Jump to content

Help ran MB found threats


Recommended Posts

Hi, 

 

been having some issues lately, cleaning here and their and can't seem to keep from being attacked, so this time Im reaching out and asking for help please. 

here is my report just done a few moments ago and this is after ccleaner has been ran prior to.

 

    Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/10/2014
Scan Time: 5:41:58 PM
Logfile: 71014-mglog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.10.07
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Robin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297053
Time Elapsed: 22 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.Datamngr.A, C:\Users\Robin\AppData\LocalLow\DataMngr, Quarantined, [3c433766d8a39b9b58c812919b67ab55], 
 
Files: 2
PUP.Optional.Datamngr.A, C:\Users\Robin\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, Quarantined, [3c433766d8a39b9b58c812919b67ab55], 
PUP.Optional.Datamngr.A, C:\Users\Robin\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, Quarantined, [3c433766d8a39b9b58c812919b67ab55], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

OK started reading and see you need this frst info too so ran and here you go 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2014 01
Ran by Robin (administrator) on ROBIN-PC on 10-07-2014 19:06:22
Running from C:\Users\Robin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdiserv.exe
( ) C:\Windows\System32\lxdicoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe
() C:\Windows\SysWOW64\PSIService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-03-09] (Lenovo)
HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\MountPoints2: {4e2e5bfc-ee3a-11e1-bbf4-7ce9d3c724ef} - E:\SISetup.exe
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\MountPoints2: {b2721c3b-acb8-11e1-a509-7ce9d3c724ef} - G:\LaunchU3.exe -a
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\MountPoints2: {bd7ee60e-a679-11e2-a79f-7ce9d3c724ef} - H:\LaunchU3.exe -a
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" File Not Found
ShellIconOverlayIdentifiers: 1NZOverlayExcluded -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: 1NZOverlayPending -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: 1NZOverlaySynced -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC7E9397218F9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-07-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (Yulia Brodskaya) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2014-06-28]
CHR Extension: (Norton Identity Protection) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-25]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (RoboForm) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-15]
 
==================== Services (Whitelisted) =================
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
S3 CorelCreatorMessages; C:\windows\system32\CorelCreatorMessages.exe [105984 2012-04-25] (Global Graphics Software Ltd) [File not signed]
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [8117904 2014-02-14] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 lxdi_device; C:\windows\system32\lxdicoms.exe [876976 2007-04-26] ( )
R2 lxdi_device; C:\windows\SysWOW64\lxdicoms.exe [517040 2007-04-26] ( )
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46224 2012-12-26] (NTI Corporation)
R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe [521504 2014-06-19] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\0200610.00E\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140709.001\IDSvia64.sys [525016 2014-05-22] (Symantec Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-27] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140710.001\ENG64.SYS [126040 2014-07-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140710.001\EX64.SYS [2099288 2014-07-09] (Symantec Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-07-10] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerServic; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SoftwareService; 
U2 Stereo Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-10 19:06 - 2014-07-10 19:06 - 00024767 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-07-10 19:05 - 2014-07-10 19:06 - 00000000 ____D () C:\FRST
2014-07-10 19:04 - 2014-07-10 19:04 - 02084864 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2014-07-10 17:35 - 2014-07-10 17:35 - 00379920 _____ () C:\Users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 12:17 - 2014-07-10 12:44 - 00000000 ____D () C:\NPE
2014-07-10 12:15 - 2014-07-10 12:15 - 00096856 _____ (Symantec Corporation) C:\windows\system32\Drivers\SMR410.SYS
2014-07-10 01:56 - 2014-07-10 01:56 - 00302011 _____ () C:\Users\Robin\Downloads\WindowsUpdateDiagnostic.diagcab
2014-07-09 03:33 - 2014-07-09 03:33 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-08 23:10 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-08 23:10 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-08 23:10 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-08 23:10 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-08 23:10 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-08 23:10 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-08 23:10 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-08 23:10 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-08 23:09 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-08 23:09 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-08 23:09 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-08 23:09 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-08 23:09 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-08 23:09 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-08 23:09 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-08 23:09 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-08 23:09 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-08 23:09 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-08 23:09 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-08 23:09 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-08 23:09 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-08 23:09 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-08 23:09 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-08 23:09 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-08 23:09 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-08 23:09 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-08 23:09 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-08 23:09 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 23:09 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-08 23:09 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-08 23:09 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-08 23:09 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-08 23:09 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-08 23:09 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-08 23:09 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-08 23:09 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-08 23:09 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-08 23:09 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-08 23:09 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-08 23:09 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-08 23:09 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-08 23:09 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-08 23:09 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-08 23:09 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-08 23:09 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-08 23:09 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-08 23:09 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-08 23:09 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-08 23:09 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 23:09 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-08 23:09 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-08 23:09 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-08 23:09 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-08 23:09 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-08 23:09 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-08 23:09 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-08 23:09 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-08 23:09 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-08 23:09 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-08 23:09 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-08 23:09 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-08 23:09 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-08 23:09 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-08 23:09 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-08 23:08 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-08 23:08 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-08 23:08 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-05 23:28 - 2014-07-05 23:28 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-05 23:28 - 2014-07-05 23:28 - 00000822 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-07-05 23:24 - 2014-07-05 23:25 - 04812672 _____ (Piriform Ltd) C:\Users\Robin\Downloads\ccsetup415.exe
2014-06-29 08:16 - 2014-06-29 08:16 - 00252623 _____ () C:\Users\Robin\Documents\qbreport629-50793.xps
2014-06-28 20:02 - 2014-06-28 20:02 - 01765104 _____ () C:\ProgramData\SPLEBF.tmp
2014-06-25 11:46 - 2014-06-25 11:47 - 16656408 _____ (Siber Systems) C:\Users\Robin\Downloads\RoboForm-Setup-cnetc.exe
2014-06-23 13:52 - 2014-06-23 13:52 - 00000000 ____D () C:\Users\Robin\Documents\Receipt   Alien Skin Software_files
2014-06-23 13:48 - 2014-06-23 13:48 - 00000000 ____D () C:\Users\Robin\.AS
2014-06-23 13:47 - 2014-06-23 13:47 - 00000000 ____D () C:\Program Files\Alien Skin
2014-06-23 13:46 - 2014-06-23 13:46 - 51857528 _____ (Alien Skin Software, LLC) C:\Users\Robin\Downloads\eye-candy-7.1.0.1192.exe
2014-06-20 23:36 - 2014-06-20 23:31 - 03294900 _____ () C:\Users\Robin\Documents\Resourceandperformancereport-6-20-14.html
2014-06-17 22:42 - 2014-06-17 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-17 22:42 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-17 22:42 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-17 22:42 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-17 22:42 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-17 22:36 - 2014-06-17 22:36 - 00918952 _____ (Oracle Corporation) C:\Users\Robin\Downloads\chromeinstall-7u60.exe
2014-06-13 13:16 - 2014-07-10 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-13 13:16 - 2014-06-17 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-13 13:16 - 2014-06-13 13:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-13 13:13 - 2014-06-13 13:14 - 02650408 _____ (Malwarebytes ) C:\Users\Robin\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-10 20:25 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-10 20:25 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 20:25 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-10 20:25 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-10 20:25 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-10 20:25 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 20:25 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-10 20:25 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-10 20:25 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-10 20:25 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-10 20:25 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-10 20:25 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-10 20:25 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-10 20:25 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-10 11:14 - 2014-06-10 11:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-10 11:14 - 2014-06-10 11:14 - 00001783 _____ () C:\ProgramData\Desktop\iTunes.lnk
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-10 11:13 - 2014-07-02 10:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-10 11:13 - 2014-06-10 11:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-10 11:13 - 2014-06-10 11:14 - 00000000 ____D () C:\Program Files\iTunes
2014-06-10 11:13 - 2014-06-10 11:13 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
2014-07-10 19:06 - 2014-07-10 19:06 - 00024767 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-07-10 19:06 - 2014-07-10 19:05 - 00000000 ____D () C:\FRST
2014-07-10 19:04 - 2014-07-10 19:04 - 02084864 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2014-07-10 18:26 - 2013-09-01 13:56 - 00000000 ____D () C:\Users\Robin\AppData\Local\Deployment
2014-07-10 18:13 - 2012-03-09 01:25 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 17:35 - 2014-07-10 17:35 - 00379920 _____ () C:\Users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 17:35 - 2014-04-25 22:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-10 17:34 - 2014-04-25 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 17:07 - 2012-03-09 00:37 - 01525700 _____ () C:\windows\WindowsUpdate.log
2014-07-10 16:20 - 2014-06-13 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-10 16:17 - 2012-03-09 01:15 - 01983446 _____ () C:\FaceProv.log
2014-07-10 13:15 - 2013-08-29 15:25 - 00000000 ____D () C:\Users\Robin\AppData\Local\NPE
2014-07-10 12:45 - 2012-03-09 01:25 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 12:45 - 2012-03-09 01:17 - 00679009 _____ () C:\windows\system32\fastboot.set
2014-07-10 12:44 - 2014-07-10 12:17 - 00000000 ____D () C:\NPE
2014-07-10 12:25 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 12:25 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 12:21 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-10 12:17 - 2013-08-29 05:53 - 00012245 _____ () C:\windows\setupact.log
2014-07-10 12:17 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-10 12:16 - 2010-11-20 23:47 - 01344478 _____ () C:\windows\PFRO.log
2014-07-10 12:15 - 2014-07-10 12:15 - 00096856 _____ (Symantec Corporation) C:\windows\system32\Drivers\SMR410.SYS
2014-07-10 03:02 - 2013-10-26 07:58 - 00000000 ____D () C:\Users\Robin\Documents\PersonalRelated
2014-07-10 01:56 - 2014-07-10 01:56 - 00302011 _____ () C:\Users\Robin\Downloads\WindowsUpdateDiagnostic.diagcab
2014-07-10 00:32 - 2012-08-04 11:16 - 00000000 ____D () C:\Users\Robin\Documents\CCleaner
2014-07-09 12:27 - 2012-05-29 19:09 - 00000000 ____D () C:\Users\Robin\Documents\Outlook Files
2014-07-09 11:30 - 2013-09-20 11:09 - 00000000 ____D () C:\Users\Robin\AppData\Local\8A423D2B-06DC-40D9-9A59-775D53071926.aplzod
2014-07-09 03:33 - 2014-07-09 03:33 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-09 03:28 - 2014-04-29 22:19 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-07-09 03:28 - 2014-04-29 22:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-09 03:28 - 2014-04-29 22:17 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-07-09 03:25 - 2014-04-28 22:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 03:25 - 2011-09-28 23:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 03:09 - 2012-05-29 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:07 - 2013-07-17 16:42 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 03:03 - 2012-05-26 11:40 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 02:41 - 2012-05-28 14:23 - 00000000 ____D () C:\Users\Robin\Documents\Beltone
2014-07-07 23:28 - 2013-10-04 23:46 - 00000000 ____D () C:\Users\Robin\Documents\CDO-YAHOOGroup
2014-07-07 22:31 - 2012-07-25 23:22 - 00000000 ____D () C:\Users\Robin\AppData\Local\CrashDumps
2014-07-07 21:09 - 2014-04-30 08:10 - 00000000 ____D () C:\windows\System32\Tasks\Norton Zone
2014-07-07 21:09 - 2014-04-30 08:09 - 00000000 ____D () C:\windows\system32\Drivers\NZx64
2014-07-07 21:09 - 2014-04-30 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Zone
2014-07-07 15:10 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-07 12:33 - 2012-05-28 09:50 - 00000000 ____D () C:\Program Files (x86)\AIM
2014-07-06 22:13 - 2013-10-02 19:40 - 00000000 ____D () C:\Users\Robin\Documents\BCBS-HSA
2014-07-06 22:09 - 2012-08-20 13:55 - 00000000 ____D () C:\Users\Robin\Documents\Girl Stuff
2014-07-05 23:28 - 2014-07-05 23:28 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-05 23:28 - 2014-07-05 23:28 - 00000822 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2014-07-05 23:28 - 2012-07-22 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-05 23:28 - 2012-07-22 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-05 23:25 - 2014-07-05 23:24 - 04812672 _____ (Piriform Ltd) C:\Users\Robin\Downloads\ccsetup415.exe
2014-07-04 23:25 - 2012-07-22 20:52 - 06447074 _____ () C:\windows\system32\PsBoot.log
2014-07-04 23:24 - 2012-07-22 20:52 - 00000000 _____ () C:\windows\system32\defragLog.log
2014-07-02 15:04 - 2012-06-01 06:01 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-07-02 10:05 - 2014-06-10 11:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-29 22:09 - 2014-07-08 23:10 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-08 23:10 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 08:16 - 2014-06-29 08:16 - 00252623 _____ () C:\Users\Robin\Documents\qbreport629-50793.xps
2014-06-28 22:38 - 2012-05-31 06:02 - 00000000 ____D () C:\Users\Robin\AppData\Local\Paint.NET
2014-06-28 22:37 - 2012-05-31 06:03 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-06-28 22:37 - 2012-05-31 06:03 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-28 20:02 - 2014-06-28 20:02 - 01765104 _____ () C:\ProgramData\SPLEBF.tmp
2014-06-25 11:51 - 2014-03-15 23:24 - 00004128 _____ () C:\windows\System32\Tasks\Open URL by RoboForm
2014-06-25 11:51 - 2014-03-15 23:24 - 00003492 _____ () C:\windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-06-25 11:51 - 2014-03-15 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-06-25 11:47 - 2014-06-25 11:46 - 16656408 _____ (Siber Systems) C:\Users\Robin\Downloads\RoboForm-Setup-cnetc.exe
2014-06-23 13:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Resources
2014-06-23 13:52 - 2014-06-23 13:52 - 00000000 ____D () C:\Users\Robin\Documents\Receipt   Alien Skin Software_files
2014-06-23 13:49 - 2012-08-30 20:36 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Alien Skin
2014-06-23 13:48 - 2014-06-23 13:48 - 00000000 ____D () C:\Users\Robin\.AS
2014-06-23 13:48 - 2012-08-30 20:46 - 00000000 ____D () C:\ProgramData\Alien Skin
2014-06-23 13:48 - 2012-08-30 20:35 - 00000000 ____D () C:\Users\Robin\AppData\Local\Alien Skin
2014-06-23 13:48 - 2012-05-27 08:16 - 00000000 ____D () C:\Users\Robin
2014-06-23 13:47 - 2014-06-23 13:47 - 00000000 ____D () C:\Program Files\Alien Skin
2014-06-23 13:47 - 2012-07-09 00:02 - 00000000 ____D () C:\Program Files (x86)\Alien Skin
2014-06-23 13:47 - 2012-06-01 10:04 - 00000000 ____D () C:\Users\Robin\Documents\My PSP Files
2014-06-23 13:46 - 2014-06-23 13:46 - 51857528 _____ (Alien Skin Software, LLC) C:\Users\Robin\Downloads\eye-candy-7.1.0.1192.exe
2014-06-20 23:31 - 2014-06-20 23:36 - 03294900 _____ () C:\Users\Robin\Documents\Resourceandperformancereport-6-20-14.html
2014-06-20 16:14 - 2014-07-08 23:09 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-08 23:09 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-08 23:09 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-08 23:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-08 23:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-08 23:09 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-08 23:09 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-08 23:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-08 23:09 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-08 23:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-08 23:09 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-08 23:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-08 23:09 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-08 23:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-08 23:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-08 23:09 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-08 23:09 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-08 23:09 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-08 23:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-08 23:09 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-08 23:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-08 23:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-08 23:09 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-08 23:09 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-08 23:09 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-08 23:09 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-08 23:09 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-08 23:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-08 23:09 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-08 23:09 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-08 23:09 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-08 23:09 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-08 23:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-08 23:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-08 23:09 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-08 23:09 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-08 23:09 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-08 23:09 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-08 23:09 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-08 23:09 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-08 23:09 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-08 23:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-08 23:09 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-08 23:09 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-08 23:09 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-08 23:09 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-08 23:09 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-08 23:09 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-08 23:09 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-08 23:09 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-08 23:09 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-08 23:09 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-08 23:09 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-08 23:09 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-08 23:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-08 23:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 10:08 - 2012-03-09 01:25 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 10:08 - 2012-03-09 01:25 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 22:43 - 2013-10-28 06:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-17 22:42 - 2014-06-17 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-17 22:42 - 2012-10-13 14:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-17 22:36 - 2014-06-17 22:36 - 00918952 _____ (Oracle Corporation) C:\Users\Robin\Downloads\chromeinstall-7u60.exe
2014-06-17 22:18 - 2014-07-08 23:10 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-08 23:10 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-08 23:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 13:05 - 2014-06-13 13:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-17 13:05 - 2012-06-01 05:55 - 00000000 ____D () C:\Program Files (x86)\Lexmark 3500-4500 Series
2014-06-13 13:16 - 2014-06-13 13:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00001102 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-13 13:14 - 2014-06-13 13:13 - 02650408 _____ (Malwarebytes ) C:\Users\Robin\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-11 08:47 - 2013-08-23 16:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 21:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-06-10 11:14 - 2014-06-10 11:14 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-10 11:14 - 2014-06-10 11:14 - 00001783 _____ () C:\ProgramData\Desktop\iTunes.lnk
2014-06-10 11:14 - 2014-06-10 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-10 11:14 - 2014-06-10 11:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-10 11:14 - 2014-06-10 11:13 - 00000000 ____D () C:\Program Files\iTunes
2014-06-10 11:13 - 2014-06-10 11:13 - 00000000 ____D () C:\Program Files\iPod
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-08 21:05
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

ok i have to work on my computer so doing process list in post "Windows 7 user with wicked attack"

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/11/2014 12:27:15 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Robin\Downloads\FRST64.exe (PID: 2560) [uP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 07/11/2014 12:28:07 AM
Execution time: 0 hours(s), 0 minute(s), and 52 seconds(s)
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MB ran again
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/07/11 00:43:53 -0400</date>
<logfile>mbam-log-2014-07-11 (00-43-52).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.07.11.02</malware-database>
<rootkit-database>v2014.07.09.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Robin</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>297147</objects>
<time>907</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
Link to post
Share on other sites

RogueKiller V9.2.1.0 (x64) [Jun 23 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robin [Admin rights]
Mode : Scan -- Date : 07/11/2014  01:19:14
 
¤¤¤ Bad processes : 1 ¤¤¤
[Proc.Hidden]  -- [x] -> KILLED [TermThr]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NPEService -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 6 ¤¤¤
[suspicious.Path] \\05-12-13-picturefile -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe ("C:\Users\Robin\AppData\Roaming\Nero\Nero BackItUp 5\Files\05-12-13-picturefile.nji") -> FOUND
[suspicious.Path] \\6-1-12-Lenovo-fullbackup -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe ("C:\Users\Robin\AppData\Roaming\Nero\Nero BackItUp 5\Files\6-1-12-Lenovo-fullbackup.nji") -> FOUND
[suspicious.Path] \\6-1-12-newcompRobinfb -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe ("C:\Users\Robin\AppData\Roaming\Nero\Nero BackItUp 5\Files\6-1-12-newcompRobinfb.nji") -> FOUND
[suspicious.Path] \\6-1-12manuallybackeduplenovo -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe ("C:\Users\Robin\AppData\Roaming\Nero\Nero BackItUp 5\Files\6-1-12manuallybackeduplenovo.nji") -> FOUND
[suspicious.Path] \\FB-12-9-12-stm4 -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe ("C:\Users\Robin\AppData\Roaming\Nero\Nero BackItUp 5\Files\FB-12-9-12-stm4.nji") -> FOUND
[suspicious.Path] \\Robin -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe ("C:\Users\Robin\AppData\Roaming\Nero\Nero BackItUp 5\Files\Robin.nji") -> FOUND
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\LHDmgr @ Unknown (\SystemRoot\System32\Drivers\mup.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-24HXZT3 +++++
--- User ---
[MBR] f49a6e5573bdfe95c254903fd78923aa
[bSP] 871337e1eb72ecfa941c413415b292c9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 431938 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Here is Junkware report

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Robin on Fri 07/11/2014 at  1:24:26.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{669951FF-C63D-4B4B-833A-DBB03687B1EA}
Successfully deleted: [Empty Folder] C:\Users\Robin\appdata\local\{DC9E5890-967B-493E-A717-FC88EA3D76EA}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/11/2014 at  1:31:19.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v3.215 - Report created 11/07/2014 at 01:34:23
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Robin - ROBIN-PC
# Running from : C:\Users\Robin\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Robin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Found : C:\Users\Robin\AppData\Local\jZip
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Classes\jZip.file
Key Found : HKLM\Software\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=102&sr=0&q={searchTerms}
Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4107 octets] - [31/08/2013 10:01:09]
AdwCleaner[R1].txt - [882 octets] - [31/08/2013 10:23:47]
AdwCleaner[R2].txt - [2312 octets] - [11/07/2014 01:34:23]
AdwCleaner[s0].txt - [4268 octets] - [31/08/2013 10:02:46]
AdwCleaner[s1].txt - [942 octets] - [31/08/2013 10:24:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2491 octets] ##########
 
Link to post
Share on other sites

ESET report

 

 

C:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exe probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application

C:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exe probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application

C:\Users\Robin\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\Robin\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Robin\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Robin\Downloads\jZipV1 (1).exe probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application

Link to post
Share on other sites

ok last step and hopefully someone will read this today... 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2014 01
Ran by Robin (administrator) on ROBIN-PC on 11-07-2014 08:41:39
Running from C:\Users\Robin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdiserv.exe
( ) C:\Windows\System32\lxdicoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe
() C:\Windows\SysWOW64\PSIService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-03-09] (Lenovo)
HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-03-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-03-09] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\MountPoints2: {4e2e5bfc-ee3a-11e1-bbf4-7ce9d3c724ef} - E:\SISetup.exe
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\MountPoints2: {b2721c3b-acb8-11e1-a509-7ce9d3c724ef} - G:\LaunchU3.exe -a
HKU\S-1-5-21-448268370-1532745791-1850709367-1000\...\MountPoints2: {bd7ee60e-a679-11e2-a79f-7ce9d3c724ef} - H:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: 1NZOverlayExcluded -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: 1NZOverlayPending -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: 1NZOverlaySynced -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC7E9397218F9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-07-11]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (Yulia Brodskaya) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2014-06-28]
CHR Extension: (Norton Identity Protection) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-25]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (RoboForm) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-15]
 
==================== Services (Whitelisted) =================
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
S3 CorelCreatorMessages; C:\windows\system32\CorelCreatorMessages.exe [105984 2012-04-25] (Global Graphics Software Ltd) [File not signed]
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [8117904 2014-02-14] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 lxdi_device; C:\windows\system32\lxdicoms.exe [876976 2007-04-26] ( )
R2 lxdi_device; C:\windows\SysWOW64\lxdicoms.exe [517040 2007-04-26] ( )
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46224 2012-12-26] (NTI Corporation)
R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe [521504 2014-06-19] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\0200610.00E\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140710.002\IDSvia64.sys [525016 2014-05-22] (Symantec Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-27] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140710.024\ENG64.SYS [126040 2014-07-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140710.024\EX64.SYS [2099288 2014-07-09] (Symantec Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerServic; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SoftwareService; 
U2 Stereo Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-11 08:31 - 2014-07-11 08:31 - 00001115 _____ () C:\Users\Robin\Downloads\onlineESETscannerresults-7-11-14.txt
2014-07-11 02:51 - 2014-07-11 02:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-11 02:49 - 2014-07-11 02:49 - 02347384 _____ (ESET) C:\Users\Robin\Downloads\esetsmartinstaller_enu.exe
2014-07-11 02:06 - 2014-07-11 02:06 - 01041056 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 01:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-11 01:31 - 2014-07-11 01:31 - 00001676 _____ () C:\Users\Robin\Desktop\JRT.txt
2014-07-11 01:24 - 2014-07-11 01:24 - 00000000 ____D () C:\windows\ERUNT
2014-07-11 01:12 - 2014-07-11 01:12 - 00556709 _____ () C:\Users\Robin\Documents\Windows 7 User with WICKED attack - Malware Removal Help - Malwarebytes Forum.htm
2014-07-11 01:12 - 2014-07-11 01:12 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-11 01:12 - 2014-07-11 01:12 - 00000000 ____D () C:\Users\Robin\Documents\Windows 7 User with WICKED attack - Malware Removal Help - Malwarebytes Forum_files
2014-07-11 01:12 - 2014-07-11 01:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-11 00:40 - 2014-07-11 00:40 - 00000000 ____D () C:\windows\ERDNT
2014-07-11 00:38 - 2014-07-11 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-11 00:38 - 2014-07-11 00:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-11 00:27 - 2014-07-11 00:28 - 00002136 _____ () C:\Users\Robin\Desktop\Rkill.txt
2014-07-11 00:18 - 2014-07-11 00:19 - 05332568 _____ () C:\Users\Robin\Downloads\RogueKillerX64.exe
2014-07-11 00:18 - 2014-07-11 00:18 - 00791393 _____ (Lars Hederer ) C:\Users\Robin\Downloads\erunt-setup.exe
2014-07-11 00:09 - 2014-07-11 00:10 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Robin\Downloads\rkill.com
2014-07-11 00:06 - 2014-07-11 00:06 - 01016261 _____ (Thisisu) C:\Users\Robin\Downloads\JRT.exe
2014-07-11 00:04 - 2014-07-11 00:05 - 01348263 _____ () C:\Users\Robin\Downloads\AdwCleaner.exe
2014-07-10 19:07 - 2014-07-10 19:07 - 00102629 _____ () C:\Users\Robin\Downloads\Addition.txt
2014-07-10 19:06 - 2014-07-11 08:41 - 00022967 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-07-10 19:05 - 2014-07-11 08:41 - 00000000 ____D () C:\FRST
2014-07-10 19:04 - 2014-07-10 19:04 - 02084864 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2014-07-10 17:35 - 2014-07-10 17:35 - 00379920 _____ () C:\Users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 12:17 - 2014-07-10 12:44 - 00000000 ____D () C:\NPE
2014-07-10 01:56 - 2014-07-10 01:56 - 00302011 _____ () C:\Users\Robin\Downloads\WindowsUpdateDiagnostic.diagcab
2014-07-09 03:33 - 2014-07-09 03:33 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-08 23:10 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-08 23:10 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-08 23:10 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-08 23:10 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-08 23:10 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-08 23:10 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-08 23:10 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-08 23:10 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-08 23:10 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-08 23:10 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-08 23:09 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-08 23:09 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-08 23:09 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-08 23:09 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-08 23:09 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-08 23:09 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-08 23:09 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-08 23:09 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-08 23:09 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-08 23:09 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-08 23:09 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-08 23:09 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-08 23:09 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-08 23:09 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-08 23:09 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-08 23:09 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-08 23:09 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-08 23:09 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-08 23:09 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-08 23:09 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 23:09 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-08 23:09 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-08 23:09 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-08 23:09 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-08 23:09 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-08 23:09 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-08 23:09 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-08 23:09 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-08 23:09 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-08 23:09 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-08 23:09 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-08 23:09 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-08 23:09 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-08 23:09 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-08 23:09 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-08 23:09 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-08 23:09 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-08 23:09 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-08 23:09 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-08 23:09 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-08 23:09 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 23:09 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-08 23:09 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-08 23:09 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-08 23:09 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-08 23:09 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-08 23:09 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-08 23:09 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-08 23:09 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-08 23:09 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-08 23:09 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-08 23:09 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-08 23:09 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-08 23:09 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-08 23:09 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-08 23:09 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-08 23:08 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-08 23:08 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-08 23:08 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-05 23:28 - 2014-07-05 23:28 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-05 23:24 - 2014-07-05 23:25 - 04812672 _____ (Piriform Ltd) C:\Users\Robin\Downloads\ccsetup415.exe
2014-06-29 08:16 - 2014-06-29 08:16 - 00252623 _____ () C:\Users\Robin\Documents\qbreport629-50793.xps
2014-06-28 20:02 - 2014-06-28 20:02 - 01765104 _____ () C:\ProgramData\SPLEBF.tmp
2014-06-25 11:46 - 2014-06-25 11:47 - 16656408 _____ (Siber Systems) C:\Users\Robin\Downloads\RoboForm-Setup-cnetc.exe
2014-06-23 13:52 - 2014-06-23 13:52 - 00000000 ____D () C:\Users\Robin\Documents\Receipt   Alien Skin Software_files
2014-06-23 13:48 - 2014-06-23 13:48 - 00000000 ____D () C:\Users\Robin\.AS
2014-06-23 13:47 - 2014-06-23 13:47 - 00000000 ____D () C:\Program Files\Alien Skin
2014-06-23 13:46 - 2014-06-23 13:46 - 51857528 _____ (Alien Skin Software, LLC) C:\Users\Robin\Downloads\eye-candy-7.1.0.1192.exe
2014-06-20 23:36 - 2014-06-20 23:31 - 03294900 _____ () C:\Users\Robin\Documents\Resourceandperformancereport-6-20-14.html
2014-06-17 22:42 - 2014-06-17 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-17 22:42 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-17 22:42 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-17 22:42 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-17 22:42 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-17 22:36 - 2014-06-17 22:36 - 00918952 _____ (Oracle Corporation) C:\Users\Robin\Downloads\chromeinstall-7u60.exe
2014-06-13 13:16 - 2014-07-11 00:16 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-06-13 13:16 - 2014-06-17 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-13 13:16 - 2014-06-13 13:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-13 13:13 - 2014-06-13 13:14 - 02650408 _____ (Malwarebytes ) C:\Users\Robin\Downloads\mbae-setup-1.03.1.1220.exe
 
==================== One Month Modified Files and Folders =======
 
2014-07-11 08:42 - 2014-07-10 19:06 - 00022967 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-07-11 08:41 - 2014-07-10 19:05 - 00000000 ____D () C:\FRST
2014-07-11 08:31 - 2014-07-11 08:31 - 00001115 _____ () C:\Users\Robin\Downloads\onlineESETscannerresults-7-11-14.txt
2014-07-11 08:21 - 2012-03-09 00:37 - 01557989 _____ () C:\windows\WindowsUpdate.log
2014-07-11 08:13 - 2012-03-09 01:25 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 08:10 - 2012-03-09 01:15 - 01985896 _____ () C:\FaceProv.log
2014-07-11 02:51 - 2014-07-11 02:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-11 02:49 - 2014-07-11 02:49 - 02347384 _____ (ESET) C:\Users\Robin\Downloads\esetsmartinstaller_enu.exe
2014-07-11 02:25 - 2014-04-25 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 02:15 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 02:15 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 02:12 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-11 02:09 - 2012-03-09 01:25 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 02:09 - 2012-03-09 01:17 - 00677385 _____ () C:\windows\system32\fastboot.set
2014-07-11 02:07 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 02:06 - 2014-07-11 02:06 - 01041056 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 02:06 - 2013-08-29 05:53 - 00012301 _____ () C:\windows\setupact.log
2014-07-11 02:06 - 2010-11-20 23:47 - 01345034 _____ () C:\windows\PFRO.log
2014-07-11 02:05 - 2013-08-31 10:01 - 00000000 ____D () C:\AdwCleaner
2014-07-11 01:31 - 2014-07-11 01:31 - 00001676 _____ () C:\Users\Robin\Desktop\JRT.txt
2014-07-11 01:24 - 2014-07-11 01:24 - 00000000 ____D () C:\windows\ERUNT
2014-07-11 01:12 - 2014-07-11 01:12 - 00556709 _____ () C:\Users\Robin\Documents\Windows 7 User with WICKED attack - Malware Removal Help - Malwarebytes Forum.htm
2014-07-11 01:12 - 2014-07-11 01:12 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-07-11 01:12 - 2014-07-11 01:12 - 00000000 ____D () C:\Users\Robin\Documents\Windows 7 User with WICKED attack - Malware Removal Help - Malwarebytes Forum_files
2014-07-11 01:12 - 2014-07-11 01:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-11 00:40 - 2014-07-11 00:40 - 00000000 ____D () C:\windows\ERDNT
2014-07-11 00:38 - 2014-07-11 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-11 00:38 - 2014-07-11 00:38 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-11 00:28 - 2014-07-11 00:27 - 00002136 _____ () C:\Users\Robin\Desktop\Rkill.txt
2014-07-11 00:19 - 2014-07-11 00:18 - 05332568 _____ () C:\Users\Robin\Downloads\RogueKillerX64.exe
2014-07-11 00:18 - 2014-07-11 00:18 - 00791393 _____ (Lars Hederer ) C:\Users\Robin\Downloads\erunt-setup.exe
2014-07-11 00:16 - 2014-06-13 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-07-11 00:10 - 2014-07-11 00:09 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Robin\Downloads\rkill.com
2014-07-11 00:06 - 2014-07-11 00:06 - 01016261 _____ (Thisisu) C:\Users\Robin\Downloads\JRT.exe
2014-07-11 00:05 - 2014-07-11 00:04 - 01348263 _____ () C:\Users\Robin\Downloads\AdwCleaner.exe
2014-07-10 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-10 19:07 - 2014-07-10 19:07 - 00102629 _____ () C:\Users\Robin\Downloads\Addition.txt
2014-07-10 19:04 - 2014-07-10 19:04 - 02084864 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2014-07-10 18:26 - 2013-09-01 13:56 - 00000000 ____D () C:\Users\Robin\AppData\Local\Deployment
2014-07-10 17:35 - 2014-07-10 17:35 - 00379920 _____ () C:\Users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-10 17:35 - 2014-04-25 22:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-10 13:15 - 2013-08-29 15:25 - 00000000 ____D () C:\Users\Robin\AppData\Local\NPE
2014-07-10 12:44 - 2014-07-10 12:17 - 00000000 ____D () C:\NPE
2014-07-10 03:02 - 2013-10-26 07:58 - 00000000 ____D () C:\Users\Robin\Documents\PersonalRelated
2014-07-10 01:56 - 2014-07-10 01:56 - 00302011 _____ () C:\Users\Robin\Downloads\WindowsUpdateDiagnostic.diagcab
2014-07-10 00:32 - 2012-08-04 11:16 - 00000000 ____D () C:\Users\Robin\Documents\CCleaner
2014-07-09 12:27 - 2012-05-29 19:09 - 00000000 ____D () C:\Users\Robin\Documents\Outlook Files
2014-07-09 11:30 - 2013-09-20 11:09 - 00000000 ____D () C:\Users\Robin\AppData\Local\8A423D2B-06DC-40D9-9A59-775D53071926.aplzod
2014-07-09 03:33 - 2014-07-09 03:33 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-07-09 03:28 - 2014-04-29 22:19 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-07-09 03:28 - 2014-04-29 22:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-09 03:28 - 2014-04-29 22:17 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-07-09 03:25 - 2014-04-28 22:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 03:25 - 2011-09-28 23:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 03:09 - 2012-05-29 18:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 03:07 - 2013-07-17 16:42 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 03:03 - 2012-05-26 11:40 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 02:41 - 2012-05-28 14:23 - 00000000 ____D () C:\Users\Robin\Documents\Beltone
2014-07-07 23:28 - 2013-10-04 23:46 - 00000000 ____D () C:\Users\Robin\Documents\CDO-YAHOOGroup
2014-07-07 22:31 - 2012-07-25 23:22 - 00000000 ____D () C:\Users\Robin\AppData\Local\CrashDumps
2014-07-07 21:09 - 2014-04-30 08:10 - 00000000 ____D () C:\windows\System32\Tasks\Norton Zone
2014-07-07 21:09 - 2014-04-30 08:09 - 00000000 ____D () C:\windows\system32\Drivers\NZx64
2014-07-07 21:09 - 2014-04-30 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Zone
2014-07-07 15:10 - 2009-07-14 01:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-07 12:33 - 2012-05-28 09:50 - 00000000 ____D () C:\Program Files (x86)\AIM
2014-07-06 22:13 - 2013-10-02 19:40 - 00000000 ____D () C:\Users\Robin\Documents\BCBS-HSA
2014-07-06 22:09 - 2012-08-20 13:55 - 00000000 ____D () C:\Users\Robin\Documents\Girl Stuff
2014-07-05 23:28 - 2014-07-05 23:28 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-05 23:28 - 2012-07-22 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-05 23:28 - 2012-07-22 21:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-05 23:25 - 2014-07-05 23:24 - 04812672 _____ (Piriform Ltd) C:\Users\Robin\Downloads\ccsetup415.exe
2014-07-04 23:25 - 2012-07-22 20:52 - 06447074 _____ () C:\windows\system32\PsBoot.log
2014-07-04 23:24 - 2012-07-22 20:52 - 00000000 _____ () C:\windows\system32\defragLog.log
2014-07-02 15:04 - 2012-06-01 06:01 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-07-02 10:05 - 2014-06-10 11:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-29 22:09 - 2014-07-08 23:10 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-08 23:10 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 08:16 - 2014-06-29 08:16 - 00252623 _____ () C:\Users\Robin\Documents\qbreport629-50793.xps
2014-06-28 22:38 - 2012-05-31 06:02 - 00000000 ____D () C:\Users\Robin\AppData\Local\Paint.NET
2014-06-28 22:37 - 2012-05-31 06:03 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-06-28 22:37 - 2012-05-31 06:03 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-28 20:02 - 2014-06-28 20:02 - 01765104 _____ () C:\ProgramData\SPLEBF.tmp
2014-06-25 11:51 - 2014-03-15 23:24 - 00004128 _____ () C:\windows\System32\Tasks\Open URL by RoboForm
2014-06-25 11:51 - 2014-03-15 23:24 - 00003492 _____ () C:\windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-06-25 11:51 - 2014-03-15 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-06-25 11:47 - 2014-06-25 11:46 - 16656408 _____ (Siber Systems) C:\Users\Robin\Downloads\RoboForm-Setup-cnetc.exe
2014-06-23 13:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Resources
2014-06-23 13:52 - 2014-06-23 13:52 - 00000000 ____D () C:\Users\Robin\Documents\Receipt   Alien Skin Software_files
2014-06-23 13:49 - 2012-08-30 20:36 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Alien Skin
2014-06-23 13:48 - 2014-06-23 13:48 - 00000000 ____D () C:\Users\Robin\.AS
2014-06-23 13:48 - 2012-08-30 20:46 - 00000000 ____D () C:\ProgramData\Alien Skin
2014-06-23 13:48 - 2012-08-30 20:35 - 00000000 ____D () C:\Users\Robin\AppData\Local\Alien Skin
2014-06-23 13:48 - 2012-05-27 08:16 - 00000000 ____D () C:\Users\Robin
2014-06-23 13:47 - 2014-06-23 13:47 - 00000000 ____D () C:\Program Files\Alien Skin
2014-06-23 13:47 - 2012-07-09 00:02 - 00000000 ____D () C:\Program Files (x86)\Alien Skin
2014-06-23 13:47 - 2012-06-01 10:04 - 00000000 ____D () C:\Users\Robin\Documents\My PSP Files
2014-06-23 13:46 - 2014-06-23 13:46 - 51857528 _____ (Alien Skin Software, LLC) C:\Users\Robin\Downloads\eye-candy-7.1.0.1192.exe
2014-06-20 23:31 - 2014-06-20 23:36 - 03294900 _____ () C:\Users\Robin\Documents\Resourceandperformancereport-6-20-14.html
2014-06-20 16:14 - 2014-07-08 23:09 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-08 23:09 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-08 23:09 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-08 23:09 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-08 23:09 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-08 23:09 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-08 23:09 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-08 23:09 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-08 23:09 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-08 23:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-08 23:09 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-08 23:09 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-08 23:09 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-08 23:09 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-08 23:09 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-08 23:09 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-08 23:09 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-08 23:09 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-08 23:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-08 23:09 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-08 23:09 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-08 23:09 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-08 23:09 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-08 23:09 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-08 23:09 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-08 23:09 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-08 23:09 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-08 23:09 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-08 23:09 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-08 23:09 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-08 23:09 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-08 23:09 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-08 23:09 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-08 23:09 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-08 23:09 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-08 23:09 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-08 23:09 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-08 23:09 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-08 23:09 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-08 23:09 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-08 23:09 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-08 23:09 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-08 23:09 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-08 23:09 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-08 23:09 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-08 23:09 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-08 23:09 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-08 23:09 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-08 23:09 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-08 23:09 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-08 23:09 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-08 23:09 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-08 23:09 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-08 23:09 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-08 23:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-08 23:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 10:08 - 2012-03-09 01:25 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 10:08 - 2012-03-09 01:25 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 22:43 - 2013-10-28 06:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-17 22:42 - 2014-06-17 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-17 22:42 - 2012-10-13 14:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-17 22:36 - 2014-06-17 22:36 - 00918952 _____ (Oracle Corporation) C:\Users\Robin\Downloads\chromeinstall-7u60.exe
2014-06-17 22:18 - 2014-07-08 23:10 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-08 23:10 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-08 23:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 13:05 - 2014-06-13 13:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-06-17 13:05 - 2012-06-01 05:55 - 00000000 ____D () C:\Program Files (x86)\Lexmark 3500-4500 Series
2014-06-13 13:16 - 2014-06-13 13:16 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-06-13 13:16 - 2014-06-13 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-06-13 13:14 - 2014-06-13 13:13 - 02650408 _____ (Malwarebytes ) C:\Users\Robin\Downloads\mbae-setup-1.03.1.1220.exe
2014-06-11 08:47 - 2013-08-23 16:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
Some content of TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-08 21:05
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

Hi Kevin and thank you so much..

 

here you go

 

ComboFix 14-07-11.04 - Robin 07/11/2014  20:25:20.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3687 [GMT -4:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\programdata\Roaming
c:\programdata\SPL14CF.tmp
c:\programdata\SPL18FC.tmp
c:\programdata\SPL1CC4.tmp
c:\programdata\SPL1FFA.tmp
c:\programdata\SPL2D05.tmp
c:\programdata\SPL4970.tmp
c:\programdata\SPL5383.tmp
c:\programdata\SPL57BE.tmp
c:\programdata\SPL66E2.tmp
c:\programdata\SPL7464.tmp
c:\programdata\SPL7BAD.tmp
c:\programdata\SPL8314.tmp
c:\programdata\SPL86BB.tmp
c:\programdata\SPL8E4A.tmp
c:\programdata\SPL9005.tmp
c:\programdata\SPL9C92.tmp
c:\programdata\SPLC420.tmp
c:\programdata\SPLD4F0.tmp
c:\programdata\SPLD6DD.tmp
c:\programdata\SPLD83.tmp
c:\programdata\SPLEBF.tmp
c:\programdata\SPLF1BA.tmp
c:\programdata\SPLF5AC.tmp
c:\users\Robin\AppData\Local\assembly\tmp
c:\windows\gt.exe
c:\windows\s.bat
c:\windows\version.txt
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-12 to 2014-07-12  )))))))))))))))))))))))))))))))
.
.
2014-07-12 00:30 . 2014-07-12 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-12 00:03 . 2014-07-12 00:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6F52539-7C8F-4FB0-A433-5A860EDB76F2}\offreg.dll
2014-07-11 12:21 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6F52539-7C8F-4FB0-A433-5A860EDB76F2}\mpengine.dll
2014-07-11 06:51 . 2014-07-11 06:51 -------- d-----w- c:\program files (x86)\ESET
2014-07-11 05:34 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-11 05:24 . 2014-07-11 05:24 -------- d-----w- c:\windows\ERUNT
2014-07-11 05:12 . 2014-07-11 05:12 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-11 05:12 . 2014-07-11 05:12 -------- d-----w- c:\programdata\RogueKiller
2014-07-11 04:38 . 2014-07-11 04:38 -------- d-----w- c:\program files (x86)\ERUNT
2014-07-10 23:05 . 2014-07-11 12:42 -------- d-----w- C:\FRST
2014-07-10 16:17 . 2014-07-10 16:44 -------- d-----w- C:\NPE
2014-07-09 03:09 . 2014-06-19 00:53 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-09 03:08 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 03:08 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 03:08 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-08 16:32 . 2014-07-09 07:26 -------- d-----w- c:\windows\system32\drivers\N360x64\1504000.00D
2014-07-07 21:09 . 2014-07-07 21:09 -------- d-----w- c:\windows\system32\drivers\NZx64\0200610.00E
2014-06-23 17:48 . 2014-06-23 17:48 -------- d-----w- c:\users\Robin\.AS
2014-06-23 17:47 . 2014-06-23 17:47 -------- d-----w- c:\program files\Alien Skin
2014-06-18 02:42 . 2014-06-18 02:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-06-18 02:42 . 2014-05-07 19:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-13 17:16 . 2014-07-11 23:42 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2014-06-13 17:16 . 2014-06-17 17:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2014-06-12 02:49 . 2014-06-12 02:49 18636480 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 06:25 . 2014-04-26 02:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 07:03 . 2012-05-26 15:40 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:26 . 2014-04-26 02:36 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 11:26 . 2014-04-26 02:36 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2012-07-23 00:39 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:32 . 2014-06-11 00:25 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 00:25 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-30 02:19 . 2014-04-30 02:19 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-04-25 02:34 . 2014-06-11 00:25 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 00:25 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-06-04 382608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 CorelCreatorMessages;CorelCreatorMessages;c:\windows\system32\CorelCreatorMessages.exe;c:\windows\SYSNATIVE\CorelCreatorMessages.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1504000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1504000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\ccSetx64.sys [x]
S1 ccSet_NZ;Norton Zone Settings Manager;c:\windows\system32\drivers\NZx64\0200610.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NZx64\0200610.00E\ccSetx64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140710.002\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140710.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1504000.00D\SYMNETS.SYS [x]
S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe;c:\windows\SYSNATIVE\lxdicoms.exe [x]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdiserv.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe;c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [x]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [x]
S2 NZ;Norton Zone;c:\program files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe;c:\program files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 12:14 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 05:25]
.
2014-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 05:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayExcluded]
@="{32427327-aea5-4bef-811a-b1bd00daf4b4}"
[HKEY_CLASSES_ROOT\CLSID\{32427327-aea5-4bef-811a-b1bd00daf4b4}]
2014-06-20 02:02 666976 ----a-r- c:\program files (x86)\Norton Zone\Engine64\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayPending]
@="{2cfec48b-08ec-4361-8575-7c0da17ab7a5}"
[HKEY_CLASSES_ROOT\CLSID\{2cfec48b-08ec-4361-8575-7c0da17ab7a5}]
2014-06-20 02:02 666976 ----a-r- c:\program files (x86)\Norton Zone\Engine64\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlaySynced]
@="{a9e700bc-92b0-403e-96b3-b87b06ff9d3a}"
[HKEY_CLASSES_ROOT\CLSID\{a9e700bc-92b0-403e-96b3-b87b06ff9d3a}]
2014-06-20 02:02 666976 ----a-r- c:\program files (x86)\Norton Zone\Engine64\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-09 05:15 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-09 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-09 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-09 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.roboform.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Logoff - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComLogoff.html
IE: RoboForm TaskBar Icon - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://www.bc3.beltone.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=5tgiq445wiysgdye0j21ej55&ControlID=40c7f30fc4904dc7a1bbf978de7068ff&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NZ]
"ImagePath"="\"c:\program files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe\" /s \"NZ\" /m \"c:\program files (x86)\Norton Zone\Engine\2.0.97.14\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.4.0.13;c:\program files (x86)\Norton 360\Engine64\21.4.0.13"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448268370-1532745791-1850709367-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-448268370-1532745791-1850709367-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-448268370-1532745791-1850709367-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-11  20:32:39
ComboFix-quarantined-files.txt  2014-07-12 00:32
.
Pre-Run: 326,203,641,856 bytes free
Post-Run: 325,896,642,560 bytes free
.
- - End Of File - - BADE44C1444C630B2CC75D7A66F93CCD
Link to post
Share on other sites

Thanks for the log, we continue...

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those two logs, also let me know if any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Good Morning, here is the combo fix log, off to do the online scan now, so i will be back when it finishes, and again, thank you so much for helping me and taking the time for me :) 

Robin

 

ComboFix 14-07-12.02 - Robin 07/12/2014  11:08:06.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3565 [GMT -4:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
Command switches used :: c:\users\Robin\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-12 to 2014-07-12  )))))))))))))))))))))))))))))))
.
.
2014-07-12 15:12 . 2014-07-12 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-12 00:03 . 2014-07-12 00:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6F52539-7C8F-4FB0-A433-5A860EDB76F2}\offreg.dll
2014-07-11 12:21 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6F52539-7C8F-4FB0-A433-5A860EDB76F2}\mpengine.dll
2014-07-11 06:51 . 2014-07-11 06:51 -------- d-----w- c:\program files (x86)\ESET
2014-07-11 05:34 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-11 05:24 . 2014-07-11 05:24 -------- d-----w- c:\windows\ERUNT
2014-07-11 05:12 . 2014-07-11 05:12 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-11 05:12 . 2014-07-11 05:12 -------- d-----w- c:\programdata\RogueKiller
2014-07-11 04:38 . 2014-07-11 04:38 -------- d-----w- c:\program files (x86)\ERUNT
2014-07-10 23:05 . 2014-07-11 12:42 -------- d-----w- C:\FRST
2014-07-10 16:17 . 2014-07-10 16:44 -------- d-----w- C:\NPE
2014-07-09 03:09 . 2014-06-19 00:53 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-07-09 03:08 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 03:08 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 03:08 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-08 16:32 . 2014-07-09 07:26 -------- d-----w- c:\windows\system32\drivers\N360x64\1504000.00D
2014-07-07 21:09 . 2014-07-07 21:09 -------- d-----w- c:\windows\system32\drivers\NZx64\0200610.00E
2014-06-23 17:48 . 2014-06-23 17:48 -------- d-----w- c:\users\Robin\.AS
2014-06-23 17:47 . 2014-06-23 17:47 -------- d-----w- c:\program files\Alien Skin
2014-06-18 02:42 . 2014-06-18 02:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-06-18 02:42 . 2014-05-07 19:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-13 17:16 . 2014-07-11 23:42 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2014-06-13 17:16 . 2014-06-17 17:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 06:25 . 2014-04-26 02:37 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 07:03 . 2012-05-26 15:40 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-12 11:26 . 2014-04-26 02:36 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 11:26 . 2014-04-26 02:36 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25 . 2012-07-23 00:39 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:32 . 2014-06-11 00:25 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 00:25 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-30 02:19 . 2014-04-30 02:19 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-04-25 02:34 . 2014-06-11 00:25 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 00:25 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-04-15 06:34 . 2014-04-15 06:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-06-04 382608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 CorelCreatorMessages;CorelCreatorMessages;c:\windows\system32\CorelCreatorMessages.exe;c:\windows\SYSNATIVE\CorelCreatorMessages.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1504000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1504000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\ccSetx64.sys [x]
S1 ccSet_NZ;Norton Zone Settings Manager;c:\windows\system32\drivers\NZx64\0200610.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NZx64\0200610.00E\ccSetx64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140710.002\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140710.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1504000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1504000.00D\SYMNETS.SYS [x]
S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe;c:\windows\SYSNATIVE\lxdicoms.exe [x]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdiserv.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe;c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [x]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [x]
S2 NZ;Norton Zone;c:\program files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe;c:\program files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys;c:\windows\SYSNATIVE\Drivers\S6000KNT.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-16 12:14 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 05:25]
.
2014-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 05:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayExcluded]
@="{32427327-aea5-4bef-811a-b1bd00daf4b4}"
[HKEY_CLASSES_ROOT\CLSID\{32427327-aea5-4bef-811a-b1bd00daf4b4}]
2014-06-20 02:02 666976 ----a-r- c:\program files (x86)\Norton Zone\Engine64\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayPending]
@="{2cfec48b-08ec-4361-8575-7c0da17ab7a5}"
[HKEY_CLASSES_ROOT\CLSID\{2cfec48b-08ec-4361-8575-7c0da17ab7a5}]
2014-06-20 02:02 666976 ----a-r- c:\program files (x86)\Norton Zone\Engine64\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlaySynced]
@="{a9e700bc-92b0-403e-96b3-b87b06ff9d3a}"
[HKEY_CLASSES_ROOT\CLSID\{a9e700bc-92b0-403e-96b3-b87b06ff9d3a}]
2014-06-20 02:02 666976 ----a-r- c:\program files (x86)\Norton Zone\Engine64\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-09 05:15 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-09 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-09 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-09 5908928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.roboform.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Logoff - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComLogoff.html
IE: RoboForm TaskBar Icon - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComTaskBarIcon.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://www.bc3.beltone.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=5tgiq445wiysgdye0j21ej55&ControlID=40c7f30fc4904dc7a1bbf978de7068ff&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.4.0.13\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NZ]
"ImagePath"="\"c:\program files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe\" /s \"NZ\" /m \"c:\program files (x86)\Norton Zone\Engine\2.0.97.14\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.4.0.13;c:\program files (x86)\Norton 360\Engine64\21.4.0.13"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448268370-1532745791-1850709367-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-448268370-1532745791-1850709367-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-448268370-1532745791-1850709367-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-12  11:14:12
ComboFix-quarantined-files.txt  2014-07-12 15:14
ComboFix2.txt  2014-07-12 00:32
.
Pre-Run: 325,694,447,616 bytes free
Post-Run: 325,624,410,112 bytes free
.
- - End Of File - - 504F3B5698539ECF44816CCA61BF40C7
Link to post
Share on other sites

Here you go the results from the online scan... awaiting your instructions.... :)  Robin

 

 

C:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exe probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application

C:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exe probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application

C:\Users\Robin\Downloads\ccsetup320.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Users\Robin\Downloads\ccsetup414.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Robin\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Users\Robin\Downloads\jZipV1 (1).exe probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exeC:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exeC:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exeC:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exeC:\Users\Robin\Downloads\ccsetup320.exeC:\Users\Robin\Downloads\ccsetup414.exeC:\Users\Robin\Downloads\ccsetup415.exeC:\Users\Robin\Downloads\jZipV1 (1).exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Let me see that log, also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

ok here you go

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Robin\Desktop\cmd.bat deleted successfully.
C:\Users\Robin\Desktop\cmd.txt deleted successfully.
C:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exe moved successfully.
C:\Nero Local Autobackup\20130110_182411_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exe moved successfully.
C:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\ccsetup320.exe moved successfully.
C:\Nero Local Autobackup\20130110_220614_Local Autobackup\C\Users\Robin\Downloads\jZipV1 (1).exe moved successfully.
C:\Users\Robin\Downloads\ccsetup320.exe moved successfully.
C:\Users\Robin\Downloads\ccsetup414.exe moved successfully.
C:\Users\Robin\Downloads\ccsetup415.exe moved successfully.
C:\Users\Robin\Downloads\jZipV1 (1).exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: dub_cm_auto
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Robin
->Temp folder emptied: 2305 bytes
->Temporary Internet Files folder emptied: 945697 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 65154521 bytes
->Flash cache emptied: 506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11253 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 63.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 07122014_151720
 
Files moved on Reboot...
C:\Users\Robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

I don't know how to answer that really, if that makes sense... with what you had me do, did this remove the infections? Would you like me to use the computer as I normally do and go to the sites that I go do normally and see how it does and then report back to you like after using it for about 24 hours.

 

I have norton as you know, should I considure using something else ? I don't want to have this issue again due to security not being appropriate if you know what I mean. I'm willing to change security if needed. I know alot of my friends swear about Avast Free..

 

I would love your opinion and suggestions if your able to do so. Thanks again for ALL your TIME and HELP I'm truely appreciate you..

 

Robin

Link to post
Share on other sites

Yes you can use your system as normal, post back when/if all is well then we can clean up and remove programs we`ve used....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin...

Link to post
Share on other sites

Good Morning, well I don't know what to say really, lol... crazy a woman speachless, lol.... I'm afraid to say yea it's much better because as soon as I do you know   how that can go... last night it seemed to be slow but this morning visiting two of my sites that i normally go to seems to be moving faster.... I will be on the road today, so i won't be using it until tonight depending what time i get home, so really i won't be back on til tomorrow officially and i will be working to, so I will leave it like this.. 

 

First THANK YOU soooooooooooooooo much for your time again, I can's say it enough... 

Second, I did read up on the info from the link you provided and well I'm confused at the same time it was helpful, lol... really would like for someone to tell me what I need to do but understand that probably is something that you all are not supposed to do. 

Third, I will check in tonight when ever that is, and if you would let me know whether you want me to clean up or not. I did run MB last night and nothing came up and I turned on all my protection for what norton is good for... 

 

If you want me to clean up just leave me the directions and I will do them tonight, or if you want me to do some work tomorrow then and play around with it for a while then I'll do that too..

 

just let me know what you think and want me to do..

I hope you have a wonderful Sunday, enjoy and again THANK YOU :)

Blessings, Robin

Link to post
Share on other sites

Hello Robin,

 

If there are no remaining issues or concerns clean up as follows:

 

Download and run this:

 

http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE'> http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

 

That will remove Combofix and associated folders...

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Regarding a security set up, this my own set up for Windows 7:

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer (and highly recommend) the pro version as it provides auto updates and realtime protection.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

 

http://www.surfright.nl/en/alert/cryptoguard'>http://www.surfright.nl/en/alert/cryptoguard

 

Kevin....

Link to post
Share on other sites

Good Evening Kevin... thanks for the awesome recommendations! I will be busy with all that homework and reading up on them as I want to learn more. It's not like I do alot of surfing, but I do play with making signature tags in two groups and download free kits and tubes and such but mostly from familiar people and they mainly use 4share and box for download host. I also use Photobucket and folki for my photo host. 

 

Not sure if those would be a concern. But I did learn last night when reading the other link you provided about understanding PC security and best practices and about how important having the extensions showing, as example for the downloads, I never scan them, im so stupid but also to actually look at the ext , duh, I will ALWAYS scan my zip downloads and any downloads for that fact. 

 

OK I will go ahead and start that clean up tonight, it seems like I will be able to do it in one swoop and that way I can focus on work tomorrow and then I will start my homework and start reading up on your recommendations. I renewed with Norton about 3 months ago but after being told many times over the years by different people that they hate norton and to use avast or AVG free, but I thought paying always meant more of a better security, dumb..  

 

I just want to do the best I can to protect my system and my family and not act like I know more than i do either.. thank you for stepping out and giving me that extra advice and personal recommendations. 

I will let you know when I'm done cleaning house... so that you know that process is complete. Hope you had a good weekend, I know you stay busy here but I hope you know you are appreciated... :)

Good night..

Robin

Link to post
Share on other sites

Thanks for the update Robin, please let me know if/when the clean up completes. Regarding security set up, it really is what you prefer yourself. If you are comfortable with Norton, then use it. One point to make, i`m a volunteer at Malwarebytes, i`m not on staff so to speak.

As a volunteer I have nothing to gain if you take my recommendation and go for the Premium version of MB, as far as i`m concerned Malwarebytes Premium is an essential part of any system, the free version is worthwhile but does not have auto updates or the all important "real time protection"

I`m not saying that Malwarebytes Premium is 100% bullet proof, but together with the likes of Norton IS and a bit of common sense you will limit the chance of re-infection...

 

Thank you,

 

Kevin

Link to post
Share on other sites

I hope I am allowed to post in another users post with a recommendation as a forum member (if not please remove).

 

I've used Norton for a long time, and recently ditched Norton360 for the newly discovered (to me) Malwarebytes Premium.

Not only was it a lot cheaper than Norton, even my mum and grandma said it was a lot easier to use than Norton and 'less annoying'.

 

As for security, I haven't had it long but I am very satisfied so far. Plus with premium support and an active, helpful community like this I doubt any issues will go unresolved :)

 

- Kruxe

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.