Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Bot.Alureon.A - Runtime and playtopus popup


  • This topic is locked This topic is locked
25 replies to this topic

#1 Dusty45

Dusty45

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 01 October 2013 - 08:56 PM

I have been recieving warnings from my ISP Provider (TDS.NET) of a  Win32.Bot.Alureon.A - Runtime error everytime I reboot my computer.  Also I was overwhelmed by Playtopus until I hobbled it by removing its Updater.dll ('cann't uninstal it.).  Now it pops up about every two hours saying it cann't find Playtopus\Updater.dll, a minor nusance.  I tried to run TDSSKILLER but it didn't find anything wrong,  Running aswMBR fails to run, I suspect that is because  Alureon.A is hidden there or because Im tripple booting.  I'd like to get them out.

 

Help would be greatly appreaciated!  Thanks!

Dusty

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2

Run by caroljim at 16:32:36 on 2013-10-01

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.8956 [GMT -4:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\DAODx.exe

E:\Utilitys\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

C:\ASUS.SYS\config\DVMExportService.exe

C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\ASUS\EPU\EPU.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe

C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe

C:\Windows\SysWOW64\PSIService.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://portal.tds.net/

uProxyOverride = localhost

uURLSearchHooks: Produtools Manuals 2.1 Toolbar: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll

mURLSearchHooks: Produtools Manuals 2.1 Toolbar: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: {300BEC06-B743-4D19-86B9-11DC711D7FFB} - <orphaned>

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Produtools Manuals 2.1 Toolbar: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll

BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Produtools Manuals 2.1 Toolbar: {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll

TB: Produtools Manuals 2.1 Toolbar: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - C:\Program Files (x86)\Produtools_Manuals_2.1\prxtbProd.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"

mRun: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe

mRun: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe

mRun: [Nuance PDF Converter Professional 7-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini"

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Multimedia\QuickTime\QTTask.exe" -atboottime

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:157

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100

IE: Open with PDF Professional 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://enphasetraining.webex.com/client/WBXclient-T28L10NSP7-15458/nbr/ieatgpc1.cab

TCP: NameServer = 192.168.0.1 216.165.129.158

TCP: Interfaces\{773DDC6F-AEFA-477A-B3CA-942A7B86716B} : DHCPNameServer = 192.168.0.1 216.165.129.158

Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - LocalServer32 - <no file>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - LocalServer32 - <no file>

Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - LocalServer32 - <no file>

SSODL: WebCheck - <orphaned>

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_64.CAB

x64-Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} - <orphaned>

x64-Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-9-4 137312]

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-8-6 72240]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-8-6 15920]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-10-1 17720]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-14 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-14 1139800]

R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-9-30 211552]

R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-9-30 146528]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-24 1525848]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-14 169048]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130928.001\IDSviA64.sys [2013-9-30 520280]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-14 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-14 433752]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-9-30 3459024]

R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-8-5 96896]

R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-8-24 2568120]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]

R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-7-22 219480]

R2 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2012-1-24 29552]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-14 144368]

R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2012-2-17 135016]

R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-5-30 16000]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-6-28 5915352]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-9-30 367200]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-4 140376]

R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 66608]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-26 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-26 184968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-9-21 2963960]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-8-5 38456]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-8-5 1301504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-8-28 16776]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-8-28 9096]

S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-17 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 9728]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-17 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-6 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]

.

=============== Created Last 30 ================

.

2013-09-13 13:49:34 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-08-24 03:41:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-24 03:41:07 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys

2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-07 12:58:28 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-07 12:58:28 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-07-07 12:58:28 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-07-07 12:55:30 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-07-07 12:55:30 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 16:32:52.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 01 October 2013 - 09:04 PM


Hello Dusty45

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 02 October 2013 - 12:39 AM

Well Gringo I ran your adware/Junkware scanners and removed alot of junk I didn't know I had.  Thankyou!  Serry to say though,  Playtopus was not one of them.  Its still poping up looking for its mother.

 

Results of scans:

 

# AdwCleaner v3.006 - Report created 01/10/2013 at 23:55:39

# Updated 01/10/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : caroljim - CJAM3X4-PC

# Running from : C:\Users\caroljim\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : DvmMDES

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Program Files (x86)\OApps

Folder Deleted : C:\Program Files (x86)\Produtools_Manuals_2.1

Folder Deleted : C:\Users\caroljim\AppData\Local\PackageAware

Folder Deleted : C:\Users\caroljim\AppData\Local\Wajam

Folder Deleted : C:\Users\caroljim\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\caroljim\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\caroljim\AppData\LocalLow\Produtools_Manuals_2.1

Folder Deleted : C:\Users\caroljim\AppData\Roaming\DriverCure

Folder Deleted : C:\Users\caroljim\AppData\Roaming\registry mechanic

Folder Deleted : C:\Users\caroljim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F9E222E-7BB9-4598-994C-D5A4F57A2148}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC2C6419-69D8-474D-8E1F-4C2D2D0999BA}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\smartbar

Key Deleted : HKCU\Software\AppDataLow\Software\Produtools_Manuals_2.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DeviceVM

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\Produtools_Manuals_2.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Manuals_2.1 Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16506

 

 

-\\ Google Chrome v

 

[ File : C:\Users\caroljim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [5452 octets] - [01/10/2013 23:25:11]

AdwCleaner[S0].txt - [5505 octets] - [01/10/2013 23:55:39]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5565 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.3 (09.27.2013:1)

OS: Windows 7 Professional x64

Ran by caroljim on Wed 10/02/2013 at 0:04:56.33

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

~~~ Services

 

 

~~~ Registry Values

 

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\robotaskbaricon_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\robotaskbaricon_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46A0B35C-A3FC-441A-9405-B4AC9797B01B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}

 

 

~~~ Files

 

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\Users\caroljim\AppData\Roaming\speedypc software"

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 10/02/2013 at 0:09:54.39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 02 October 2013 - 08:17 AM


Hello Dusty45

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 04 October 2013 - 09:23 PM

My last post didn't submitt!?  Sorry

Well I ran Combofix.  No changes.  Still poppingup Playtopus and Aleron.  Computer running fine.

 

Combofix log:

 

ComboFix 13-10-01.03 - caroljim 10/02/2013 14:52:18.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9724 [GMT -4:00]

Running from: c:\users\caroljim\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 64 bytes in 2 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\0.bak

c:\users\caroljim\AppData\Local\assembly\tmp

J:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2013-09-02 to 2013-10-02 )))))))))))))))))))))))))))))))

.

.

2013-10-02 18:56 . 2013-10-02 18:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-10-02 18:56 . 2013-10-02 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-02 04:04 . 2013-10-02 04:04 -------- d-----w- c:\windows\ERUNT

2013-10-02 03:24 . 2013-10-02 03:55 -------- d-----w- C:\AdwCleaner

2013-10-01 22:01 . 2013-10-01 22:01 -------- d-----w- c:\users\caroljim\AppData\Local\WinZip

2013-10-01 22:01 . 2013-10-01 22:01 -------- d-----w- c:\program files\WinZip

2013-09-13 13:49 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-13 13:53 . 2012-08-06 13:14 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-24 03:41 . 2012-08-06 20:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-24 03:41 . 2012-08-06 20:54 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-02 01:48 . 2013-09-11 12:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-25 09:25 . 2013-08-14 04:52 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-14 04:52 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58 . 2013-08-14 04:52 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-19 01:41 . 2013-08-14 04:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-07-16 22:02 . 2013-07-16 22:02 13338112 ----a-w- c:\users\caroljim\PCPE_3.0.1.msi

2013-07-16 22:02 . 2013-07-16 22:02 626688 ----a-w- c:\users\caroljim\msvcr80.dll

2013-07-16 22:02 . 2013-07-16 22:02 21880 ----a-w- c:\users\caroljim\grm_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 21880 ----a-w- c:\users\caroljim\fr_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 21368 ----a-w- c:\users\caroljim\pt_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 21368 ----a-w- c:\users\caroljim\it_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 21368 ----a-w- c:\users\caroljim\es_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 21368 ----a-w- c:\users\caroljim\en_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 20856 ----a-w- c:\users\caroljim\ru_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 20344 ----a-w- c:\users\caroljim\jp_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 19832 ----a-w- c:\users\caroljim\zh_res.dll

2013-07-16 22:02 . 2013-07-16 22:02 18808 ----a-w- c:\users\caroljim\ResourceReader.dll

2013-07-16 22:02 . 2013-07-16 22:02 13923704 ----a-w- c:\users\caroljim\PCPE Setup.exe

2013-07-16 22:02 . 2013-07-16 22:02 1079808 ----a-w- c:\users\caroljim\mfc80u.dll

2013-07-09 05:52 . 2013-08-14 04:52 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 05:51 . 2013-08-14 04:52 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 05:46 . 2013-08-14 04:52 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 05:46 . 2013-08-14 04:52 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 05:46 . 2013-08-14 04:52 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-09 04:52 . 2013-08-14 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-07-09 04:52 . 2013-08-14 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-07-09 04:46 . 2013-08-14 04:52 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-07-09 04:46 . 2013-08-14 04:52 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-07-09 04:46 . 2013-08-14 04:52 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-07-07 12:58 . 2013-07-07 12:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-07 12:58 . 2012-08-08 13:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-07-07 12:58 . 2012-08-08 13:05 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-07-07 12:55 . 2013-07-07 12:55 312232 ----a-w- c:\windows\system32\javaws.exe

2013-07-07 12:55 . 2013-07-07 12:55 189352 ----a-w- c:\windows\system32\javaw.exe

2013-07-07 12:55 . 2013-07-07 12:55 188840 ----a-w- c:\windows\system32\java.exe

2013-07-07 12:55 . 2013-07-07 12:55 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-07-07 12:55 . 2013-01-10 22:29 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-06 06:03 . 2013-08-14 04:52 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2012-01-25 01:00 198512 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2012-01-25 01:03 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2013-05-30 122984]

"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-07-22 1093464]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-09-27 109784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]

"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]

"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2012-02-17 141160]

"PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2012-02-17 1828712]

"Nuance PDF Converter Professional 7-reminder"="c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" [2011-09-06 333672]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]

"DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2013-05-30 1517640]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"QuickTime Task"="c:\multimedia\QuickTime\QTTask.exe" [2013-05-01 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 DSKACT3;DSKACT3;c:\users\caroljim\AppData\Local\Temp\DSKACT3.SYS;c:\users\caroljim\AppData\Local\Temp\DSKACT3.SYS [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]

S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131001.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131001.002\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]

S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]

S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]

S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]

S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x]

S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]

S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 16:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 01:05]

.

2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 01:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2012-01-25 01:00 212848 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2012-01-25 01:03 195440 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://portal.tds.net/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Open with Nuance PDF Converter 7 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100

IE: Open with PDF Professional 7 - c:\program files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

TCP: DhcpNameServer = 192.168.0.1 216.165.129.158

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{300BEC06-B743-4D19-86B9-11DC711D7FFB} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-82262029.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-10-02 14:58:49

ComboFix-quarantined-files.txt 2013-10-02 18:58

.

Pre-Run: 968,192,737,280 bytes free

Post-Run: 967,908,806,656 bytes free

.

- - End Of File - - 2F4956AF4B63757E6AA777FFF667CC19

8E734BD7AA1D4F7E9AF58DF495F6CF9E



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 04 October 2013 - 09:35 PM


Hello Dusty45



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 06 October 2013 - 02:00 PM

Well, FRST found where Playtopus is running from.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by caroljim (administrator) on CJAM3X4-PC on 06-10-2013 13:30:59
Running from C:\Users\caroljim\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU\EPU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-09-26] (Siber Systems)
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
HKLM-x32\...\Run: [Six Engine] - C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-14] (VIA)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe [888960 2010-03-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [zBrowser Launcher] - C:\Program Files\Logitech\iTouch\iTouch.exe [631362 2002-11-23] (Logitech Inc.)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] - C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [1828712 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 7-reminder] - C:\ProgramData\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini [450 2013-10-02] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [DBAgent] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Multimedia\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Display] - C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.tds.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6A6C56188473CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {300BEC06-B743-4D19-86B9-11DC711D7FFB} -  No File
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU -  No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://enphasetraining.webex.com/client/WBXclient-T28L10NSP7-15458/nbr/ieatgpc1.cab
Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} -  No File
Handler-x32: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler-x32: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.165.129.158

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Multimedia\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Multimedia\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Multimedia\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Multimedia\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Multimedia\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Multimedia\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\caroljim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\caroljim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Logitech SetPoint) - C:\Users\caroljim\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0
CHR Extension: (Gmail) - C:\Users\caroljim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2012-01-24] (Gladinet, INC)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc.)
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-24] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131004.001\IDSvia64.sys [520280 2013-08-20] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131004.001\IDSvia64.sys [520280 2013-08-20] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131005.007\ENG64.SYS [126040 2013-09-22] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131005.007\ENG64.SYS [126040 2013-09-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131005.007\EX64.SYS [2099288 2013-09-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131005.007\EX64.SYS [2099288 2013-09-22] (Symantec Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DSKACT3; \??\C:\Users\caroljim\AppData\Local\Temp\DSKACT3.SYS [x]
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-06 13:30 - 2013-10-06 13:30 - 00000000 ____D C:\FRST
2013-10-06 01:19 - 2013-10-06 01:19 - 01954124 _____ (Farbar) C:\Users\caroljim\Downloads\FRST64.exe
2013-10-02 15:47 - 2013-10-02 15:47 - 00913832 _____ (Oracle Corporation) C:\Users\caroljim\Downloads\chromeinstall-7u40 (1).exe
2013-10-02 15:46 - 2013-10-02 15:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-02 15:45 - 2013-10-02 15:44 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-02 15:44 - 2013-10-02 15:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-02 15:44 - 2013-10-02 15:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-02 15:44 - 2013-10-02 15:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-02 15:42 - 2013-10-02 15:42 - 00913832 _____ (Oracle Corporation) C:\Users\caroljim\Downloads\chromeinstall-7u40.exe
2013-10-02 15:21 - 2013-10-02 15:21 - 00000000 ____D C:\Windows\Sun
2013-10-02 15:21 - 2013-10-02 15:21 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-02 14:58 - 2013-10-02 14:58 - 00024576 _____ C:\ComboFix.txt
2013-10-02 14:51 - 2013-10-02 14:58 - 00000000 ____D C:\Qoobox
2013-10-02 14:51 - 2013-10-02 14:57 - 00000000 ____D C:\Windows\erdnt
2013-10-02 14:51 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-02 14:51 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-02 14:51 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-02 14:51 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-02 14:51 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-02 14:51 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-02 14:51 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-02 14:51 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-02 14:44 - 2013-10-02 14:44 - 05132885 ____R (Swearware) C:\Users\caroljim\Downloads\ComboFix.exe
2013-10-02 00:12 - 2013-10-02 00:12 - 00002236 _____ C:\Users\caroljim\Documents\JRT.txt
2013-10-02 00:09 - 2013-10-02 00:09 - 00002236 _____ C:\Users\caroljim\Desktop\JRT.txt
2013-10-02 00:04 - 2013-10-02 00:04 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 00:03 - 2013-10-02 00:03 - 00003819 _____ C:\Users\caroljim\Documents\AdwCleaner[S0].odt
2013-10-02 00:00 - 2013-10-02 00:00 - 00000000 ____H C:\ProgramData\cm-lock
2013-10-01 23:24 - 2013-10-01 23:55 - 00000000 ____D C:\AdwCleaner
2013-10-01 22:40 - 2013-10-01 16:32 - 00024733 _____ C:\Users\caroljim\Documents\dds.txt
2013-10-01 22:32 - 2013-10-01 22:32 - 01030305 _____ (Thisisu) C:\Users\caroljim\Downloads\jrt.exe
2013-10-01 22:22 - 2013-10-01 22:23 - 01045226 _____ C:\Users\caroljim\Downloads\AdwCleaner.exe
2013-10-01 18:29 - 2013-10-01 18:23 - 00003834 _____ C:\Users\caroljim\Documents\attach.zip
2013-10-01 18:01 - 2013-10-01 18:01 - 00002180 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Users\caroljim\Documents\Add-in Express
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Users\caroljim\AppData\Local\WinZip
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Program Files\WinZip
2013-10-01 16:33 - 2013-10-01 16:33 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-10-01 11:55 - 2013-10-06 10:50 - 00013776 _____ C:\Windows\setupact.log
2013-10-01 11:55 - 2013-10-01 11:55 - 00020496 _____ C:\Windows\PFRO.log
2013-10-01 11:55 - 2013-10-01 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-09-23 19:56 - 2013-10-01 23:57 - 00004096 ___SH C:\VSNAP.IDX
2013-09-15 22:16 - 2012-03-09 14:08 - 00073728 _____ C:\Users\caroljim\Documents\UOPatch.exe
2013-09-13 09:52 - 2013-07-31 10:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-13 09:52 - 2013-07-31 09:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-13 09:52 - 2013-07-31 09:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-13 09:52 - 2013-07-31 09:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-13 09:52 - 2013-07-31 09:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-13 09:52 - 2013-07-31 09:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-13 09:52 - 2013-07-31 09:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-13 09:52 - 2013-07-31 09:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-13 09:52 - 2013-07-31 09:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-13 09:52 - 2013-07-31 09:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-13 09:52 - 2013-07-31 09:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-13 09:52 - 2013-07-31 09:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-13 09:52 - 2013-07-31 09:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-13 09:52 - 2013-07-31 09:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-13 09:52 - 2013-07-31 09:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-13 09:52 - 2013-07-31 09:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-13 09:52 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 09:52 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 09:52 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 09:52 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 09:52 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-13 09:52 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 09:52 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-13 09:52 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 09:52 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 09:52 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-13 09:52 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-13 09:52 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 09:52 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 09:52 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 09:52 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-13 09:52 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 09:49 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 08:29 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 08:29 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 08:29 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 08:29 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 08:29 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 08:29 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 08:29 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 08:29 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 08:29 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 08:29 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 08:29 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 08:29 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 08:29 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 08:29 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 08:29 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 08:29 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 08:29 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 08:29 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 08:29 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 08:29 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 08:29 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:29 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:29 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 08:29 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:29 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 08:29 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-06 13:30 - 2013-10-06 13:30 - 00000000 ____D C:\FRST
2013-10-06 13:28 - 2012-08-29 21:05 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 13:26 - 2012-08-24 07:02 - 00000064 __RSH C:\Windows\system32\Drivers\wmiacpi.winsecurity
2013-10-06 13:13 - 2012-08-06 21:46 - 00000000 ____D C:\Users\caroljim\AppData\Roaming\Skype
2013-10-06 12:59 - 2013-02-22 16:49 - 00000064 __RSH C:\Windows\system32\Drivers\Wdf01000.winsecurity
2013-10-06 10:52 - 2013-09-01 07:50 - 00045723 _____ C:\Users\caroljim\Documents\BloodSugarSeptOct2013.xlsx
2013-10-06 10:52 - 2012-10-30 16:41 - 00000000 ____D C:\Users\caroljim\Documents\Sugar
2013-10-06 10:50 - 2013-10-01 11:55 - 00013776 _____ C:\Windows\setupact.log
2013-10-06 10:50 - 2012-08-05 21:24 - 01630875 _____ C:\Windows\WindowsUpdate.log
2013-10-06 03:34 - 2012-08-27 02:14 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AA23978E-9C6D-40F1-B040-3B19903BFA30}
2013-10-06 01:19 - 2013-10-06 01:19 - 01954124 _____ (Farbar) C:\Users\caroljim\Downloads\FRST64.exe
2013-10-05 22:11 - 2012-08-06 01:30 - 00003532 _____ C:\Windows\System32\Tasks\Open URL by RoboForm
2013-10-05 15:23 - 2012-08-07 00:54 - 09773056 _____ C:\Users\caroljim\CJS_20080909.QDF
2013-10-05 14:28 - 2012-08-29 21:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 13:46 - 2012-08-07 00:56 - 01326736 _____ C:\Users\caroljim\CJS_20080909OFXLOG.DAT
2013-10-02 15:53 - 2012-08-07 05:42 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-02 15:47 - 2013-10-02 15:47 - 00913832 _____ (Oracle Corporation) C:\Users\caroljim\Downloads\chromeinstall-7u40 (1).exe
2013-10-02 15:46 - 2013-10-02 15:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-02 15:44 - 2013-10-02 15:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-02 15:44 - 2013-10-02 15:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-02 15:44 - 2013-10-02 15:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-02 15:44 - 2013-10-02 15:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-02 15:44 - 2012-08-08 09:05 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-02 15:44 - 2012-08-08 09:05 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-02 15:42 - 2013-10-02 15:42 - 00913832 _____ (Oracle Corporation) C:\Users\caroljim\Downloads\chromeinstall-7u40.exe
2013-10-02 15:41 - 2012-08-06 18:04 - 00000000 ____D C:\Users\caroljim\AppData\Local\Adobe
2013-10-02 15:41 - 2012-08-06 16:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 15:41 - 2012-08-06 16:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-02 15:27 - 2009-07-14 00:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 15:27 - 2009-07-14 00:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 15:21 - 2013-10-02 15:21 - 00000000 ____D C:\Windows\Sun
2013-10-02 15:21 - 2013-10-02 15:21 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-02 14:58 - 2013-10-02 14:58 - 00024576 _____ C:\ComboFix.txt
2013-10-02 14:58 - 2013-10-02 14:51 - 00000000 ____D C:\Qoobox
2013-10-02 14:58 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2013-10-02 14:57 - 2013-10-02 14:51 - 00000000 ____D C:\Windows\erdnt
2013-10-02 14:57 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-10-02 14:44 - 2013-10-02 14:44 - 05132885 ____R (Swearware) C:\Users\caroljim\Downloads\ComboFix.exe
2013-10-02 00:12 - 2013-10-02 00:12 - 00002236 _____ C:\Users\caroljim\Documents\JRT.txt
2013-10-02 00:09 - 2013-10-02 00:09 - 00002236 _____ C:\Users\caroljim\Desktop\JRT.txt
2013-10-02 00:04 - 2013-10-02 00:04 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 00:03 - 2013-10-02 00:03 - 00003819 _____ C:\Users\caroljim\Documents\AdwCleaner[S0].odt
2013-10-02 00:00 - 2013-10-02 00:00 - 00000000 ____H C:\ProgramData\cm-lock
2013-10-01 23:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 23:57 - 2013-09-23 19:56 - 00004096 ___SH C:\VSNAP.IDX
2013-10-01 23:55 - 2013-10-01 23:24 - 00000000 ____D C:\AdwCleaner
2013-10-01 23:55 - 2012-08-05 22:41 - 00000177 ____H C:\dvmexp.idx
2013-10-01 23:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Registration
2013-10-01 22:32 - 2013-10-01 22:32 - 01030305 _____ (Thisisu) C:\Users\caroljim\Downloads\jrt.exe
2013-10-01 22:23 - 2013-10-01 22:22 - 01045226 _____ C:\Users\caroljim\Downloads\AdwCleaner.exe
2013-10-01 20:58 - 2013-01-01 14:59 - 00003736 _____ C:\Windows\System32\Tasks\caroljim
2013-10-01 18:23 - 2013-10-01 18:29 - 00003834 _____ C:\Users\caroljim\Documents\attach.zip
2013-10-01 18:01 - 2013-10-01 18:01 - 00002180 _____ C:\Users\Public\Desktop\WinZip.lnk
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Users\caroljim\Documents\Add-in Express
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Users\caroljim\AppData\Local\WinZip
2013-10-01 18:01 - 2013-10-01 18:01 - 00000000 ____D C:\Program Files\WinZip
2013-10-01 18:01 - 2012-08-18 17:50 - 00000000 ____D C:\ProgramData\WinZip
2013-10-01 18:01 - 2012-08-05 21:23 - 00000000 ____D C:\Users\caroljim
2013-10-01 16:33 - 2013-10-01 16:33 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-10-01 16:32 - 2013-10-01 22:40 - 00024733 _____ C:\Users\caroljim\Documents\dds.txt
2013-10-01 13:19 - 2012-08-06 09:13 - 00000000 ___RD C:\Users\caroljim\Desktop\Utilitys
2013-10-01 11:55 - 2013-10-01 11:55 - 00020496 _____ C:\Windows\PFRO.log
2013-10-01 11:55 - 2013-10-01 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-10-01 11:48 - 2012-08-07 00:12 - 00000000 ____D C:\Users\caroljim\AppData\Local\CrashDumps
2013-10-01 11:45 - 2012-08-10 16:42 - 00000000 ____D C:\Users\caroljim\BACKUP
2013-10-01 01:54 - 2012-08-06 09:32 - 00000000 ____D C:\Users\caroljim\Desktop\Financial
2013-09-28 13:55 - 2012-08-06 01:28 - 00000000 ____D C:\Users\caroljim\Documents\My RoboForm Data
2013-09-26 20:17 - 2012-08-06 01:30 - 00003502 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2013-09-25 01:42 - 2012-08-11 16:49 - 00000000 ____D C:\Users\caroljim\AppData\Local\Nero
2013-09-25 01:42 - 2012-08-06 20:31 - 00000000 ____D C:\ProgramData\Nero
2013-09-23 11:08 - 2012-08-08 09:46 - 00000504 _____ C:\0
2013-09-20 07:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-15 18:01 - 2012-08-07 15:36 - 00000000 ____D C:\Users\caroljim\Documents\Family Tree Maker
2013-09-15 17:58 - 2012-09-22 23:41 - 00000000 ____D C:\Users\caroljim\AppData\Roaming\FamilyTreeMaker
2013-09-14 08:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 10:09 - 2012-08-06 12:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 10:01 - 2012-09-02 12:04 - 00000000 ___RD C:\Users\caroljim\Virtual Machines
2013-09-13 10:01 - 2012-08-05 21:24 - 00000000 ___RD C:\Users\caroljim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 10:01 - 2012-08-05 21:24 - 00000000 ___RD C:\Users\caroljim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 10:00 - 2009-07-14 00:45 - 00497344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 09:55 - 2013-07-21 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-09-13 09:53 - 2012-08-06 09:14 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\caroljim\CJS_20080909OFXLOG.DAT
C:\Users\caroljim\en_res.dll
C:\Users\caroljim\es_res.dll
C:\Users\caroljim\fr_res.dll
C:\Users\caroljim\grm_res.dll
C:\Users\caroljim\it_res.dll
C:\Users\caroljim\jp_res.dll
C:\Users\caroljim\mfc80u.dll
C:\Users\caroljim\msvcr80.dll
C:\Users\caroljim\PCPE Setup.exe
C:\Users\caroljim\pt_res.dll
C:\Users\caroljim\ResourceReader.dll
C:\Users\caroljim\ru_res.dll
C:\Users\caroljim\zh_res.dll

Some content of TEMP:
====================
C:\Users\caroljim\AppData\Local\Temp\fs_health_check.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 02:37

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by caroljim at 2013-10-06 13:31:19
Running from C:\Users\caroljim\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-zip v9.20 (x32 Version: v9.20)
Acronis True Image Home 2012 (x32 Version: 15.0.7133)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
AI Suite (x32 Version: 1.06.20)
AMD USB Filter Driver (x32 Version: 1.0.15.94)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
AssistUO version 1.0.1 (x32 Version: 1.0.1)
ASUSUpdate (x32 Version: 7.18.03)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Audacity 2.0 (x32)
CH Gameport Devices (x32)
Corel MediaOne (x32 Version: 2.100.0000)
Corel Paint Shop Pro Photo X2 (x32 Version: 12.50.0001)
Corel Painter Photo Essentials 4 (x32 Version: 4.0)
Corel Painter Photo Essentials 4 (x32)
EaseUS Partition Master 9.1.1 Professional (x32)
Easy DVD Player (x32 Version: 3.5.1.0833)
EasyBCD 2.1.2 (x32 Version: 2.1.2)
Elevated Installer (x32 Version: 2.2.17)
EPSON Scan (x32)
EPU (x32 Version: 1.02.20)
eReg (x32 Version: 1.20.138.34)
Family Tree Maker 2012 (x32 Version: 21.0.388)
FinePixViewer Ver.5.5 (x32 Version: 5.5)
Garmin Express (x32 Version: 2.2.17)
Garmin Express Tray (x32 Version: 2.2.17)
Garmin Update Service (x32 Version: 2.2.17)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
ImageSkill Background Remover 3 (x32 Version: 3.0)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
LightScribe System Software (x32 Version: 1.18.22.2)
LiveUpdate 3.2 (Symantec Corporation) (x32 Version: 3.2.0.68)
Lizardtech DjVu Control (x32)
Lock On: Modern Air Combat (x32 Version: 1.00.000)
Logitech Harmony Remote Software 7 (x32 Version: 7.6.0.8)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0)
Logitech iTouch Software (x32)
Logitech SetPoint 6.51 (Version: 6.51.8)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 12 (x32 Version: 12.5.01300)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp (x32 Version: 12.5.7000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000)
Nero Backup Drivers (Version: 12.0.4000)
Nero Blu-ray Player (x32 Version: 12.0.20030)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000)
Nero Burning ROM (x32 Version: 12.5.6000)
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000)
Nero ControlCenter (x32 Version: 11.0.15600)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000)
Nero Core Components (x32 Version: 11.0.21800)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Express (x32 Version: 12.5.7000)
Nero Express Help (CHM) (x32 Version: 12.0.13000)
Nero Kwik Media (x32 Version: 1.18.20100)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero Recode (x32 Version: 12.5.6000)
Nero Recode Help (CHM) (x32 Version: 12.0.12000)
Nero RescueAgent (x32 Version: 12.0.11000)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Nero Video (x32 Version: 12.5.4000)
Nero Video Help (CHM) (x32 Version: 12.0.12000)
neroxml (x32 Version: 1.0.0)
Norton Bootable Recovery Tool Wizard (x32 Version: 5.1.0.26)
Norton Ghost (x32 Version: 15.0.1.36526)
Norton Internet Security (x32 Version: 20.4.0.40)
Nuance Cloud Connector (x32 Version: 3.2.826)
Nuance PDF Converter Professional 7 (Version: 7.30.6160)
Nuance PDF Converter Professional 7 (x32 Version: 7.30.6160)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OverDrive Media Console (x32 Version: 3.2.20)
Paragon Partition Manager™ 12 Free (x32 Version: 90.00.0003)
PC Magazine DiskAction v.3.0.3 (Version: 3.0.3)
PC Magazine TapeCalc 3.0 (x32)
PC Magazine TaskPower 5.0
PC Probe II (x32 Version: 1.04.87)
PCMag.com RegistryMaster (x32)
PCMag.com What's Going On 2 (x32)
PHOTORECOVERY LE (x32 Version: 1.0.0)
Picasa 3 (x32 Version: 3.9)
Pinnacle Instant DVD Recorder (x32 Version: 2.5.0.090)
Pinnacle Studio 12 (x32 Version: 12.1.3.6605)
Pinnacle Video Driver (Version: 12.00.0017)
Platform (x32 Version: 1.34)
PowerChute Personal Edition 3.0.2 (x32 Version: 3.0.2)
Prerequisite installer (x32 Version: 12.0.0003)
PVSonyDll (Version: 1.00.0001)
Quicken 2012 (x32 Version: 21.1.7.18)
Quicken WillMaker Plus 2012 (x32 Version: 1.0.0.0)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Recover My Files (x32 Version: 5.1.0.1635)
Remote Control USB Driver (x32 Version: 2.3.2.317)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0)
RoboForm 7-9-2-2 (All Users) (x32 Version: 7-9-2-2)
Scansoft PDF Professional (x32)
Seagate Dashboard 2.0 (x32 Version: 2.2.29.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Snagit 11 (x32 Version: 11.2.0)
The Right Track ® Software (x32 Version: 8.0 Freeware)
TurboTax 2011 (x32)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0222)
TurboTax 2011 wnhiper (x32 Version: 011.000.1505)
TurboTax 2011 wrapper (x32 Version: 011.000.0121)
TurboTax 2012 (x32 Version: 2012.0)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2243)
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0473)
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0184)
TurboTax 2012 wnhiper (x32 Version: 012.000.1305)
TurboTax 2012 wrapper (x32 Version: 012.000.0127)
Twin Commander (Version: 1.1)
Ultima Online Classic Client (x32 Version: )
UO Auto-Map 8.3.0.0 (x32 Version: 8.3.0.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Welcome App (Start-up experience) (x32 Version: 12.0.15000)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Windows XP Mode (Version: 1.3.7600.16423)
WinZip 17.5 (Version: 17.5.10480)
World of Warcraft (x32 Version: 5.3.0.17128)
XTrkCAD 4.0.3a (x32 Version: 4.0.3a)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)

==================== Restore Points  =========================

29-09-2013 04:00:57 Scheduled Checkpoint
01-10-2013 15:47:39 SpeedyPC Pro Backup
01-10-2013 22:00:13 Installed WinZip 17.5
02-10-2013 19:44:02 Installed Java 7 Update 40

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-10-02 14:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0230AB63-D568-4929-BB58-9EA44A81C9C4} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {0A1DB05F-4CDF-4C4C-ABCC-8E5447514656} - System32\Tasks\{3E16BC77-2439-4624-AC77-17B8190C944D} => C:\Games\EA Games\Ultima Online Mondain's Legacy\UO.exe
Task: {0F0CA9D1-B70D-4760-80A0-419404E3BFF8} - System32\Tasks\{5DCE0908-4890-47AD-9217-5F94AFCA2CE2} => C:\Games\EA Games\Ultima Online Mondain's Legacy\UO.exe
Task: {1BE8503B-339A-477F-A077-8C0CD1885434} - System32\Tasks\{24791747-7EC3-42FB-8528-0A75DAB1F04F} => C:\Games\World of Warcraft\Launcher.exe
Task: {2271778B-E6E7-4B5F-AF2F-7B2A22808E28} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30] (Seagate Technology LLC)
Task: {2F254C74-36EF-423D-B963-37405B94DAD2} - System32\Tasks\caroljim1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
Task: {4F01DFE3-56B2-4718-A931-7FF2FACADB60} - System32\Tasks\Playtopus Updater => Rundll32.exe C:\Users\caroljim\AppData\Local\Playtopus\Updater.dll,ProcessRequest
Task: {5E7EEB68-E88C-4A47-B3A6-5C251D26820B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {67B791B8-AD55-4C7E-B19F-5C997F4D06A2} - System32\Tasks\caroljim NBAgent 6 0 => C:\Program Files (x86)\Multimedia\Nero\Nero 11\Nero BackItUp\NBAgent.exe
Task: {67E4A7A3-3A95-44A6-8084-74796F2484A9} - System32\Tasks\{368495CB-07B4-41F1-850C-C786CDBA3889} => C:\Games\World of Warcraft\Launcher.exe
Task: {81B3CCDB-90EA-4932-A18B-5EEBDF099230} - System32\Tasks\caroljim => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
Task: {85B1624F-994C-44DA-B55C-B5353507464E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29] (Google Inc.)
Task: {918E7ED1-38A1-4483-87E8-2C26396965AD} - System32\Tasks\{6AA4180A-8319-4B71-B1C1-DDA8919581E3} => C:\Program Files (x86)\eBahn\eBahn.exe
Task: {9A913660-DB62-499B-86F1-005C51FC59EE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {9BAC5AD4-F535-4FE4-B782-B1BAD099423E} - System32\Tasks\{0F2E2C47-7AF7-465E-981F-178309EF83BF} => C:\Program Files (x86)\eBahn\eBahn.exe
Task: {A360AF43-63CE-4CF2-8490-DDA900AC22BD} - System32\Tasks\caroljim Nero LIVEBackup Merge 6 0 => C:\Program Files (x86)\Multimedia\Nero\Nero 11\Nero BackItUp\NBCore.exe
Task: {A60619FD-721A-43F3-A69E-8BE4891DE8CD} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.05\AsLoader.exe [2010-01-13] (ASUSTeK Computer Inc.)
Task: {A6FEEE72-EF1A-417F-848D-FF72AC6CAF7F} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {AED5B9E4-14D5-4853-BD52-5B76F2322DB6} - System32\Tasks\SmartDefrag_Startup => E:\Utilitys\IObit\Smart Defrag 2\SmartDefrag.exe [2011-08-25] (IObit)
Task: {B7927B07-6F43-450B-88E4-FA4CC0C5A176} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-09-26] (Siber Systems)
Task: {BAC95531-C4AC-46BB-ACF7-D36638E3186F} - System32\Tasks\{CA51DCE1-2EC6-40BB-9ECE-2DD25DA17779} => C:\Program Files (x86)\eBahn\eBahn.exe
Task: {C7EE5C1F-430A-42A6-9CEA-0991EE0CD059} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29] (Google Inc.)
Task: {D2074752-C085-4385-B8B5-B3608A0A9D56} - System32\Tasks\caroljim DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30] (Seagate Technology LLC)
Task: {D246255C-A6EB-4711-89B5-B9505744F86F} - System32\Tasks\Win764 => C:\Program Files (x86)\Multimedia\Nero\Nero 11\Nero BackItUp\NBCore.exe
Task: {D8901BF5-CF1B-4B55-8727-40227172CEBD} - System32\Tasks\{C1321064-1A26-42FE-8C03-940A494704C7} => C:\Games\EA Games\Ultima Online Mondain's Legacy\UO.exe
Task: {DDC9926B-D482-49EE-A955-85F64902A4FB} - System32\Tasks\caroljim Nero LIVEBackup 6 0 => C:\Program Files (x86)\Multimedia\Nero\Nero 11\Nero BackItUp\NBCore.exe
Task: {DF9876FD-3ED9-423A-84DB-F2BADAACC5CC} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-09-26] (Siber Systems)
Task: {E088A4B3-3BC4-4E4C-B1B7-871A150E5034} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E22CBF36-3907-4D20-BB4F-0526F2FD4945} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-07-31] (Microsoft Corporation)
Task: {FD89F2B4-ED06-4AF3-8875-421650000AB0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2012-08-05 23:05 - 2009-05-07 04:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-08-05 23:05 - 2009-05-07 04:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-08-05 23:05 - 2008-01-18 02:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2012-08-05 23:05 - 2010-03-02 03:31 - 64105984 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2012-08-05 23:02 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
2012-08-05 23:02 - 2010-01-08 17:17 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU\pngio.dll
2012-08-05 23:02 - 2010-01-08 17:17 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
2012-01-24 20:28 - 2012-01-24 20:28 - 00292720 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2012-01-24 20:28 - 2012-01-24 20:28 - 00079728 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2012-01-24 20:29 - 2012-01-24 20:29 - 00015728 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2013-02-21 16:01 - 2013-02-21 16:01 - 00095232 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\VideoRecording.dll
2013-02-21 16:00 - 2013-02-21 16:00 - 00089088 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\SDKRecorder.dll
2013-02-21 15:54 - 2013-02-21 15:54 - 04710400 ____R () C:\Program Files (x86)\TechSmith\Snagit 11\PDFNetC.dll
2013-06-14 01:49 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:CM_44977ed6a7ff7bfe1e803cef6d086b1536df60b20984bd7140bd0679d21b1812
AlternateDataStreams: C:\Windows:CM_87fa63fcf74db21305594142bd402517f659a0b1772b4c16fdd6c4f798223435
AlternateDataStreams: C:\ProgramData\TEMP:01C66DD9
AlternateDataStreams: C:\ProgramData\TEMP:0574215C
AlternateDataStreams: C:\ProgramData\TEMP:0D786AE3
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:A303874F
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2013 02:01:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/06/2013 02:00:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (10/03/2013 03:06:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/03/2013 03:05:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (10/02/2013 02:51:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: Garmin.Cartography.MapUpdate.CoreService.exe, version: 2.2.17.0, time stamp: 0x51ed4e1d
Faulting module name: clr.dll, version: 4.0.30319.1008, time stamp: 0x517a1be7
Exception code: 0xc00000fd
Fault offset: 0x00357df5
Faulting process id: 0x980
Faulting application start time: 0xGarmin.Cartography.MapUpdate.CoreService.exe0
Faulting application path: Garmin.Cartography.MapUpdate.CoreService.exe1
Faulting module path: Garmin.Cartography.MapUpdate.CoreService.exe2
Report Id: Garmin.Cartography.MapUpdate.CoreService.exe3

Error: (10/02/2013 02:40:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "ACME,processorArchitecture="x86",type="win32",version="12.0.0.0"1".
Dependent Assembly ACME,processorArchitecture="x86",type="win32",version="12.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/02/2013 02:38:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

System errors:
=============
Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (10/05/2013 02:31:40 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (10/05/2013 02:31:37 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (10/05/2013 02:31:37 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-02 14:55:34.639
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-02 14:55:34.514
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-13 12:40:39.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\caroljim\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-13 12:40:39.871
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\caroljim\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-08 09:00:56.392
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\PciCon64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-08-08 09:00:56.361
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\PciCon64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 12286.18 MB
Available physical RAM: 9074.84 MB
Total Pagefile: 24570.54 MB
Available Pagefile: 18898.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (windows 7 64bit) (Fixed) (Total:1024.34 GB) (Free:903.9 GB) NTFS
Drive e: (windows 7 32bit) (Fixed) (Total:372.83 GB) (Free:224.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9A4A3AAF)
Partition 1: (Active) - (Size=476 MB) - (Type=83)
Partition 2: (Not Active) - (Size=211 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 7E520938)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=373 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-1099148820480) - (Type=07 NTFS)

==================== End Of Log ============================



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 06 October 2013 - 02:53 PM

Hello Dusty45



I need you to download this script I have made for you --> Attached File  fixlist.txt   121bytes   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 06 October 2013 - 04:08 PM

Looks like it got Playtopus

 

Contents of fixlog fail to post??  But reports it ran and file can no longer be found.



#10 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 06 October 2013 - 08:12 PM

Came back to the computer after supper to find a RunDLL error stating:"There was a problem starting C:\Users\caroljim\AppData\Local\Playtopus\Udater.dll

 

The specified module could not be found."

 

'just when I yhought we had it.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 06 October 2013 - 09:08 PM



Please download Sysinternals Autoruns from here and save it to your desktop.
http://live.sysinternals.com/autoruns.exe

Note: If using Windows Vista or Windows 7 then you also need to do the following: Right-click on Autoruns.exe and select Properties
Click on the Compatibility tab
Under Privilege Level check the box next to Run this program as an administrator
Click on Apply then click OK

Double-click Autoruns.exe to run it.
Once it starts, please press the Esc key on your keyboard.
Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...
In the Autoruns Filter Options dialoge, verify that the following are unchecked, if they are checked, uncheck them:

Include empty locations
Hide Microsoft entries
Hide Windows entries

Verify that the following is checked, if it is unchecked, check it:

Verify code signatures

Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
Attach the Autoruns.zip folder you just created to your next reply
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 07 October 2013 - 12:35 AM

Ahha, Playtopus is found

 

Man I've looked everywhere and I cann't figure how to attach a file to this damn board.  So I attached it to a reply to your E-Mail and It Bounced back.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 07 October 2013 - 12:46 AM

Hello


Upload the file here and send me the link - https://www.wetransfer.com/
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 07 October 2013 - 12:56 AM

Link: http://we.tl/qd6w2BQw3U

 

Neat program!



#15 Dusty45

Dusty45
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Newbury, NH
  • Local time:11:32 PM

Posted 09 October 2013 - 09:42 PM

I removed the Task entry from Autoruns for Playtopus and havenn't been bothered by it since.  THANK YOU!!

 

Now for Alureon.A,  My ISP still sees it when i reboot.  I see nothing!?  The PC is running great.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users