:02:22.0031 3808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/08 15:02:22.0531 3808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/08 15:02:22.0859 3808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/08 15:02:23.0109 3808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/08 15:02:23.0531 3808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/08 15:02:24.0000 3808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/08 15:02:24.0562 3808 E100B (5182244c0bb338a7545306cb6ca1daba) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/06/08 15:02:25.0078 3808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/08 15:02:25.0468 3808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/08 15:02:25.0750 3808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/08 15:02:26.0125 3808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/08 15:02:26.0437 3808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/08 15:02:26.0984 3808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/08 15:02:27.0531 3808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/08 15:02:27.0953 3808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/06/08 15:02:28.0234 3808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/08 15:02:28.0531 3808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/08 15:02:28.0796 3808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/08 15:02:29.0437 3808 HSFHWAZL (9bec5d4ac6efdaaf001d42c77811e3db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/06/08 15:02:30.0046 3808 HSF_DPV (6cad234becf58529879b6c303f02777f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/06/08 15:02:30.0531 3808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/08 15:02:31.0250 3808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/08 15:02:31.0656 3808 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/06/08 15:02:32.0375 3808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/08 15:02:33.0765 3808 IntcAzAudAddService (ec8468f169356510954cd89c6e37e2ed) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/08 15:02:34.0359 3808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/08 15:02:34.0609 3808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/08 15:02:35.0078 3808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/08 15:02:35.0671 3808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/08 15:02:35.0921 3808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/08 15:02:36.0218 3808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/08 15:02:36.0531 3808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/08 15:02:36.0781 3808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/08 15:02:37.0031 3808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/08 15:02:37.0296 3808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/08 15:02:37.0562 3808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/08 15:02:38.0093 3808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/08 15:02:38.0484 3808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/08 15:02:39.0046 3808 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/06/08 15:02:39.0343 3808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/08 15:02:39.0609 3808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/08 15:02:39.0890 3808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/08 15:02:40.0140 3808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/08 15:02:40.0625 3808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/08 15:02:41.0171 3808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/08 15:02:41.0515 3808 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/08 15:02:41.0796 3808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/08 15:02:42.0046 3808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/08 15:02:42.0312 3808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/08 15:02:42.0578 3808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/08 15:02:43.0062 3808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/08 15:02:43.0671 3808 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/08 15:02:44.0000 3808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/08 15:02:44.0484 3808 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/08 15:02:44.0765 3808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/08 15:02:45.0031 3808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/08 15:02:45.0312 3808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/08 15:02:45.0609 3808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/08 15:02:46.0078 3808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/08 15:02:46.0656 3808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/08 15:02:47.0031 3808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/08 15:02:47.0390 3808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/08 15:02:47.0718 3808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/08 15:02:47.0953 3808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/08 15:02:48.0234 3808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/08 15:02:48.0687 3808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/08 15:02:49.0234 3808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/06/08 15:02:49.0718 3808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/08 15:02:49.0921 3808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/08 15:02:50.0281 3808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/08 15:02:50.0750 3808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/08 15:02:51.0031 3808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/06/08 15:02:53.0578 3808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/08 15:02:53.0875 3808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/08 15:02:54.0171 3808 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/08 15:02:56.0031 3808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/08 15:02:56.0546 3808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/08 15:02:56.0890 3808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/08 15:02:57.0187 3808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/08 15:02:57.0531 3808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/08 15:02:57.0968 3808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/08 15:02:58.0578 3808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/08 15:02:58.0843 3808 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/08 15:02:59.0125 3808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/08 15:02:59.0546 3808 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/06/08 15:02:59.0859 3808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/08 15:03:00.0265 3808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/06/08 15:03:00.0796 3808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/08 15:03:01.0625 3808 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys 2011/06/08 15:03:02.0281 3808 SPI (bfd0e6f53957af8156084c436b825f70) C:\WINDOWS\system32\DRIVERS\SonyPI.sys 2011/06/08 15:03:02.0578 3808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/08 15:03:02.0875 3808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/08 15:03:03.0171 3808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/08 15:03:03.0484 3808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/08 15:03:05.0234 3808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/08 15:03:05.0593 3808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/08 15:03:05.0812 3808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/08 15:03:06.0156 3808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/08 15:03:06.0718 3808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/08 15:03:07.0109 3808 ti21sony (909cd987b54a8179c9aee874d754721a) C:\WINDOWS\system32\drivers\ti21sony.sys 2011/06/08 15:03:07.0531 3808 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys 2011/06/08 15:03:07.0796 3808 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys 2011/06/08 15:03:08.0093 3808 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys 2011/06/08 15:03:08.0453 3808 TmFilter (ac940a15959be57958b91cdb914aaa6c) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys 2011/06/08 15:03:08.0718 3808 TmPreFilter (8651a867c78bd2b69f1d5f982138a074) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys 2011/06/08 15:03:09.0156 3808 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys 2011/06/08 15:03:09.0765 3808 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys 2011/06/08 15:03:10.0406 3808 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys 2011/06/08 15:03:10.0765 3808 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys 2011/06/08 15:03:11.0031 3808 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 2011/06/08 15:03:11.0312 3808 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys 2011/06/08 15:03:11.0609 3808 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 2011/06/08 15:03:11.0875 3808 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 2011/06/08 15:03:12.0250 3808 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys 2011/06/08 15:03:12.0562 3808 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys 2011/06/08 15:03:12.0843 3808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/08 15:03:13.0390 3808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/08 15:03:13.0687 3808 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/08 15:03:13.0953 3808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/08 15:03:14.0312 3808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/08 15:03:14.0625 3808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/08 15:03:14.0875 3808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/08 15:03:15.0140 3808 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/08 15:03:15.0500 3808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/08 15:03:15.0765 3808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/08 15:03:16.0140 3808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/08 15:03:16.0765 3808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/08 15:03:17.0093 3808 VSApiNt (71a53597bfb4bad7218ad2beaba5c564) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys 2011/06/08 15:03:17.0875 3808 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2011/06/08 15:03:18.0671 3808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/08 15:03:19.0218 3808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/08 15:03:19.0609 3808 winachsf (ab7646d4cb9bb83d29d21ef7e00a0d15) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/06/08 15:03:20.0125 3808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/08 15:03:20.0437 3808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/08 15:03:20.0734 3808 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys 2011/06/08 15:03:20.0859 3808 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/06/08 15:03:20.0890 3808 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/08 15:03:20.0906 3808 ================================================================================ 2011/06/08 15:03:20.0906 3808 Scan finished 2011/06/08 15:03:20.0906 3808 ================================================================================ 2011/06/08 15:03:20.0953 3800 Detected object count: 1 2011/06/08 15:03:20.0953 3800 Actual detected object count: 1 2011/06/08 15:04:20.0375 3800 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/08 15:04:20.0375 3800 \Device\Harddisk0\DR0 - ok 2011/06/08 15:04:20.0375 3800 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/08 15:04:24.0515 3732 Deinitialize success
- June 8, 2011
- 8 replies
Generic Host Process for win32 services - no internet

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Hi, thanks for the reply! Here
- June 5, 2011
- 8 replies
Generic Host Process for win32 services - no internet

Charles W posted a topic in Resolved Malware Removal Logs

Dear MBAM, Hi, recently, I've encountered a problem where I am not able to access the internet due to a message that pops up after I start my computer. It says: "Generic Host Process for Win32 Services encountered a problem and needed to close. Sorry for the inconvenience." I did a scan with MBAM and found nothing. When I restarted in safe mode, I was able to access the internet, and when I scanned in safe mode, I, again, came up with nothing. However, a short while after I started in safe mode, another message popped up, saying: "Svchost.exe
- June 1, 2011
- 1 reply
Generic Host Process for win32 services - no internet

Charles W posted a topic in Resolved Malware Removal Logs

Dear MBAM, Hi, recently, I've encountered a problem where I am not able to access the internet due to a message that pops up after I start my computer. It says: "Generic Host Process for Win32 Services encountered a problem and needed to close. Sorry for the inconvenience." I did a scan with MBAM and found nothing. When I restarted in safe mode, I was able to access the internet, and when I scanned in safe mode, I, again, came up with nothing. However, a short while after I started in safe mode, another message popped up, saying: "Svchost.exe
- June 1, 2011
- 8 replies
help plz

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Oh no, don't be sorry! I appreciate your time and effort, and you were a great help! Thanks!! ~Charles Wang
- December 15, 2010
- 22 replies
help plz

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Hi, for some reason, Safe Mode doesn't work for me. When I try it, the screen goes black, but now, I can't even get to the boot selection page. The computer just shows the acer logo and goes black. My mom took it to a technician to try to salvage the files onto a cd, and I'll reinstall the hard drive using a recovery disk. Do you think that's okay? Thanks.
- December 14, 2010
- 22 replies
help plz

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

do you think there's any way i can just back-up all of my stuff onto a dvd and reinstall my hard drive?
- December 13, 2010
- 22 replies
help plz

Charles W replied to Charles W's topic in Resolved Malware Removal Logs

Hi, last night, my computer shut down unexpectedly, and when I turned it on, it said something about not being able to boot C:/ then the screen turned black. i think that's bad
- December 13, 2010
- 22 replies

Events

Profiles

Forums

Everything posted by Charles W

Important Information