Jump to content

PeaceMEM infection help

Dmass

By Dmass
in Resolved Malware Removal Logs

 Share

Recommended Posts

Dmass

Dmass

Posted
Posted

I too have been infected by the PeeacMem-A virus and am hoping LiquidTension sees this and can assist me.

 

I ran Sophos virus removal software and it kept finding PeeacMem-A virus in my Memory but didn't/couldn't remove it

 

After searching this forum I found this chain

 

I ran the ComboFix and tdsskiller programs as described and have attached them to this post.

 

would appreciate any assistance you can give as to next steps.

 

Awaiting your reply 

 

Thanks in Advance for your help

 

ComboFix.txt

 

TDSSKiller.3.0.0.40_16.10.2014_20.39.34_log.txt

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello Dmass, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
Please consider the following warning, and let me know how you wish to proceed.
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Jim, 

 

Please download and run the following programme. 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites
Dmass

Dmass

Posted
  • Author
Posted

FRST.txt log

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014

Ran by Jim (administrator) on JIM-THINK on 17-10-2014 15:58:15
Running from C:\Users\Jim\Desktop
Loaded Profiles: UpdatusUser & Jim (Available profiles: UpdatusUser & Jim)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\CCDashServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-09] (Synaptics Incorporated)
HKLM\...\Run: [intelMyWiFiDashboard] => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe [4965376 2012-03-02] (Intel® Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [282960 2012-04-02] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-31] (Google Inc.)
HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-02-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-13] (NVIDIA Corporation)
Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - MAIN LEVEL - HP 8600 printer.lnk
ShortcutTarget: Monitor Ink Alerts - MAIN LEVEL - HP 8600 printer.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x188C3C487790CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12
 
FireFox:
========
FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TopArcadeHits - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-07-28]
FF Extension: Youtube MP3 Converter - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\2conv@hotger.com.xpi [2013-09-07]
FF Extension: YouTube2mp3.to: Convert YouTube Video to MP3 - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\contact@youtube2mp3.to.xpi [2013-09-07]
FF Extension: Youtube Downloader - Media Downloader - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\paulsaintuzb@gmail.com.xpi [2013-09-07]
FF Extension: WonTube Free YouTube to MP3/MP4/FLV - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\submit@wontube.com.xpi [2013-09-07]
FF Extension: YouTube to MP3 - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-09-07]
FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2013-02-01]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2014-10-17]
 
Chrome: 
=======
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-23]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-13]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-16]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-10-16]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-16]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-10-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-29] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [170832 2012-04-02] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-07-31] (IBM Corp.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [81552 2012-12-03] (Symantec Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-25] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20140717.001\IDSVia64.sys [525016 2014-08-25] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141016.003\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141016.003\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-02-13] (NVIDIA Corporation)
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-09-11] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-07-31] (IBM Corp.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [428696 2014-09-11] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-07-31] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562136 2014-07-31] (IBM Corp.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 15:58 - 2014-10-17 15:58 - 00031983 _____ () C:\Users\Jim\Desktop\FRST.txt
2014-10-17 15:57 - 2014-10-17 15:58 - 00000000 ____D () C:\FRST
2014-10-17 15:57 - 2014-10-17 15:53 - 02112000 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe
2014-10-16 20:35 - 2014-10-16 16:52 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Desktop\tdsskiller (1).exe
2014-10-16 20:34 - 2014-10-16 20:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-16 20:32 - 2014-10-16 20:32 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-16 20:32 - 2014-10-16 20:32 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-16 20:32 - 2014-10-16 20:32 - 00002402 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-16 20:31 - 2014-10-16 20:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-16 20:31 - 2014-10-16 20:31 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-10-16 18:21 - 2014-10-16 18:21 - 00033777 _____ () C:\Users\Jim\Documents\combofis 10-16-14 jk.txt
2014-10-16 18:20 - 2014-10-16 18:20 - 00033777 _____ () C:\ComboFix.txt
2014-10-16 17:55 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-16 17:55 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-16 17:55 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-16 17:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-16 17:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-16 17:55 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-16 17:55 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-16 17:55 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-16 17:49 - 2014-10-16 17:49 - 00896048 _____ () C:\Users\Jim\Downloads\Norton_Removal_Tool.exe
2014-10-16 17:04 - 2014-10-16 16:52 - 05583559 ____R (Swearware) C:\Users\Jim\Desktop\ComboFix.exe
2014-10-16 17:03 - 2014-10-16 17:03 - 00001145 _____ () C:\Users\Jim\Desktop\ComboFix - Shortcut.lnk
2014-10-16 17:02 - 2014-10-16 18:20 - 00000000 ____D () C:\Qoobox
2014-10-16 17:01 - 2014-10-16 18:17 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 16:52 - 2014-10-16 16:52 - 05583559 ____R (Swearware) C:\Users\Jim\Downloads\ComboFix.exe
2014-10-16 16:52 - 2014-10-16 16:52 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Downloads\tdsskiller (1).exe
2014-10-16 16:51 - 2014-10-16 16:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jim\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-16 16:51 - 2014-10-16 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Jim\Downloads\tdsskiller.exe
2014-10-16 16:41 - 2014-10-16 20:32 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-16 16:41 - 2014-10-16 20:32 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-16 16:40 - 2014-10-16 16:40 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-16 16:12 - 2014-10-16 16:12 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-16 16:11 - 2014-10-16 16:11 - 00003195 _____ () C:\Users\Jim\Desktop\Sophos Virus Removal Tool.lnk
2014-10-16 16:11 - 2014-10-16 16:11 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-16 16:11 - 2014-10-16 16:11 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-16 15:39 - 2014-10-16 15:39 - 00000000 ____D () C:\NPE
2014-10-16 15:35 - 2014-10-16 15:36 - 101615280 _____ (Sophos Limited) C:\Users\Jim\Downloads\Sophos Virus Removal Tool.exe
2014-10-16 15:34 - 2014-10-16 16:03 - 00000000 ____D () C:\Users\Jim\AppData\Local\NPE
2014-10-16 15:34 - 2014-10-16 15:34 - 03060320 ____N (Symantec Corporation) C:\Users\Jim\Downloads\NPE.exe
2014-10-16 15:30 - 2014-10-16 15:30 - 00002534 _____ () C:\Users\Public\Desktop\Norton Identity Safe.LNK
2014-10-16 15:30 - 2014-10-16 15:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-10-16 15:30 - 2014-10-16 15:30 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-10-16 15:30 - 2014-10-16 15:30 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-10-16 15:20 - 2014-10-16 15:20 - 01021984 _____ (Symantec Corporation) C:\Users\Jim\Downloads\NortonN360Downloader.exe
2014-10-15 17:29 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 17:29 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 17:29 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 17:29 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 17:29 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 17:29 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 17:29 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 17:29 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 17:29 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 17:29 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 17:29 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 17:28 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 17:28 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 17:28 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 17:28 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 17:28 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 17:28 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 17:28 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 17:28 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 17:28 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 17:28 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 17:28 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 17:28 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 17:28 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 17:28 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 17:28 - 2014-09-19 22:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-15 17:28 - 2014-09-19 22:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-15 17:28 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 17:28 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 17:28 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 17:28 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 17:28 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 17:28 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 17:28 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 17:28 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 17:27 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 17:27 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 17:27 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 17:27 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 17:27 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 17:27 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 17:27 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 17:27 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 17:27 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 17:27 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 17:27 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 17:27 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 17:27 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 17:27 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 17:27 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 17:27 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 17:27 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 17:27 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 17:27 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 17:27 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 17:27 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 17:27 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 17:27 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 17:27 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 17:27 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 17:27 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 17:27 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 17:27 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 17:27 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 17:27 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 17:27 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 17:27 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 17:27 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 17:27 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 17:27 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 17:27 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 17:27 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 17:27 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 17:27 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 17:27 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 17:26 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 17:26 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 17:26 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 17:26 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 17:26 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 17:26 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 17:26 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 17:26 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 17:26 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 17:26 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 17:26 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 17:26 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 17:26 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 11:20 - 2014-10-15 11:20 - 00000000 ____D () C:\Program Files\Verizon
2014-10-01 09:50 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 09:50 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 13:35 - 2014-09-29 13:35 - 00153164 _____ () C:\Users\Jim\Downloads\266_1412008660392_30.pptx
2014-09-29 11:34 - 2014-09-29 12:37 - 00153164 _____ () C:\Users\Jim\Documents\CEO whiteboard build out.pptx
2014-09-29 10:46 - 2014-09-29 10:46 - 00094246 ____N () C:\Users\Jim\Documents\CEO whiteboard.pptx
2014-09-26 14:10 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-26 14:10 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-19 13:26 - 2014-09-19 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-19 13:25 - 2014-09-19 13:25 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-19 13:25 - 2014-09-19 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-19 13:24 - 2014-09-19 13:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-19 13:24 - 2014-09-19 13:25 - 00000000 ____D () C:\Program Files\iTunes
2014-09-19 13:24 - 2014-09-19 13:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-19 13:24 - 2014-09-19 13:24 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 15:57 - 2013-02-01 15:11 - 01499180 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 15:54 - 2013-02-01 15:28 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 15:54 - 2013-02-01 15:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-17 15:53 - 2010-11-20 23:47 - 04013158 _____ () C:\Windows\PFRO.log
2014-10-17 15:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 15:53 - 2009-07-14 00:51 - 00073159 _____ () C:\Windows\setupact.log
2014-10-16 21:27 - 2013-02-01 15:28 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 21:14 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 20:47 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 20:47 - 2009-07-14 00:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 20:35 - 2013-02-01 15:46 - 00000000 ____D () C:\Users\Jim\Documents\Symantec
2014-10-16 20:34 - 2013-02-01 15:33 - 00000000 ____D () C:\ProgramData\Norton
2014-10-16 20:34 - 2013-02-01 15:31 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-16 20:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 18:22 - 2013-02-01 15:31 - 00001312 _____ () C:\Users\Jim\Desktop\Norton Installation Files.lnk
2014-10-16 18:20 - 2014-04-22 15:51 - 00000000 ____D () C:\Users\dub_cm_auto
2014-10-16 18:20 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-10-16 18:17 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-16 15:56 - 2009-07-14 01:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 15:21 - 2013-02-01 15:31 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-16 14:25 - 2013-02-02 11:45 - 00000000 ____D () C:\Users\Jim\Documents\Outlook Files
2014-10-16 13:11 - 2013-10-19 15:15 - 00000000 ____D () C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzod
2014-10-16 13:10 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 03:38 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 03:37 - 2009-07-14 00:45 - 00442104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:34 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 03:16 - 2013-02-01 16:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 03:09 - 2013-08-16 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:02 - 2013-02-01 15:03 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-06 17:46 - 2013-03-02 00:09 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-06 17:46 - 2013-02-01 15:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-06 17:45 - 2014-04-10 15:56 - 00017066 _____ () C:\Users\Jim\Documents\Real budget.xlsx
2014-09-26 13:58 - 2014-06-13 13:04 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 00:18
 
==================== End Of Log ============================
Link to post
Share on other sites
Dmass

Dmass

Posted
  • Author
Posted

Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Jim at 2014-10-17 15:59:28
Running from C:\Users\Jim\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CollageIt 1.9.3 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: 1.9.3 - PearlMountain Technology Co., Ltd)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DisplayLink Core Software (HKLM\...\{C3BC4C2C-39C1-44E1-B4B7-6AAA22D469EE}) (Version: 6.1.35392.0 - DisplayLink Corp.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.3 - Dropbox, Inc.)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
FastStone Image Viewer 4.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.7 - FastStone Soft)
Fitbit Connect (HKLM-x32\...\{6A7C2B2E-36A3-4EF5-96C6-708CD090A3AD}) (Version: 1.0.1.5127 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.7.205 - SurfRight B.V.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Graphics Software (HKLM\...\{BC7CE075-0A45-4DC0-A973-67626CF41144}) (Version: 6.1.35401.0 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}) (Version: 1.3.0.007 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}) (Version: 3.1.0005.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2329D187-A58A-4395-8B6E-791A312667AF}) (Version: 2.0.017.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0012.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{7F8205DE-DDFA-4156-ADA2-766E9CB4FABC}) (Version: 3.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MP3MyMP3 4.0 (HKLM-x32\...\MP3MyMP3_is1) (Version:  - Bruce McArthur)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
NVIDIA 3D Vision Driver 295.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 295.80 - NVIDIA Corporation)
NVIDIA Control Panel 295.80 (Version: 295.80 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 295.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.80 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9580 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.71.03 - )
Picture Collage Maker 3.3.8 (HKLM-x32\...\{D53599B0-AA76-4CC6-B9EF-CC2F27B56F24}_is1) (Version: 3.3.8 - PearlMountain Technology Co., Ltd)
Picture Collage Maker Pro 3.3.9 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 3.3.9 - PearlMountain Technology Co., Ltd)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.11 - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.20 - Lenovo)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
Rapport (x32 Version: 3.5.1403.67 - Trusteer) Hidden
RarmaRadio 2.69 (HKLM-x32\...\RarmaRadio_is1) (Version:  - RaimerSoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.51.86909 - SugarSync, Inc.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.04.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.45.0 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.6.0 - Lenovo)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1403.67 - Trusteer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wmdiper (x32 Version: 012.000.1393 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wmdiper (x32 Version: 013.000.1227 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax 2013 wtniper (x32 Version: 013.000.1276 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
VIP Access (HKLM-x32\...\{97C89A11-9AD7-49CE-9F90-54BF075623CE}) (Version: 2.1.1.34 - Symantec Corporation)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.04.00 (01/11/2012 1.65.04.00) (HKLM\...\789DF697FC48238DE07F6917CCE1C7DBEBAD3096) (Version: 01/11/2012 1.65.04.00 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (02/09/2012 15.3.45.0) (HKLM\...\8926A51887C9CEEAB7E0720A1C9BEC5B3A8A2F05) (Version: 02/09/2012 15.3.45.0 - Synaptics)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-419457526-2912272509-3820656120-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419457526-2912272509-3820656120-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419457526-2912272509-3820656120-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419457526-2912272509-3820656120-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-419457526-2912272509-3820656120-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
27-09-2014 07:00:23 Windows Update
02-10-2014 07:00:23 Windows Update
10-10-2014 19:55:55 Scheduled Checkpoint
16-10-2014 07:00:32 Windows Update
16-10-2014 19:50:48 Norton_Power_Eraser_20141016155047031
16-10-2014 20:11:19 Installed Sophos Virus Removal Tool.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-10-16 18:17 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {050BAD7B-291D-4AEA-9D99-7642BCA153C5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-03-29] (Lenovo Group Limited)
Task: {0E2B6D04-5B6D-4AB1-8634-1A15288BBE08} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {244A6AD7-118D-4AF4-9B8B-AF2DCCC28076} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {4A535D88-023F-46D6-A8F9-8F8DC44D543C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {5888FEF8-E480-47FC-957B-C9F698110112} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Jim-THINK.Jim => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-03-23] (Lenovo)
Task: {604F9EE1-E575-49FE-81BF-E8710A35CB7C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {761138D1-5C04-4DE2-B7F8-6838988D33EB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-01-15] ()
Task: {7C9C4BDA-A96C-4E58-B267-86F7C3240A58} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7DA99E2A-BFCF-4670-A823-AE8FCFD93EE4} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {888E3DE0-2203-4346-9E62-B69C8444AA7B} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-02-24] (Lenovo)
Task: {ABD1C661-4D6A-4D3E-A7DB-DB725434AE36} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {B8B410AF-F6D1-439D-9C43-28C9405B98AA} - System32\Tasks\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-01-15] ()
Task: {BBBE07C8-EC48-405D-BC19-E1FA21F733A3} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe [2012-03-02] (Intel® Corporation)
Task: {C053E95F-17E4-478F-AD1B-A06919482165} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-01-15] (Lenovo)
Task: {C43A9B6F-6D5F-4D30-B648-6DD292F3C03A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D9A748A6-0605-44DB-95E4-5C2465ECEED8} - System32\Tasks\{68FE1CA3-5AB7-4927-908A-2A59E0571582} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002
Task: {EBEE25FB-8C8C-45E4-8148-B221E9048ADA} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {EC97412B-10DC-42F9-97D6-54B370905186} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2013-01-15] ()
Task: {F3860CC0-BBE6-45F6-952A-485D96BA0F12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01] (Google Inc.)
Task: {F9997368-F22F-40AF-92D8-D27404438DB7} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-01 15:20 - 2012-03-29 17:11 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-02-01 15:16 - 2012-01-31 22:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-01 15:25 - 2012-01-17 02:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-02-01 15:20 - 2011-08-02 08:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2013-02-01 15:20 - 2011-08-02 08:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-02-01 15:15 - 2012-02-20 23:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15266472.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15266472.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-419457526-2912272509-3820656120-500 - Administrator - Disabled)
Guest (S-1-5-21-419457526-2912272509-3820656120-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-419457526-2912272509-3820656120-1003 - Limited - Enabled)
Jim (S-1-5-21-419457526-2912272509-3820656120-1002 - Administrator - Enabled) => C:\Users\Jim
UpdatusUser (S-1-5-21-419457526-2912272509-3820656120-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/17/2014 03:54:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Jim-THINK)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Jim-THINK)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Jim-THINK)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. 
 
 DETAIL - The process cannot access the file because it is being used by another process.
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\UpdatusUser\ntuser.dat
 
Error: (10/16/2014 08:38:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 05:53:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 04:34:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 04:11:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (10/16/2014 04:11:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (10/17/2014 03:54:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Identity Safe service failed to start due to the following error: 
%%1053
 
Error: (10/17/2014 03:54:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Identity Safe service to connect.
 
Error: (10/16/2014 08:31:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.
 
Error: (10/16/2014 08:31:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/16/2014 06:17:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/16/2014 06:15:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/16/2014 06:09:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/16/2014 05:55:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%31
 
Error: (10/16/2014 05:53:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Identity Safe service failed to start due to the following error: 
%%1053
 
Error: (10/16/2014 05:53:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Identity Safe service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (10/17/2014 03:54:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Jim-THINK)
Description: 
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Jim-THINK)
Description: 
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Jim-THINK)
Description: The process cannot access the file because it is being used by another process.
 
Error: (10/16/2014 08:41:20 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
C:\Users\UpdatusUser\ntuser.dat
 
Error: (10/16/2014 08:38:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 05:53:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 04:34:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/16/2014 04:11:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
 
System Error:
The system cannot find the file specified.
 
Error: (10/16/2014 04:11:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 
System Error:
The system cannot find the file specified.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-16 18:15:52.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-16 18:15:52.101
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-30 13:23:15.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 13:14:05.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 13:09:13.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 13:08:54.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 13:08:19.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 13:08:10.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 13:07:35.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-30 12:06:20.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 7915.94 MB
Available physical RAM: 5240.63 MB
Total Pagefile: 15830.06 MB
Available Pagefile: 13169.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:282.95 GB) (Free:137.15 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (FlashDisk) (Fixed) (Total:0.06 GB) (Free:0.04 GB) FAT
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 808349B6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 62.5 MB) (Disk ID: 2C3E8FFD)
Partition 1: (Active) - (Size=62 MB) - (Type=06)
 
==================== End Of Log ============================
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello Jim, 
 
Did you install these Firefox extensions?

  • FF Extension: Youtube MP3 Converter
  • FF Extension: YouTube2mp3.to: Convert YouTube Video to MP3 
  • FF Extension: Youtube Downloader - Media Downloader 
  • FF Extension: WonTube Free YouTube to MP3/MP4/FLV 
  • FF Extension: YouTube to MP3 
     

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...A8F59079A8D5}\localserver32:  <==== ATTENTION!FF Extension: TopArcadeHits - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-07-28]HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15266472.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15266472.sys => ""="Driver"Folder: C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzodCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetCMD: bitsadmin /reset /allusersEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did you install the extensions?
  • Fixlog.txt
  • AdwCleaner[s0].txt
  • JRT.txt
Link to post
Share on other sites
Dmass

Dmass

Posted
  • Author
Posted

1) I probably did - at some point in the distant past

2) Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Jim at 2014-10-17 17:25:18 Run:1
Running from C:\Users\Jim\Desktop
Loaded Profiles: UpdatusUser & Jim (Available profiles: UpdatusUser & Jim)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-419457526-2912272509-3820656120-1002\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
FF Extension: TopArcadeHits - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-07-28]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15266472.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15266472.sys => ""="Driver"
Folder: C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzod
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-419457526-2912272509-3820656120-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-419457526-2912272509-3820656120-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\940rbffc.default\Extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\15266472.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\15266472.sys" => Key deleted successfully.
 
========================= Folder: C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzod ========================
 
2013-10-19 15:23 - 2014-10-16 13:11 - 0006144 _____ () C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzod\alarms.db
2013-10-19 15:15 - 2014-10-16 13:10 - 1162240 _____ () C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzod\main.db
2014-03-22 13:44 - 2014-10-16 13:10 - 0032768 _____ () C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzod\main.db-shm
2014-03-22 13:44 - 2014-10-16 14:25 - 0014704 _____ () C:\Users\Jim\AppData\Local\140DD743-8669-4D39-AAF2-9E149CADE104.aplzod\main.db-wal
 
====== End of Folder: ======
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 691.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
3)AdwCleaner[s0}.txt
 
# AdwCleaner v4.000 - Report created 17/10/2014 at 18:36:41
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jim - JIM-THINK
# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\Util
Folder Deleted : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17116
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
 
-\\ Google Chrome v37.0.2062.124
 
 
*************************
 
AdwCleaner[R0].txt - [1548 octets] - [17/10/2014 17:40:40]
AdwCleaner[s0].txt - [1222 octets] - [17/10/2014 18:36:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1282 octets] ##########
 
4) JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x64
Ran by Jim on Fri 10/17/2014 at 18:42:58.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{00F7BF53-8145-44CB-91BD-8C9E81489E8B}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{1973C66F-833E-4352-B1BB-1D215106B18C}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{280D2578-CF2D-49B3-811A-1DB5A17D1E9B}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{549999A9-4519-4FC9-9875-694818E7F1C2}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{63B46D1D-D8AF-415F-B335-E7224B595B20}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{855E7D05-5F59-431B-96BE-713D2229B029}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{8791944A-DA8E-4B1E-A173-5E7F95B9CFF5}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{8AE2A4DB-01CE-40DD-80F1-3219DE2DCD51}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{BFABE255-F503-40CA-A004-D57069FB3C4B}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{C4A5E6EA-202A-496C-971C-E51D4EC5B92D}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{D75E631F-B280-4A8E-8532-E7E1F03B4F61}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{DB364059-67D5-4E3F-BB50-1D829C36ACF2}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{DD15D44B-3167-4744-82F1-986914E295B1}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{DD986D82-5812-444C-AD2B-4C4185FDCE2A}
Successfully deleted: [Empty Folder] C:\Users\Jim\appdata\local\{E2F63374-172A-493D-9436-CE9202904718}
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\940rbffc.default\prefs.js
 
user_pref("toparcadehits.settings.addon_data", "hxxp://tt.toparcadehits.com/cmn?p=YTI3NzM4OTM3NTVTAmzN1DqaPXCWhvoDcM1V13tCAdd2jV9Gwvhlir9LaW5qLdRiRHJobfqBfP6kHUaAfO9breeFZuYU0
Emptied folder: C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\940rbffc.default\minidumps [2 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/17/2014 at 18:49:49.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites
Dmass

Dmass

Posted
  • Author
Posted

It appears to be better.

 

I was receiving a Security Alert that would not allow me to download any files before.  Just tried to download Norton software and it didn't get the alert so it appears to be fixed.

 

Don't worry, I didn't actually download anything - just was testing to see if I could and if that alert popped up.  ;)

 

Thanks for your help so far.

 

What's next?

 

Jim

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Lets check for remants and confirm your machine appears free of malware. We can then proceed by updating your vulnerable software and removing the tools we've used.

STEP 1

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the updated Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Launch the programme and click Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.

STEP 2

GzlsbnV.png ESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
======================================================

STEP 3

pfNZP4A.png Logs

In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log
Link to post
Share on other sites
Dmass

Dmass

Posted
  • Author
Posted

MBAM Scan log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/17/2014
Scan Time: 7:31:27 PM
Logfile: malware log.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.17.09
Rootkit Database: v2014.10.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jim
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398297
Time Elapsed: 20 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET Online Scan log:
 
C:\Users\Jim\Downloads\cbsidlm-cbsi127-MP3MyMP3-SEO-10369269.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Jim\Downloads\cbsidlm-tr1_13-RarmaRadio-SEO-10679588 (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Jim\Downloads\cbsidlm-tr1_13-RarmaRadio-SEO-10679588.exe Win32/DownloadAdmin.G potentially unwanted application
 
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello Jim, 

 

Navigate to C:\Users\Jim\Downloads. Delete any files you do not recognise, or do not need. 

 

STEP 1
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Reader X (10.1.12)
    • Java 7 Update 67
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button 29Fou9c.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites
Dmass

Dmass

Posted
  • Author
Posted

Adam:

 

I have been attempting to download and install the apps per your instructions in Step 1 but am running into problems

 

The Adobe Reader is saying it has failed to install

 

The Java is returning an error saying the installer cannot proceed with my current Internet Connection setting

 

My Security setting for IE at set at the default value (Medium)

 

Thoughts on what the problem might be and how to remedy so as to continue with the process?

 

Thanks,

 

Jim

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Jim, 

 

Download and run the Adobe Reader uninstaller: 

http://labs.adobe.com/downloads/acrobatcleaner.html

 

Download and run JavaRa:

  • Please download JavaRa and save the file to your Desktop.
  • Right-click the folder and click Extra All.
  • Close any open windows. 
  • Right-Click JavaRa.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Select your language and click Select.
  • Once opened, click Remove Older Versions.
  • Click Yes when prompted. Upon completion, click OK.
  • Please reboot your computer. 

 

Confirm both programmes removed from your computer. 

 

If you require both programmes, click the relevant links in my previous post to download and install the updated versions. Please be aware that Java should only be installed if you have particular need for the programme. Otherwise, best not to install as the programme is extremely susceptible to malicious exploits. 

Link to post
Share on other sites
Dmass

Dmass

Posted
  • Author
Posted
 Hi Adam:

 

After quite a bit of manipulation of my anti-virus software and firewall (Norton), I was able to download the the latest version of the apps listed.

 

My computer's performance seems fine except for IE which just seems to to take forever to load and then connect to any websites.  Download through it are 50-50 at best.  I have set Google Chrome as my new default browser to avoid the IE issues.  

 

As mentioned, Norton seems to be overly sensitive so I am not sure if I need to adjust some settings or what? 

 

Thanks for your continued help!

 

Jim

 

Here is the log of Security Check:

 

Results of screen317's Security Check version 0.99.89  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton 360 Premier Edition   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Java 8 Update 25  

 Java version out of Date! 

 Adobe Reader XI  

 Mozilla Firefox (33.0) 

 Google Chrome 37.0.2062.124  

 Google Chrome 38.0.2125.104  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 4% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Jim, 

 

Try resetting Internet Explorer if you wish to continue using the browser. However, Google Chrome is a good browser, and of course, you have the option of installing Mozilla Firefox as well. I use both Chrome and Firefox. 

 

As for Norton, I am not familiar with the programme so cannot comment on the functionality of it. You can try asking on the Norton Forum, or consider switching to a different Anti-Virus. I'm not really an advocate of Norton, and will recommend other Anti-Virus software to users. 

 

Let me know what you think.

b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Jim, 

 

I would recommend one of the following.

For a paid solution, my choice of anti-virus is ESET NOD32, and for a free solution, my choice of anti-virus is avast!. Please be aware that there is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus. What works for one person may not work for another.

 

If you choose to replace Norton, please ensure you read the following article first.

 

------------------

 

How is your computer performing? Are there any outstanding issues?

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

You're more than welcome, Jim. I'm pleased to hear things are in working order.

Now for the good news.

All Clean!
Congratulations, your computer appears clean!
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful.

My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png

STEP 1
9SN2ePL.png ComboFix Uninstall

  • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

======================================================

I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.

======================================================

Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread.

Thank you for using Malwarebytes.

Safe Surfing. thumbup.gif
Adam (LiquidTension).

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.