Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

<file> couldn't be downloaded - a symptom?


  • This topic is locked This topic is locked
33 replies to this topic

#1 latitudedfb

latitudedfb

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 26 August 2013 - 11:11 AM

Anytime I try to download a file using Internet Explorer 10 I get the message "<file> couldn't be downloaded" where <file> is anything I try to download.  The problem does not occur if I use Firefox.

 

Sometimes these files are downloaded into the Downloads folder, sometimes not. I think there may be a virus lurking but have not been able to locate it. I think I had a zeroaccess rootlit but not sure if it is totally eliminated. Suggestions?

 

----

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Tom at 11:46:50 on 2013-08-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1658 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.blahblah.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyOverride = <local>;*.local;192.168.*.*
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A}\34963736F64353630363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A}\478656F5761627167656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\3180k6wb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.boatinspect.com/
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tom\appdata\local\citrix\plugins\97\npappdetector.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-01 19:36; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\IPSFFPlgn
FF - ExtSQL: 2013-08-02 13:19; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-08-02 18:18; jid1-ZAdIEUB7XOzOJw@jetpack; c:\users\tom\appdata\roaming\mozilla\firefox\profiles\3180k6wb.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\system32\drivers\SMR322.SYS [2013-8-26 98392]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-18 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-18 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-18 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130823.001\IDSvix86.sys [2013-8-24 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-18 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1404000.028\symnets.sys [2013-6-18 339544]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccsvchst.exe [2013-6-18 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-21 106656]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-4-4 245760]
S3 CMAP_USBCC;Jeppesen Marine USBCCR Driver (x86);c:\windows\system32\drivers\cmapusb.sys [2011-8-20 20032]
S3 CMAPLDR;Jeppesen Marine USBCCR Loader Driver (x86);c:\windows\system32\drivers\cmapldr.sys [2011-8-20 16184]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-11-22 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-21 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-21 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-18 1343400]
S3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-7-31 17920]
S4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-8-21 106280]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~1\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-08-26 13:41:11    98392    ----a-w-    c:\windows\system32\drivers\SMR322.SYS
2013-08-24 16:39:25    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-08-24 15:29:11    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-24 15:19:00    --------    d-----w-    C:\FRST
2013-08-21 15:29:16    --------    d-----w-    c:\windows\ERUNT
2013-08-21 13:27:29    6881616    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-08-21 13:27:24    7143960    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{604e54f9-a89b-4067-a34a-202251192f26}\mpengine.dll
2013-08-21 12:15:05    --------    d-----w-    c:\program files\HitmanPro
2013-08-21 01:37:49    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 01:37:49    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-13 19:45:03    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-13 19:44:59    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-13 19:44:59    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-13 19:44:59    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-13 19:44:59    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-13 19:44:57    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-13 19:44:56    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-13 19:44:55    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-13 19:44:55    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-13 19:44:55    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-13 19:44:30    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-13 19:44:10    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-02 21:55:35    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-07-30 21:52:01    880640    ----a-w-    c:\windows\system32\UniBox10.ocx
2013-07-30 21:52:01    506368    ----a-w-    c:\windows\system32\msxml.dll
2013-07-30 21:52:01    212992    ----a-w-    c:\windows\system32\UniBoxVB12.ocx
2013-07-30 21:52:01    1101824    ----a-w-    c:\windows\system32\UniBox210.ocx
2013-07-30 21:52:00    --------    d-----w-    c:\program files\Norton Utilities 14
2013-07-30 17:14:20    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-29 16:11:57    --------    d-----w-    C:\found.000
.
==================== Find3M  ====================
.
2013-07-30 17:14:11    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-27 13:19:54    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-06-18 20:25:47    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-05 03:05:09    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 04:53:07    509440    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 11:47:40.57 ===============
 


Edited by latitudedfb, 26 August 2013 - 05:12 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 31 August 2013 - 11:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505692 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 latitudedfb

latitudedfb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 31 August 2013 - 03:03 PM

Windows 7 Professional

Service Pack 1

32 bit operating system

-----

I can not download anything on Internet Explorer 10. I get the message "<file> couldn't be downloaded" where <file> is anything I try to download.  The problem does not occur if I use Firefox. Both Internet Explorer 10 and Firefox 23.0.1 crash and will not open for 20 seconds or so and the computer is unresponsive at this time.

New DDS log is below

-------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Tom at 15:56:17 on 2013-08-31
#Option Extended Search is enabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1438 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.blah blah.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyOverride = <local>;*.local;192.168.*.*
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A}\34963736F64353630363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A}\478656F5761627167656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3564E020-8536-4733-A781-0E583FF70C6A}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tom\appdata\roaming\mozilla\firefox\profiles\3180k6wb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.boatinspect.com/
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tom\appdata\local\citrix\plugins\97\npappdetector.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-01 19:36; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\IPSFFPlgn
FF - ExtSQL: 2013-08-02 13:19; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-08-02 18:18; jid1-ZAdIEUB7XOzOJw@jetpack; c:\users\tom\appdata\roaming\mozilla\firefox\profiles\3180k6wb.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-18 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-18 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-18 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130830.001\IDSvix86.sys [2013-8-30 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-18 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1404000.028\symnets.sys [2013-6-18 339544]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccsvchst.exe [2013-6-18 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-26 108120]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-4-4 245760]
S3 CMAP_USBCC;Jeppesen Marine USBCCR Driver (x86);c:\windows\system32\drivers\cmapusb.sys [2011-8-20 20032]
S3 CMAPLDR;Jeppesen Marine USBCCR Loader Driver (x86);c:\windows\system32\drivers\cmapldr.sys [2011-8-20 16184]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-11-22 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-8-21 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-21 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-18 1343400]
S3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-7-31 17920]
S4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-8-21 106280]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~1\office10\FRONTPG.EXE
.
=============== Created Last 60 ================
.
2013-08-31 16:19:24 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3917eeed-3777-4253-9fe3-389318474e2a}\offreg.dll
2013-08-30 11:16:30 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3917eeed-3777-4253-9fe3-389318474e2a}\mpengine.dll
2013-08-26 18:52:54 -------- d-----w- C:\AdwCleaner
2013-08-24 16:39:25 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-24 15:29:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-24 15:19:00 -------- d-----w- C:\FRST
2013-08-21 15:29:16 -------- d-----w- c:\windows\ERUNT
2013-08-21 13:27:29 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-08-21 12:15:05 -------- d-----w- c:\program files\HitmanPro
2013-08-21 01:37:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 01:37:49 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-13 19:45:03 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-13 19:44:59 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-13 19:44:59 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-13 19:44:59 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-13 19:44:59 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-13 19:44:57 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-13 19:44:56 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-13 19:44:55 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-13 19:44:55 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-13 19:44:55 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-13 19:44:30 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-13 19:44:10 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-02 21:55:35 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-30 21:52:01 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2013-07-30 21:52:01 506368 ----a-w- c:\windows\system32\msxml.dll
2013-07-30 21:52:01 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2013-07-30 21:52:01 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2013-07-30 21:52:00 -------- d-----w- c:\program files\Norton Utilities 14
2013-07-30 17:14:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-29 16:11:57 -------- d-----w- C:\found.000
2013-07-27 12:49:34 -------- d-----w- c:\users\tom\appdata\local\Diagnostics
2013-07-26 20:09:57 388096 ----a-r- c:\users\tom\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-26 20:09:57 -------- d-----w- c:\program files\Trend Micro
2013-07-21 04:29:47 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2013-07-21 04:29:47 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2013-07-21 04:29:47 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2013-07-21 01:54:47 -------- d-----w- c:\programdata\HitmanPro
2013-07-21 00:56:41 -------- d-----w- c:\windows\system32\MRT
2013-07-19 20:44:23 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-19 20:44:18 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-19 20:44:18 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-19 20:44:18 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-19 20:44:18 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-19 20:44:16 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-19 20:44:16 1247744 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find6M  ====================
.
2013-07-30 17:14:11 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-27 13:19:54 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-18 20:25:47 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-05-23 05:25:28 934488 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symefa.sys
2013-05-21 05:02:00 367704 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symds.sys
2013-05-16 05:02:14 603224 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 04:55:21 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-04-25 00:43:56 339544 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symnets.sys
2013-04-17 07:02:06 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-16 02:41:14 134744 ----a-w- c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 04:53:27 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 03:33:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-05 02:14:18 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-03-05 01:39:19 175264 ----a-w- c:\windows\system32\drivers\n360\1404000.028\ironx86.sys
2013-03-05 01:21:35 32344 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtspx.sys
.
============= FINISH: 15:57:23.28 ===============
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 31 August 2013 - 09:55 PM


Hello latitudedfb

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 latitudedfb

latitudedfb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 01 September 2013 - 09:03 AM

Hello and thank you very much for your help.

 

I downloaded both programs and ran them.

I forgot and ran JRT without disabling Norton 360.

I let JRT finish and then disabled Norton 360 and ran JRT again.

The log files from the first and second runs of JRT are included below.

When running JRT both times there were some "access denied" messages.

 

Logs follow:

--------

# AdwCleaner v3.001 - Report created 01/09/2013 at 09:43:29
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Tom - THERMALTAKE-P5W
# Running from : C:\Users\Tom\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\jetpack

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\prefs.js ]

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\86mjodzt.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1834 octets] - [26/08/2013 14:52:58]
AdwCleaner[R1].txt - [1084 octets] - [01/09/2013 09:41:20]
AdwCleaner[S0].txt - [1919 octets] - [26/08/2013 15:00:09]
AdwCleaner[S1].txt - [1010 octets] - [01/09/2013 09:43:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1070 octets] ##########

 

---------------

1st JRT run

Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Professional x86
Ran by Tom on Sun 09/01/2013 at  9:45:48.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\3180k6wb.default\minidumps [6 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/01/2013 at  9:47:43.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

---------------

2nd JRT run

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Professional x86
Ran by Tom on Sun 09/01/2013 at  9:49:56.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/01/2013 at  9:52:20.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 01 September 2013 - 11:41 AM


Hello latitudedfb

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 latitudedfb

latitudedfb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 01 September 2013 - 12:51 PM

Thank you again for your help.

I turned off Norton 360 smart firewall, anti-virus auto protect and anti spyware.

Combofix downloaded and ran without any problems.

The only anomalies while scanning were that it noted sections 6A, 19B and 32A all the other were just integers (numbers).

 

I again tried to download a file using internet explorer10 (in this case Google chrome).

I received the same message <file> couldn't be downloaded.

However the file was found in the C:\Users\Tom\Downloads folder so it maust have been downloaded regardless of the message.

The browser crashes on IE 10 and Firefox occur randomly so I cannot test if they are fixed.

 

Thank you for your patience in this matter

 

---------------

 

ComboFix 13-08-31.01 - Tom 09/01/2013  13:28:39.6.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1926 [GMT -4:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-01 to 2013-09-01  )))))))))))))))))))))))))))))))
.
.
2013-09-01 17:36 . 2013-09-01 17:36    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-09-01 17:36 . 2013-09-01 17:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-30 11:16 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3917EEED-3777-4253-9FE3-389318474E2A}\mpengine.dll
2013-08-26 18:52 . 2013-09-01 13:43    --------    d-----w-    C:\AdwCleaner
2013-08-24 15:29 . 2013-08-30 10:38    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-24 15:19 . 2013-08-24 15:19    --------    d-----w-    C:\FRST
2013-08-21 15:29 . 2013-08-21 15:29    --------    d-----w-    c:\windows\ERUNT
2013-08-21 12:15 . 2013-08-21 12:15    --------    d-----w-    c:\program files\HitmanPro
2013-08-21 01:37 . 2013-08-21 13:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 01:37 . 2013-08-21 13:23    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-13 19:45 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-13 19:44 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-13 19:44 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-13 19:44 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-13 19:44 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-13 19:44 . 2013-07-06 05:05    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-13 19:44 . 2013-07-09 04:50    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-13 19:44 . 2013-07-09 05:03    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-13 19:44 . 2013-07-09 05:03    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-13 19:44 . 2013-07-09 04:53    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-13 19:44 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-13 19:44 . 2013-06-15 03:38    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-02 21:55 . 2013-08-19 22:28    --------    d-----w-    c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 17:14 . 2013-07-30 17:14    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-30 17:14 . 2012-05-27 17:32    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-26 20:09 . 2013-07-26 20:09    388096    ----a-r-    c:\users\Tom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-27 13:19 . 2013-06-27 13:19    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-06-18 20:25 . 2011-08-14 20:57    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-05 03:05 . 2013-07-19 20:44    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-19 20:44    509440    ----a-w-    c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 07:17    642664    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 18:14    44128    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44    500208    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 03:10    402432    ----a-w-    c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25    59240    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 19:27    89184    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-06-10 17:42    2621440    ------r-    c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 17:18    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-06-15 05:32    1532760    ----a-w-    c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 20:10    153672    ----a-w-    c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 03:32    61440    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R0 udpnt;udpnt;c:\windows\System32\drivers\dfrxcho.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 CMAP_USBCC;Jeppesen Marine USBCCR Driver (x86);c:\windows\system32\Drivers\cmapusb.sys [2005-05-31 20032]
R3 CMAPLDR;Jeppesen Marine USBCCR Loader Driver (x86);c:\windows\system32\Drivers\cmapldr.sys [2005-06-13 16184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 64680]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-18 1343400]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 17920]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-08-29 106280]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-05-31 1002072]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130830.001\IDSvix86.sys [2013-08-20 392792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1404000.028\Ironx86.SYS [2013-03-05 175264]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [2013-04-25 339544]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-27 108120]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 13:23]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 20:37]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 20:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boatinspect.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.boatinspect.com/
FF - ExtSQL: 2013-08-01 19:36; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn
FF - ExtSQL: 2013-08-02 13:19; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-08-02 18:18; jid1-ZAdIEUB7XOzOJw@jetpack; c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\02\05\03\0d\0e2?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-01  13:38:33
ComboFix-quarantined-files.txt  2013-09-01 17:38
ComboFix2.txt  2013-08-24 16:41
ComboFix3.txt  2013-08-21 03:33
ComboFix4.txt  2013-07-21 03:03
.
Pre-Run: 267,135,102,976 bytes free
Post-Run: 267,064,975,360 bytes free
.
- - End Of File - - 676150FAD09C716439BB314BD7F56693
A36C5E4F47E84449FF07ED3517B43A31



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 01 September 2013 - 03:52 PM


Hello latitudedfb

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 latitudedfb

latitudedfb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 01 September 2013 - 05:02 PM

Thank you again.

 

I downloaded the Microsoft Fix-It tool to the desktop and ran the tool.

I also followed your directions as to deleting history and resetting etc.

 

I again tried to download a file using IE10 and received the same message: <file> couldn't be downloaded.

However the file was again found in the C:\Users\Tom\Downloads folder.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 01 September 2013 - 08:56 PM


Hello latitudedfb

That is so strange do you have the same problem with any other browsers

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 latitudedfb

latitudedfb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 01 September 2013 - 11:24 PM

Here is the Combofix log

Do you see any malware?

Still can not dowload from IE10 but Firefox is ok.

Is Windows Defender ok?

------------------

 

ComboFix 13-09-01.02 - Tom 09/02/2013   0:12.8.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1838 [GMT -4:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-02 to 2013-09-02  )))))))))))))))))))))))))))))))
.
.
2013-09-02 04:18 . 2013-09-02 04:18    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-09-02 04:18 . 2013-09-02 04:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-02 03:50 . 2013-09-02 03:50    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3917EEED-3777-4253-9FE3-389318474E2A}\offreg.dll
2013-08-30 11:16 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3917EEED-3777-4253-9FE3-389318474E2A}\mpengine.dll
2013-08-26 18:52 . 2013-09-01 13:43    --------    d-----w-    C:\AdwCleaner
2013-08-24 15:29 . 2013-08-30 10:38    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-24 15:19 . 2013-08-24 15:19    --------    d-----w-    C:\FRST
2013-08-21 15:29 . 2013-08-21 15:29    --------    d-----w-    c:\windows\ERUNT
2013-08-21 12:15 . 2013-08-21 12:15    --------    d-----w-    c:\program files\HitmanPro
2013-08-21 01:37 . 2013-08-21 13:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 01:37 . 2013-08-21 13:23    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-13 19:45 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-13 19:44 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-13 19:44 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-13 19:44 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-13 19:44 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-13 19:44 . 2013-07-06 05:05    1293760    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-13 19:44 . 2013-07-09 04:50    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-13 19:44 . 2013-07-09 05:03    3968960    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-13 19:44 . 2013-07-09 05:03    3913664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-13 19:44 . 2013-07-09 04:53    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-13 19:44 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-13 19:44 . 2013-06-15 03:38    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 17:14 . 2013-07-30 17:14    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-30 17:14 . 2012-05-27 17:32    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-07-26 20:09 . 2013-07-26 20:09    388096    ----a-r-    c:\users\Tom\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-27 13:19 . 2013-06-27 13:19    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-06-18 20:25 . 2011-08-14 20:57    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-05 03:05 . 2013-07-19 20:44    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-19 20:44    509440    ----a-w-    c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
backupExtension=Common Startup
.
[HKLM\~\startupfolder\C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnkStartup
backupExtension=Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 07:17    642664    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 18:14    44128    ----a-w-    c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44    500208    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 03:10    402432    ----a-w-    c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25    59240    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 19:27    89184    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-06-10 17:42    2621440    ------r-    c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 17:18    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-06-15 05:32    1532760    ----a-w-    c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 20:10    153672    ----a-w-    c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 03:32    61440    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R0 udpnt;udpnt;c:\windows\System32\drivers\dfrxcho.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 CMAP_USBCC;Jeppesen Marine USBCCR Driver (x86);c:\windows\system32\Drivers\cmapusb.sys [2005-05-31 20032]
R3 CMAPLDR;Jeppesen Marine USBCCR Loader Driver (x86);c:\windows\system32\Drivers\cmapldr.sys [2005-06-13 16184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 64680]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-18 1343400]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 17920]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-08-29 106280]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [2013-05-31 1002072]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130830.001\IDSvix86.sys [2013-08-20 392792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1404000.028\Ironx86.SYS [2013-03-05 175264]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [2013-04-25 339544]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-27 108120]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 13:23]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 20:37]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 20:37]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local;192.168.*.*
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.boatinspect.com/
FF - ExtSQL: 2013-08-01 19:36; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn
FF - ExtSQL: 2013-08-02 13:19; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-08-02 18:18; jid1-ZAdIEUB7XOzOJw@jetpack; c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\02\05\03\0d\0e2?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-02  00:21:19
ComboFix-quarantined-files.txt  2013-09-02 04:21
ComboFix2.txt  2013-09-01 17:38
ComboFix3.txt  2013-08-24 16:41
ComboFix4.txt  2013-08-21 03:33
ComboFix5.txt  2013-09-02 03:52
.
Pre-Run: 267,494,506,496 bytes free
Post-Run: 267,423,690,752 bytes free
.
- - End Of File - - 6CCB5909D2E819E3E7755CE97DE867EE
A36C5E4F47E84449FF07ED3517B43A31
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 01 September 2013 - 11:32 PM


Hello latitudedfb



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 latitudedfb

latitudedfb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 02 September 2013 - 08:32 AM

Thank you again.

Here are the Farbar FRST and Addition logs:

 

-----------------

FRST log

-----------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Tom (administrator) on THERMALTAKE-P5W on 02-09-2013 09:15:00
Running from C:\Users\Tom\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoDrives] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default
FF Homepage: hxxp://www.boatinspect.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Tom\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\searchplugins\duckduckgo.xml
FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\

========================== Services (Whitelisted) =================

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-08-29] (SurfRight B.V.)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093944 2011-01-20] (Symantec Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S2 Ati External Event Utility; %SystemRoot%\system32\Ati2evxx.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2011-08-21] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 CMAPLDR; C:\Windows\System32\Drivers\cmapldr.sys [16184 2005-06-13] (C-Map)
S3 CMAP_USBCC; C:\Windows\System32\Drivers\cmapusb.sys [20032 2005-05-31] (C-Map)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-26] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-20] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2011-08-21] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130901.004\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130901.004\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)
R3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation                           )
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-18] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [17920 2009-07-31] (Creative Technology Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 catchme; \??\C:\Users\Tom\AppData\Local\Temp\catchme.sys [x]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]
S0 udpnt; System32\drivers\dfrxcho.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-02 00:21 - 2013-09-02 00:21 - 00014367 _____ C:\ComboFix.txt
2013-09-02 00:11 - 2013-09-02 00:21 - 00000000 ____D C:\ComboFix
2013-09-02 00:05 - 2013-09-02 00:05 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (6).exe
2013-09-01 17:53 - 2013-09-01 17:53 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (5).exe
2013-09-01 17:38 - 2013-09-01 17:38 - 00659968 _____ C:\Users\Tom\Desktop\MicrosoftFixit50195(1).msi
2013-09-01 13:40 - 2013-09-01 13:40 - 00784840 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (4).exe
2013-09-01 13:21 - 2013-09-01 23:50 - 05116805 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2013-09-01 09:52 - 2013-09-01 09:52 - 00000631 _____ C:\Users\Tom\Desktop\JRT_2.txt
2013-09-01 09:52 - 2013-09-01 09:47 - 00000867 _____ C:\Users\Tom\Desktop\JRT_1.txt
2013-09-01 09:40 - 2013-09-01 09:40 - 01027511 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2013-09-01 09:38 - 2013-09-01 09:38 - 00994642 _____ C:\Users\Tom\Desktop\AdwCleaner.exe
2013-08-31 18:04 - 2013-08-31 18:04 - 00784880 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (3).exe
2013-08-31 15:57 - 2013-08-31 15:57 - 00016555 _____ C:\Users\Tom\Desktop\dds.txt
2013-08-31 15:57 - 2013-08-31 15:57 - 00014106 _____ C:\Users\Tom\Desktop\attach.txt
2013-08-29 22:00 - 2013-08-29 22:00 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3(1).exe
2013-08-29 20:38 - 2013-08-29 21:54 - 00012777 _____ C:\Users\Tom\Desktop\Hotel_Fuel Costs_082913.xlsx
2013-08-29 12:57 - 2013-08-30 15:08 - 00013247 _____ C:\Users\Tom\Desktop\Boat Trip Fuel cost calculator.xlsx
2013-08-28 22:21 - 2013-08-28 22:21 - 00050281 _____ C:\Users\Tom\Downloads\aswMBR.exe.part
2013-08-26 17:08 - 2013-08-26 17:08 - 00024744 _____ C:\Users\Tom\Desktop\Copy of FLMC-Registered attendees as of 8-26.xlsx
2013-08-26 14:52 - 2013-09-01 09:43 - 00000000 ____D C:\AdwCleaner
2013-08-26 11:45 - 2013-08-31 15:55 - 00688992 ____R (Swearware) C:\Users\Tom\Desktop\dds.com
2013-08-26 10:04 - 2013-08-26 10:04 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (2).exe
2013-08-24 14:04 - 2013-08-24 14:04 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3.exe
2013-08-24 12:50 - 2013-08-24 12:50 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (1).exe
2013-08-24 12:00 - 2013-08-24 12:00 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup.exe
2013-08-24 11:29 - 2013-08-30 06:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-24 11:19 - 2013-08-24 11:19 - 00000000 ____D C:\FRST
2013-08-22 13:04 - 2013-08-22 13:04 - 00224749 _____ C:\Users\Tom\Desktop\Gizmodo_big_tech_ecosystem_competition.jpeg
2013-08-21 11:29 - 2013-08-21 11:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-21 09:34 - 2012-08-23 10:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-21 09:34 - 2012-08-23 10:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-21 09:34 - 2012-08-23 10:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-21 09:34 - 2012-08-23 10:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-21 09:34 - 2012-08-23 10:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-21 09:34 - 2012-08-23 09:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-21 09:34 - 2012-08-23 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-21 09:34 - 2012-08-23 09:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-21 09:34 - 2012-08-23 09:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-21 09:34 - 2012-08-23 09:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-21 09:34 - 2012-08-23 07:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-21 09:34 - 2012-08-23 07:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-21 09:34 - 2012-08-23 07:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-21 09:34 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-21 09:34 - 2012-08-23 06:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-21 09:34 - 2012-08-23 06:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-21 09:34 - 2012-08-23 04:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 09:33 - 2013-08-21 09:33 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-21 09:33 - 2013-08-21 09:33 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-21 09:33 - 2013-08-21 09:33 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-21 09:33 - 2013-08-21 09:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-21 09:33 - 2013-08-21 09:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-21 08:15 - 2013-08-21 08:15 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 23:13 - 2013-08-20 23:13 - 04009167 _____ C:\Users\Tom\Downloads\ServicesRepair.exe
2013-08-20 22:43 - 2013-08-20 22:43 - 00000512 _____ C:\Users\Tom\Downloads\MBRCheck_MBR_Backup_08-20-13_22-43-50.bak
2013-08-20 21:40 - 2013-08-20 21:40 - 01068176 _____ (Solid State Networks) C:\Users\Tom\Downloads\install_flashplayer11x32ax_chrd_awa_aih.exe
2013-08-20 21:37 - 2013-09-01 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 21:37 - 2013-08-21 09:23 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 21:37 - 2013-08-21 09:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 08:25 - 2013-08-19 08:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-13 15:45 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 15:44 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 15:44 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-13 15:44 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 15:44 - 2013-07-09 00:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 15:44 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 15:44 - 2013-07-09 00:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 15:44 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 15:44 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 15:44 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 15:44 - 2013-07-06 01:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 15:44 - 2013-06-14 23:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 17:59 - 2013-08-07 20:56 - 00039424 _____ C:\Users\Tom\Documents\Copy of 2013 water usage analysis.xls

==================== One Month Modified Files and Folders =======

2013-09-02 09:12 - 2013-09-02 09:12 - 01085803 _____ (Farbar) C:\Users\Tom\Desktop\FRST.exe
2013-09-02 09:09 - 2009-07-14 00:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 09:09 - 2009-07-14 00:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 09:03 - 2011-12-15 16:37 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 09:02 - 2013-08-01 12:16 - 00005498 _____ C:\Windows\setupact.log
2013-09-02 09:02 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 09:01 - 2011-08-14 16:36 - 00944080 _____ C:\Windows\PFRO.log
2013-09-02 00:25 - 2011-08-14 15:16 - 01849150 _____ C:\Windows\WindowsUpdate.log
2013-09-02 00:21 - 2013-09-02 00:21 - 00014367 _____ C:\ComboFix.txt
2013-09-02 00:21 - 2013-09-02 00:11 - 00000000 ____D C:\ComboFix
2013-09-02 00:21 - 2012-10-22 08:10 - 00000000 ____D C:\Qoobox
2013-09-02 00:18 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2013-09-02 00:05 - 2013-09-02 00:05 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (6).exe
2013-09-01 23:50 - 2013-09-01 13:21 - 05116805 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2013-09-01 23:50 - 2011-12-15 16:37 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 23:46 - 2013-08-20 21:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 17:53 - 2013-09-01 17:53 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (5).exe
2013-09-01 17:38 - 2013-09-01 17:38 - 00659968 _____ C:\Users\Tom\Desktop\MicrosoftFixit50195(1).msi
2013-09-01 13:40 - 2013-09-01 13:40 - 00784840 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (4).exe
2013-09-01 13:22 - 2013-07-30 17:52 - 00000000 ____D C:\Program Files\Norton Utilities 14
2013-09-01 09:52 - 2013-09-01 09:52 - 00000631 _____ C:\Users\Tom\Desktop\JRT_2.txt
2013-09-01 09:47 - 2013-09-01 09:52 - 00000867 _____ C:\Users\Tom\Desktop\JRT_1.txt
2013-09-01 09:43 - 2013-08-26 14:52 - 00000000 ____D C:\AdwCleaner
2013-09-01 09:40 - 2013-09-01 09:40 - 01027511 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2013-09-01 09:38 - 2013-09-01 09:38 - 00994642 _____ C:\Users\Tom\Desktop\AdwCleaner.exe
2013-08-31 18:04 - 2013-08-31 18:04 - 00784880 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (3).exe
2013-08-31 15:57 - 2013-08-31 15:57 - 00016555 _____ C:\Users\Tom\Desktop\dds.txt
2013-08-31 15:57 - 2013-08-31 15:57 - 00014106 _____ C:\Users\Tom\Desktop\attach.txt
2013-08-31 15:55 - 2013-08-26 11:45 - 00688992 ____R (Swearware) C:\Users\Tom\Desktop\dds.com
2013-08-31 08:57 - 2012-06-15 08:52 - 00000000 ____D C:\Users\Tom\AppData\Local\Rose Point Navigation Systems
2013-08-31 08:30 - 2011-08-20 10:54 - 00000000 ____D C:\Users\Tom\AppData\Local\Adobe
2013-08-31 08:30 - 2011-08-20 10:49 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-31 08:30 - 2011-08-20 10:49 - 00000000 ____D C:\Program Files\Adobe
2013-08-30 15:08 - 2013-08-29 12:57 - 00013247 _____ C:\Users\Tom\Desktop\Boat Trip Fuel cost calculator.xlsx
2013-08-30 06:52 - 2011-10-08 19:25 - 00000000 ____D C:\Users\Tom\AppData\Local\NPE
2013-08-30 06:38 - 2013-08-24 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-29 22:00 - 2013-08-29 22:00 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3(1).exe
2013-08-29 21:58 - 2007-03-05 13:56 - 02503680 __SHC C:\Users\Tom\Desktop\Thumbs.db
2013-08-29 21:54 - 2013-08-29 20:38 - 00012777 _____ C:\Users\Tom\Desktop\Hotel_Fuel Costs_082913.xlsx
2013-08-29 21:20 - 2012-03-20 18:35 - 00002339 _____ C:\Users\Tom\Desktop\Public Scans - Shortcut.lnk
2013-08-28 22:21 - 2013-08-28 22:21 - 00050281 _____ C:\Users\Tom\Downloads\aswMBR.exe.part
2013-08-28 11:12 - 2011-08-14 15:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-27 08:08 - 2011-11-28 08:34 - 00017230 _____ C:\Users\Tom\Desktop\PW.xlsx
2013-08-26 17:08 - 2013-08-26 17:08 - 00024744 _____ C:\Users\Tom\Desktop\Copy of FLMC-Registered attendees as of 8-26.xlsx
2013-08-26 15:09 - 2013-07-20 20:56 - 00000000 ____D C:\Windows\system32\MRT
2013-08-26 14:48 - 2013-07-29 12:11 - 00000000 ____D C:\found.000
2013-08-26 10:04 - 2013-08-26 10:04 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (2).exe
2013-08-25 22:23 - 2011-09-07 20:33 - 00007655 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2013-08-24 17:30 - 2009-07-14 00:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 14:04 - 2013-08-24 14:04 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3.exe
2013-08-24 12:50 - 2013-08-24 12:50 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (1).exe
2013-08-24 12:00 - 2013-08-24 12:00 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup.exe
2013-08-24 11:19 - 2013-08-24 11:19 - 00000000 ____D C:\FRST
2013-08-22 18:43 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-08-22 13:04 - 2013-08-22 13:04 - 00224749 _____ C:\Users\Tom\Desktop\Gizmodo_big_tech_ecosystem_competition.jpeg
2013-08-21 11:29 - 2013-08-21 11:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-21 09:58 - 2011-09-14 11:35 - 00000000 ____D C:\Windows\pss
2013-08-21 09:47 - 2012-11-13 18:03 - 00000000 ____D C:\Users\Tom\Desktop\OUTSTANDING INVOICES
2013-08-21 09:34 - 2013-04-30 08:48 - 00021495 _____ C:\Windows\IE10_main.log
2013-08-21 09:33 - 2013-08-21 09:33 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 09:33 - 2013-08-21 09:33 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-21 09:33 - 2013-08-21 09:33 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-21 09:33 - 2013-08-21 09:33 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-21 09:33 - 2013-08-21 09:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-21 09:33 - 2013-08-21 09:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-21 09:23 - 2013-08-20 21:37 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 09:23 - 2013-08-20 21:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 08:15 - 2013-08-21 08:15 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-21 08:14 - 2013-07-20 21:54 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-21 08:05 - 2011-08-14 15:23 - 00730448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-20 23:13 - 2013-08-20 23:13 - 04009167 _____ C:\Users\Tom\Downloads\ServicesRepair.exe
2013-08-20 22:58 - 2011-08-14 15:16 - 00001413 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-20 22:43 - 2013-08-20 22:43 - 00000512 _____ C:\Users\Tom\Downloads\MBRCheck_MBR_Backup_08-20-13_22-43-50.bak
2013-08-20 21:40 - 2013-08-20 21:40 - 01068176 _____ (Solid State Networks) C:\Users\Tom\Downloads\install_flashplayer11x32ax_chrd_awa_aih.exe
2013-08-20 20:48 - 2011-08-14 16:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Adobe
2013-08-20 20:47 - 2011-08-14 16:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Macromedia
2013-08-20 09:52 - 2011-08-21 10:58 - 00000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2013-08-19 18:28 - 2013-08-02 17:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-19 18:28 - 2011-08-26 09:21 - 00000000 ____D C:\Windows\CD95F661A5C411AFB2CCABCD21A325B5.TMP
2013-08-19 08:25 - 2013-08-19 08:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 08:50 - 2011-08-14 15:38 - 00000000 ____D C:\Users\Tom\AppData\Local\Microsoft Help
2013-08-13 18:34 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-07 20:56 - 2013-08-07 17:59 - 00039424 _____ C:\Users\Tom\Documents\Copy of 2013 water usage analysis.xls
2013-08-07 13:44 - 2011-09-08 21:28 - 00014336 _____ C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 10:10 - 2013-07-19 09:00 - 00000000 ____D C:\Users\Tom\Desktop\Meals_Nutrition
2013-08-05 16:00 - 2011-08-19 19:25 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-01 08:14

==================== End Of Log ============================

 

------------------------

Addition Log

------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-08-2013 01
Ran by Tom at 2013-08-24 11:23:52
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

[[FSX]] Carenado MegaPack
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Community Help (Version: 3.5.23)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Media Player (Version: 1.8)
Aircrafter - Aircraft Manager for Microsoft Flightsimulator X (Version: 1.5)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.715.0)
BoatU.S. Simulator Project
Bonjour (Version: 3.0.0.10)
Brother BRAdmin Light 1.18.0001 (Version: 1.18.0001)
calibre (Version: 0.8.15)
Canon Auto Update Service (Version: 1.1.2.18)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.3.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1)
Canon MOV Decoder (Version: 1.9.0.8)
Canon MOV Encoder (Version: 1.8.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.9.0.6)
Canon Personal Printing Guide (Version: 1.1.1.3)
Canon PowerShot G12 Camera User Guide (Version: 1.0.0.1)
Canon RAW Codec (Version: 1.10.0.74)
Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Digital Photo Professional 3.9 (Version: 3.9.1.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.9.0.1)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.6.0.15)
Caribbean SeaPlane Tours, Dinner Key
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
CD Wave Editor 1.98 (Version: 1.9.8.1)
CDBurnerXP (Version: 4.5.0.3717)
Cisco Connect (Version: 1.4.12100.0)
C-MAP by Jeppesen PC Planner (Version: 11.0.5.2018)
Coastal Explorer Express
Core Temp 1.0 RC2 (Version: 1.0)
Coupon Companion (Version: 1.23.151.151)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EditVoicepack X (Version: 4.0.7)
Florida Topo Map (Version: 1.60)
FLV Player (Version: 2.0.25)
FSX GA-Traffic (Version: 1.0.1)
FSX Planner (Version: 1.25)
Garmin BaseCamp (Version: 3.2.2)
Garmin MapInstall (Version: 4.0.3)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
Google Calendar Sync
Google Earth Plug-in (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
GoToMeeting 5.5.0.1133 (HKCU Version: 5.5.0.1133)
HGTV Home & Landscape Platinum Suite (Version: 12.01)
HiJackThis (Version: 1.0.0)
HitmanPro 3.7 (Version: 3.7.7.203)
HL-2270DW (Version: 1.0.6.0)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
Internet Explorer (Enable DEP)
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 10.5.3.3)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 32 (Version: 6.0.320)
Just Flight - FS Insider  C152 (Version: 1.00.000)
JustFlight TrafficPlus Pack Military 2 [FSX]
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.101)
Logitech Gaming Software 5.10 (Version: 5.10.127)
MAIW-Texture Replacer Version 2.4.0.0 (Version: 2.4.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Flight Simulator X (Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 1 (Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 2 (Version: 10.0.61472.0)
Microsoft Image Composite Editor (Version: 1.4.4)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Streets & Trips 2007 (Version: 14.0.09.1100)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MoCat's Caribbean Seaplane Tours, Key West
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
My Trail Maps
NavRules version 3.0.4 (Version: 3.0.4)
Norton 360 (Version: 20.4.0.40)
Norton Utilities (Version: 14.5)
PC Probe II (Version: 1.04.19)
PerformanceTest v7.0 (Version: 7.0)
Photo Gallery (Version: 16.4.3505.0912)
PowerBoat Guide 2003
PowerBoat Guide 2006 (Version: 1.0.0.0)
PowerBoat Guide 2011 (Version: 2011)
Project Landrover Derfender
QuickBooks (Version: 19.0.4014.705)
QuickBooks Premier Edition 2009 (Version: 19.0.4014.705)
Quicken Legal Business Pro 2004
SE USA Topo Map
SEO SpyGlass
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skins (Version: 2010.0210.2339.42455)
Sony RAW Driver (Version: 2.0.00.08130)
Sony Sound Forge Audio Studio 9.0 (Version: 9.0.232)
Spybot - Search & Destroy (Version: 1.6.2)
SupportSoft Assisted Service (Version: 15)
TrailerBoat Guide 2006 (Version: 1.0.0.0)
TurboTax 2011 WinBizFedFormset (Version: 011.000.1699)
TurboTax 2011 WinBizReleaseEngine (Version: 011.000.0455)
TurboTax 2011 WinBizTaxSupport (Version: 011.000.1297)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 wflcbpm (Version: 012.000.0396)
TurboTax 2012 WinBizFedFormset (Version: 012.000.1253)
TurboTax 2012 WinBizReleaseEngine (Version: 012.000.0433)
TurboTax 2012 WinBizTaxSupport (Version: 012.000.1156)
TurboTax 2012 wrapper (Version: 012.000.0127)
TurboTax Business 2011
TurboTax Business 2012 (Version: 2012.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
USB C-Card Reader Drivers (Version: 2.2.0.6)
Vuze (Version: 5.0.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
 

==================== Restore Points  =========================

14-08-2013 19:53:34 Norton 360 Registry Clean
18-08-2013 13:46:28 Norton 360 Registry Clean
20-08-2013 01:34:29 Norton_Power_Eraser_20130819213425632
21-08-2013 02:52:21 Windows Modules Installer
21-08-2013 03:02:34 Windows Update
21-08-2013 13:29:16 Windows Update
21-08-2013 14:46:19 Norton 360 Registry Clean
21-08-2013 15:05:35 Norton 360 Registry Clean

==================== Hosts content: ==========================

2009-07-13 22:04 - 2013-07-20 22:57 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0CBB2EC9-694E-4A61-B4A9-9EB3FB2559E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {35E6C5B5-2214-4549-997D-AF187362A0B5} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {39C67D7E-45CC-4A1D-9FF1-C4ED2C41E819} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {3F3FC624-14B8-4BE5-86B5-5FE4CC62D820} - System32\Tasks\{FB3A0DB8-A500-44F3-9129-CD3DEA498271} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-12-10] (Microsoft Corp.)
Task: {7F853475-0255-48A3-92E2-281663627445} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {86C29F6E-06A0-4654-BFF6-5BCB5B8DC74C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {8B81608D-C5B6-447E-A196-ED84129A6AB3} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {9D13B222-83CC-4C65-B25F-68E7A7F678A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {A6C28F8C-A61A-44AB-9799-7B0C2A1814C2} - System32\Tasks\{79AB466C-3342-4ED2-8265-DC223348316C} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-12-10] (Microsoft Corp.)
Task: {CE775A25-BC38-4A7A-93F4-150EACB2DBF9} - System32\Tasks\AdobeAAMUpdater-1.0-Thermaltake-P5W-Tom => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {DC440D42-22B7-4B0C-A244-23B2DD2C168E} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.01.12\AsLoader.exe [2011-08-21] (ASUSTeK Computer Inc.)
Task: {FF9CB7D3-8208-41DC-AB61-53C06E8549B0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2013 00:49:46 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3b4

Start Time: 01cea0150d4535f9

Termination Time: 5

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: ff2721ba-0c13-11e3-bdd8-0018f3991923

Error: (08/22/2013 09:14:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {780b1903-a9d0-41f2-a0ad-fecea56c65e7}

Error: (08/22/2013 06:39:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/22/2013 06:36:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2013 00:59:28 PM) (Source: Application Hang) (User: )
Description: The program EXCEL.EXE version 14.0.7015.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 54c

Start Time: 01ce9f42d37c65d0

Termination Time: 0

Application Path: C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE

Report Id: 2af594c4-0b4c-11e3-bd35-0018f3991923

System errors:
=============
Error: (08/24/2013 10:01:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/24/2013 10:01:35 AM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Error: (08/23/2013 09:46:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/23/2013 09:46:32 PM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Error: (08/23/2013 09:24:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/23/2013 09:24:04 AM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Error: (08/22/2013 09:08:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/22/2013 09:08:20 AM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (08/23/2013 00:49:46 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.166603b401cea0150d4535f95C:\Program Files\Internet Explorer\iexplore.exeff2721ba-0c13-11e3-bdd8-0018f3991923

Error: (08/22/2013 09:14:12 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {780b1903-a9d0-41f2-a0ad-fecea56c65e7}

Error: (08/22/2013 06:39:45 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (08/22/2013 06:36:45 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe

Error: (08/22/2013 00:59:28 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE14.0.7015.100054c01ce9f42d37c65d00C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE2af594c4-0b4c-11e3-bd35-0018f3991923

CodeIntegrity Errors:
===================================
  Date: 2013-07-29 12:19:57.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-29 12:14:38.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-29 11:42:26.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:40:30.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:29:44.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:19:57.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:04:35.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 09:52:47.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 09:43:48.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 09:34:51.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.



#14 latitudedfb

latitudedfb
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 AM

Posted 02 September 2013 - 08:34 AM

Thank you again.

Here are the Farbar FRST and Addition logs:

 

-----------------

FRST log

-----------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-09-2013 04
Ran by Tom (administrator) on THERMALTAKE-P5W on 02-09-2013 09:15:00
Running from C:\Users\Tom\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoDrives] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default
FF Homepage: hxxp://www.boatinspect.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Tom\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\searchplugins\duckduckgo.xml
FF Extension: jid1-ZAdIEUB7XOzOJw - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3180k6wb.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\

========================== Services (Whitelisted) =================

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-08-29] (SurfRight B.V.)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093944 2011-01-20] (Symantec Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
S2 Ati External Event Utility; %SystemRoot%\system32\Ati2evxx.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2011-08-21] ()
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
S3 CMAPLDR; C:\Windows\System32\Drivers\cmapldr.sys [16184 2005-06-13] (C-Map)
S3 CMAP_USBCC; C:\Windows\System32\Drivers\cmapusb.sys [20032 2005-05-31] (C-Map)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-26] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130830.001\IDSvix86.sys [392792 2013-08-20] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2011-08-21] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130901.004\NAVENG.SYS [93272 2013-08-28] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130901.004\NAVEX15.SYS [1612376 2013-08-28] (Symantec Corporation)
R3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation                           )
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-18] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [17920 2009-07-31] (Creative Technology Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 catchme; \??\C:\Users\Tom\AppData\Local\Temp\catchme.sys [x]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]
S0 udpnt; System32\drivers\dfrxcho.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-02 00:21 - 2013-09-02 00:21 - 00014367 _____ C:\ComboFix.txt
2013-09-02 00:11 - 2013-09-02 00:21 - 00000000 ____D C:\ComboFix
2013-09-02 00:05 - 2013-09-02 00:05 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (6).exe
2013-09-01 17:53 - 2013-09-01 17:53 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (5).exe
2013-09-01 17:38 - 2013-09-01 17:38 - 00659968 _____ C:\Users\Tom\Desktop\MicrosoftFixit50195(1).msi
2013-09-01 13:40 - 2013-09-01 13:40 - 00784840 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (4).exe
2013-09-01 13:21 - 2013-09-01 23:50 - 05116805 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2013-09-01 09:52 - 2013-09-01 09:52 - 00000631 _____ C:\Users\Tom\Desktop\JRT_2.txt
2013-09-01 09:52 - 2013-09-01 09:47 - 00000867 _____ C:\Users\Tom\Desktop\JRT_1.txt
2013-09-01 09:40 - 2013-09-01 09:40 - 01027511 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2013-09-01 09:38 - 2013-09-01 09:38 - 00994642 _____ C:\Users\Tom\Desktop\AdwCleaner.exe
2013-08-31 18:04 - 2013-08-31 18:04 - 00784880 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (3).exe
2013-08-31 15:57 - 2013-08-31 15:57 - 00016555 _____ C:\Users\Tom\Desktop\dds.txt
2013-08-31 15:57 - 2013-08-31 15:57 - 00014106 _____ C:\Users\Tom\Desktop\attach.txt
2013-08-29 22:00 - 2013-08-29 22:00 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3(1).exe
2013-08-29 20:38 - 2013-08-29 21:54 - 00012777 _____ C:\Users\Tom\Desktop\Hotel_Fuel Costs_082913.xlsx
2013-08-29 12:57 - 2013-08-30 15:08 - 00013247 _____ C:\Users\Tom\Desktop\Boat Trip Fuel cost calculator.xlsx
2013-08-28 22:21 - 2013-08-28 22:21 - 00050281 _____ C:\Users\Tom\Downloads\aswMBR.exe.part
2013-08-26 17:08 - 2013-08-26 17:08 - 00024744 _____ C:\Users\Tom\Desktop\Copy of FLMC-Registered attendees as of 8-26.xlsx
2013-08-26 14:52 - 2013-09-01 09:43 - 00000000 ____D C:\AdwCleaner
2013-08-26 11:45 - 2013-08-31 15:55 - 00688992 ____R (Swearware) C:\Users\Tom\Desktop\dds.com
2013-08-26 10:04 - 2013-08-26 10:04 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (2).exe
2013-08-24 14:04 - 2013-08-24 14:04 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3.exe
2013-08-24 12:50 - 2013-08-24 12:50 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (1).exe
2013-08-24 12:00 - 2013-08-24 12:00 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup.exe
2013-08-24 11:29 - 2013-08-30 06:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-24 11:19 - 2013-08-24 11:19 - 00000000 ____D C:\FRST
2013-08-22 13:04 - 2013-08-22 13:04 - 00224749 _____ C:\Users\Tom\Desktop\Gizmodo_big_tech_ecosystem_competition.jpeg
2013-08-21 11:29 - 2013-08-21 11:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-21 09:34 - 2012-08-23 10:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-21 09:34 - 2012-08-23 10:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-21 09:34 - 2012-08-23 10:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-21 09:34 - 2012-08-23 10:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-21 09:34 - 2012-08-23 10:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-21 09:34 - 2012-08-23 09:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-21 09:34 - 2012-08-23 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-21 09:34 - 2012-08-23 09:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-21 09:34 - 2012-08-23 09:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-21 09:34 - 2012-08-23 09:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-21 09:34 - 2012-08-23 07:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-21 09:34 - 2012-08-23 07:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-21 09:34 - 2012-08-23 07:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-21 09:34 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-21 09:34 - 2012-08-23 06:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-21 09:34 - 2012-08-23 06:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-21 09:34 - 2012-08-23 04:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 09:33 - 2013-08-21 09:33 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-21 09:33 - 2013-08-21 09:33 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-21 09:33 - 2013-08-21 09:33 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-21 09:33 - 2013-08-21 09:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-21 09:33 - 2013-08-21 09:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-21 08:15 - 2013-08-21 08:15 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-20 23:13 - 2013-08-20 23:13 - 04009167 _____ C:\Users\Tom\Downloads\ServicesRepair.exe
2013-08-20 22:43 - 2013-08-20 22:43 - 00000512 _____ C:\Users\Tom\Downloads\MBRCheck_MBR_Backup_08-20-13_22-43-50.bak
2013-08-20 21:40 - 2013-08-20 21:40 - 01068176 _____ (Solid State Networks) C:\Users\Tom\Downloads\install_flashplayer11x32ax_chrd_awa_aih.exe
2013-08-20 21:37 - 2013-09-01 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 21:37 - 2013-08-21 09:23 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 21:37 - 2013-08-21 09:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-19 08:25 - 2013-08-19 08:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-13 15:45 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 15:44 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 15:44 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-13 15:44 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 15:44 - 2013-07-09 00:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 15:44 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 15:44 - 2013-07-09 00:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 15:44 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 15:44 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 15:44 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 15:44 - 2013-07-06 01:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 15:44 - 2013-06-14 23:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 17:59 - 2013-08-07 20:56 - 00039424 _____ C:\Users\Tom\Documents\Copy of 2013 water usage analysis.xls

==================== One Month Modified Files and Folders =======

2013-09-02 09:12 - 2013-09-02 09:12 - 01085803 _____ (Farbar) C:\Users\Tom\Desktop\FRST.exe
2013-09-02 09:09 - 2009-07-14 00:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 09:09 - 2009-07-14 00:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 09:03 - 2011-12-15 16:37 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 09:02 - 2013-08-01 12:16 - 00005498 _____ C:\Windows\setupact.log
2013-09-02 09:02 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 09:01 - 2011-08-14 16:36 - 00944080 _____ C:\Windows\PFRO.log
2013-09-02 00:25 - 2011-08-14 15:16 - 01849150 _____ C:\Windows\WindowsUpdate.log
2013-09-02 00:21 - 2013-09-02 00:21 - 00014367 _____ C:\ComboFix.txt
2013-09-02 00:21 - 2013-09-02 00:11 - 00000000 ____D C:\ComboFix
2013-09-02 00:21 - 2012-10-22 08:10 - 00000000 ____D C:\Qoobox
2013-09-02 00:18 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2013-09-02 00:05 - 2013-09-02 00:05 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (6).exe
2013-09-01 23:50 - 2013-09-01 13:21 - 05116805 ____R (Swearware) C:\Users\Tom\Desktop\ComboFix.exe
2013-09-01 23:50 - 2011-12-15 16:37 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 23:46 - 2013-08-20 21:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 17:53 - 2013-09-01 17:53 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (5).exe
2013-09-01 17:38 - 2013-09-01 17:38 - 00659968 _____ C:\Users\Tom\Desktop\MicrosoftFixit50195(1).msi
2013-09-01 13:40 - 2013-09-01 13:40 - 00784840 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (4).exe
2013-09-01 13:22 - 2013-07-30 17:52 - 00000000 ____D C:\Program Files\Norton Utilities 14
2013-09-01 09:52 - 2013-09-01 09:52 - 00000631 _____ C:\Users\Tom\Desktop\JRT_2.txt
2013-09-01 09:47 - 2013-09-01 09:52 - 00000867 _____ C:\Users\Tom\Desktop\JRT_1.txt
2013-09-01 09:43 - 2013-08-26 14:52 - 00000000 ____D C:\AdwCleaner
2013-09-01 09:40 - 2013-09-01 09:40 - 01027511 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2013-09-01 09:38 - 2013-09-01 09:38 - 00994642 _____ C:\Users\Tom\Desktop\AdwCleaner.exe
2013-08-31 18:04 - 2013-08-31 18:04 - 00784880 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (3).exe
2013-08-31 15:57 - 2013-08-31 15:57 - 00016555 _____ C:\Users\Tom\Desktop\dds.txt
2013-08-31 15:57 - 2013-08-31 15:57 - 00014106 _____ C:\Users\Tom\Desktop\attach.txt
2013-08-31 15:55 - 2013-08-26 11:45 - 00688992 ____R (Swearware) C:\Users\Tom\Desktop\dds.com
2013-08-31 08:57 - 2012-06-15 08:52 - 00000000 ____D C:\Users\Tom\AppData\Local\Rose Point Navigation Systems
2013-08-31 08:30 - 2011-08-20 10:54 - 00000000 ____D C:\Users\Tom\AppData\Local\Adobe
2013-08-31 08:30 - 2011-08-20 10:49 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-31 08:30 - 2011-08-20 10:49 - 00000000 ____D C:\Program Files\Adobe
2013-08-30 15:08 - 2013-08-29 12:57 - 00013247 _____ C:\Users\Tom\Desktop\Boat Trip Fuel cost calculator.xlsx
2013-08-30 06:52 - 2011-10-08 19:25 - 00000000 ____D C:\Users\Tom\AppData\Local\NPE
2013-08-30 06:38 - 2013-08-24 11:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-29 22:00 - 2013-08-29 22:00 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3(1).exe
2013-08-29 21:58 - 2007-03-05 13:56 - 02503680 __SHC C:\Users\Tom\Desktop\Thumbs.db
2013-08-29 21:54 - 2013-08-29 20:38 - 00012777 _____ C:\Users\Tom\Desktop\Hotel_Fuel Costs_082913.xlsx
2013-08-29 21:20 - 2012-03-20 18:35 - 00002339 _____ C:\Users\Tom\Desktop\Public Scans - Shortcut.lnk
2013-08-28 22:21 - 2013-08-28 22:21 - 00050281 _____ C:\Users\Tom\Downloads\aswMBR.exe.part
2013-08-28 11:12 - 2011-08-14 15:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-27 08:08 - 2011-11-28 08:34 - 00017230 _____ C:\Users\Tom\Desktop\PW.xlsx
2013-08-26 17:08 - 2013-08-26 17:08 - 00024744 _____ C:\Users\Tom\Desktop\Copy of FLMC-Registered attendees as of 8-26.xlsx
2013-08-26 15:09 - 2013-07-20 20:56 - 00000000 ____D C:\Windows\system32\MRT
2013-08-26 14:48 - 2013-07-29 12:11 - 00000000 ____D C:\found.000
2013-08-26 10:04 - 2013-08-26 10:04 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (2).exe
2013-08-25 22:23 - 2011-09-07 20:33 - 00007655 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2013-08-24 17:30 - 2009-07-14 00:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 14:04 - 2013-08-24 14:04 - 20597896 _____ (Microsoft Corporation) C:\Users\Tom\Downloads\Windows-KB890830-V5.3.exe
2013-08-24 12:50 - 2013-08-24 12:50 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup (1).exe
2013-08-24 12:00 - 2013-08-24 12:00 - 00784848 _____ (Google Inc.) C:\Users\Tom\Downloads\ChromeSetup.exe
2013-08-24 11:19 - 2013-08-24 11:19 - 00000000 ____D C:\FRST
2013-08-22 18:43 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-08-22 13:04 - 2013-08-22 13:04 - 00224749 _____ C:\Users\Tom\Desktop\Gizmodo_big_tech_ecosystem_competition.jpeg
2013-08-21 11:29 - 2013-08-21 11:29 - 00000000 ____D C:\Windows\ERUNT
2013-08-21 09:58 - 2011-09-14 11:35 - 00000000 ____D C:\Windows\pss
2013-08-21 09:47 - 2012-11-13 18:03 - 00000000 ____D C:\Users\Tom\Desktop\OUTSTANDING INVOICES
2013-08-21 09:34 - 2013-04-30 08:48 - 00021495 _____ C:\Windows\IE10_main.log
2013-08-21 09:33 - 2013-08-21 09:33 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 09:33 - 2013-08-21 09:33 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-21 09:33 - 2013-08-21 09:33 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-21 09:33 - 2013-08-21 09:33 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-21 09:33 - 2013-08-21 09:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-21 09:33 - 2013-08-21 09:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-21 09:33 - 2013-08-21 09:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-21 09:33 - 2013-08-21 09:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-21 09:23 - 2013-08-20 21:37 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 09:23 - 2013-08-20 21:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 08:15 - 2013-08-21 08:15 - 00000000 ____D C:\Program Files\HitmanPro
2013-08-21 08:14 - 2013-07-20 21:54 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-21 08:05 - 2011-08-14 15:23 - 00730448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-20 23:13 - 2013-08-20 23:13 - 04009167 _____ C:\Users\Tom\Downloads\ServicesRepair.exe
2013-08-20 22:58 - 2011-08-14 15:16 - 00001413 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-20 22:43 - 2013-08-20 22:43 - 00000512 _____ C:\Users\Tom\Downloads\MBRCheck_MBR_Backup_08-20-13_22-43-50.bak
2013-08-20 21:40 - 2013-08-20 21:40 - 01068176 _____ (Solid State Networks) C:\Users\Tom\Downloads\install_flashplayer11x32ax_chrd_awa_aih.exe
2013-08-20 20:48 - 2011-08-14 16:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Adobe
2013-08-20 20:47 - 2011-08-14 16:23 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Macromedia
2013-08-20 09:52 - 2011-08-21 10:58 - 00000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2013-08-19 18:28 - 2013-08-02 17:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-19 18:28 - 2011-08-26 09:21 - 00000000 ____D C:\Windows\CD95F661A5C411AFB2CCABCD21A325B5.TMP
2013-08-19 08:25 - 2013-08-19 08:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 08:50 - 2011-08-14 15:38 - 00000000 ____D C:\Users\Tom\AppData\Local\Microsoft Help
2013-08-13 18:34 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-07 20:56 - 2013-08-07 17:59 - 00039424 _____ C:\Users\Tom\Documents\Copy of 2013 water usage analysis.xls
2013-08-07 13:44 - 2011-09-08 21:28 - 00014336 _____ C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 10:10 - 2013-07-19 09:00 - 00000000 ____D C:\Users\Tom\Desktop\Meals_Nutrition
2013-08-05 16:00 - 2011-08-19 19:25 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-01 08:14

==================== End Of Log ============================

 

------------------------

Addition Log

------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-08-2013 01
Ran by Tom at 2013-08-24 11:23:52
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

[[FSX]] Carenado MegaPack
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Community Help (Version: 3.5.23)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Media Player (Version: 1.8)
Aircrafter - Aircraft Manager for Microsoft Flightsimulator X (Version: 1.5)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.715.0)
BoatU.S. Simulator Project
Bonjour (Version: 3.0.0.10)
Brother BRAdmin Light 1.18.0001 (Version: 1.18.0001)
calibre (Version: 0.8.15)
Canon Auto Update Service (Version: 1.1.2.18)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.3.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1)
Canon MOV Decoder (Version: 1.9.0.8)
Canon MOV Encoder (Version: 1.8.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.9.0.6)
Canon Personal Printing Guide (Version: 1.1.1.3)
Canon PowerShot G12 Camera User Guide (Version: 1.0.0.1)
Canon RAW Codec (Version: 1.10.0.74)
Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Digital Photo Professional 3.9 (Version: 3.9.1.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.9.0.1)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.6.0.15)
Caribbean SeaPlane Tours, Dinner Key
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
CD Wave Editor 1.98 (Version: 1.9.8.1)
CDBurnerXP (Version: 4.5.0.3717)
Cisco Connect (Version: 1.4.12100.0)
C-MAP by Jeppesen PC Planner (Version: 11.0.5.2018)
Coastal Explorer Express
Core Temp 1.0 RC2 (Version: 1.0)
Coupon Companion (Version: 1.23.151.151)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EditVoicepack X (Version: 4.0.7)
Florida Topo Map (Version: 1.60)
FLV Player (Version: 2.0.25)
FSX GA-Traffic (Version: 1.0.1)
FSX Planner (Version: 1.25)
Garmin BaseCamp (Version: 3.2.2)
Garmin MapInstall (Version: 4.0.3)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
Google Calendar Sync
Google Earth Plug-in (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
GoToMeeting 5.5.0.1133 (HKCU Version: 5.5.0.1133)
HGTV Home & Landscape Platinum Suite (Version: 12.01)
HiJackThis (Version: 1.0.0)
HitmanPro 3.7 (Version: 3.7.7.203)
HL-2270DW (Version: 1.0.6.0)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
Internet Explorer (Enable DEP)
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 10.5.3.3)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 32 (Version: 6.0.320)
Just Flight - FS Insider  C152 (Version: 1.00.000)
JustFlight TrafficPlus Pack Military 2 [FSX]
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.101)
Logitech Gaming Software 5.10 (Version: 5.10.127)
MAIW-Texture Replacer Version 2.4.0.0 (Version: 2.4.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Flight Simulator X (Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 1 (Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 2 (Version: 10.0.61472.0)
Microsoft Image Composite Editor (Version: 1.4.4)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Streets & Trips 2007 (Version: 14.0.09.1100)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MoCat's Caribbean Seaplane Tours, Key West
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
My Trail Maps
NavRules version 3.0.4 (Version: 3.0.4)
Norton 360 (Version: 20.4.0.40)
Norton Utilities (Version: 14.5)
PC Probe II (Version: 1.04.19)
PerformanceTest v7.0 (Version: 7.0)
Photo Gallery (Version: 16.4.3505.0912)
PowerBoat Guide 2003
PowerBoat Guide 2006 (Version: 1.0.0.0)
PowerBoat Guide 2011 (Version: 2011)
Project Landrover Derfender
QuickBooks (Version: 19.0.4014.705)
QuickBooks Premier Edition 2009 (Version: 19.0.4014.705)
Quicken Legal Business Pro 2004
SE USA Topo Map
SEO SpyGlass
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skins (Version: 2010.0210.2339.42455)
Sony RAW Driver (Version: 2.0.00.08130)
Sony Sound Forge Audio Studio 9.0 (Version: 9.0.232)
Spybot - Search & Destroy (Version: 1.6.2)
SupportSoft Assisted Service (Version: 15)
TrailerBoat Guide 2006 (Version: 1.0.0.0)
TurboTax 2011 WinBizFedFormset (Version: 011.000.1699)
TurboTax 2011 WinBizReleaseEngine (Version: 011.000.0455)
TurboTax 2011 WinBizTaxSupport (Version: 011.000.1297)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 wflcbpm (Version: 012.000.0396)
TurboTax 2012 WinBizFedFormset (Version: 012.000.1253)
TurboTax 2012 WinBizReleaseEngine (Version: 012.000.0433)
TurboTax 2012 WinBizTaxSupport (Version: 012.000.1156)
TurboTax 2012 wrapper (Version: 012.000.0127)
TurboTax Business 2011
TurboTax Business 2012 (Version: 2012.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
USB C-Card Reader Drivers (Version: 2.2.0.6)
Vuze (Version: 5.0.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
 

==================== Restore Points  =========================

14-08-2013 19:53:34 Norton 360 Registry Clean
18-08-2013 13:46:28 Norton 360 Registry Clean
20-08-2013 01:34:29 Norton_Power_Eraser_20130819213425632
21-08-2013 02:52:21 Windows Modules Installer
21-08-2013 03:02:34 Windows Update
21-08-2013 13:29:16 Windows Update
21-08-2013 14:46:19 Norton 360 Registry Clean
21-08-2013 15:05:35 Norton 360 Registry Clean

==================== Hosts content: ==========================

2009-07-13 22:04 - 2013-07-20 22:57 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0CBB2EC9-694E-4A61-B4A9-9EB3FB2559E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {35E6C5B5-2214-4549-997D-AF187362A0B5} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {39C67D7E-45CC-4A1D-9FF1-C4ED2C41E819} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {3F3FC624-14B8-4BE5-86B5-5FE4CC62D820} - System32\Tasks\{FB3A0DB8-A500-44F3-9129-CD3DEA498271} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-12-10] (Microsoft Corp.)
Task: {7F853475-0255-48A3-92E2-281663627445} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {86C29F6E-06A0-4654-BFF6-5BCB5B8DC74C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {8B81608D-C5B6-447E-A196-ED84129A6AB3} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {9D13B222-83CC-4C65-B25F-68E7A7F678A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {A6C28F8C-A61A-44AB-9799-7B0C2A1814C2} - System32\Tasks\{79AB466C-3342-4ED2-8265-DC223348316C} => C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-12-10] (Microsoft Corp.)
Task: {CE775A25-BC38-4A7A-93F4-150EACB2DBF9} - System32\Tasks\AdobeAAMUpdater-1.0-Thermaltake-P5W-Tom => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {DC440D42-22B7-4B0C-A244-23B2DD2C168E} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.01.12\AsLoader.exe [2011-08-21] (ASUSTeK Computer Inc.)
Task: {FF9CB7D3-8208-41DC-AB61-53C06E8549B0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2013 00:49:46 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3b4

Start Time: 01cea0150d4535f9

Termination Time: 5

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: ff2721ba-0c13-11e3-bdd8-0018f3991923

Error: (08/22/2013 09:14:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {780b1903-a9d0-41f2-a0ad-fecea56c65e7}

Error: (08/22/2013 06:39:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/22/2013 06:36:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2013 00:59:28 PM) (Source: Application Hang) (User: )
Description: The program EXCEL.EXE version 14.0.7015.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 54c

Start Time: 01ce9f42d37c65d0

Termination Time: 0

Application Path: C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE

Report Id: 2af594c4-0b4c-11e3-bd35-0018f3991923

System errors:
=============
Error: (08/24/2013 10:01:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/24/2013 10:01:35 AM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Error: (08/23/2013 09:46:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/23/2013 09:46:32 PM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Error: (08/23/2013 09:24:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/23/2013 09:24:04 AM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Error: (08/22/2013 09:08:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
udpnt

Error: (08/22/2013 09:08:20 AM) (Source: Service Control Manager) (User: )
Description: The Ati External Event Utility service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (08/23/2013 00:49:46 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.166603b401cea0150d4535f95C:\Program Files\Internet Explorer\iexplore.exeff2721ba-0c13-11e3-bdd8-0018f3991923

Error: (08/22/2013 09:14:12 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {780b1903-a9d0-41f2-a0ad-fecea56c65e7}

Error: (08/22/2013 06:39:45 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (08/22/2013 06:36:45 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\cisco systems\cisco connect\Drivers\Sxcsapi64.exe

Error: (08/22/2013 00:59:28 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE14.0.7015.100054c01ce9f42d37c65d00C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE2af594c4-0b4c-11e3-bd35-0018f3991923

CodeIntegrity Errors:
===================================
  Date: 2013-07-29 12:19:57.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-29 12:14:38.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-07-29 11:42:26.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:40:30.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:29:44.759
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:19:57.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 10:04:35.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 09:52:47.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 09:43:48.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-08-26 09:34:51.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 02 September 2013 - 12:48 PM

Hello latitudedfb



I need you to download this script I have made for you --> Attached File  fixlist.txt   48bytes   7 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users