Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install programs and Norton 360 not working


  • Please log in to reply
7 replies to this topic

#1 BigR99

BigR99

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 10 October 2013 - 03:10 PM

I initially noted Norton 360 wasn't working. I tried to run a variety of programmes including malewarebytes, Norton power eraser, tweaking.com repair all in one and a variety of Microsoft fixit programmes. All would seem to have difficulty loading/running with a variety of errors. I have had some help from this forum (http://www.bleepingcomputer.com/forums/t/509662/probable-vista-infection-norton-wont-openscan/#entry3178438). I still wonder whether my PC is infected or whether it is something else. The last suggestion was to run the DDS utility and post the results in a new topic. Unfortunately I cannot attach the text file as it comes up with blocked when I click on the choose files bock so I have had to paste it below - sorry!

 

Any help would be gratefully appreciated.

 

MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
Nero 8 Essentials
neroxml
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
Norton 360
NVIDIA Drivers
Oblivion
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OziExplorer 3.95
Picasa 2
PowerDVD
PRE11 STI Installer
PSE11 STI Installer
PunkBuster Services
QuickTime
Rapport
Realtek High Definition Audio Driver
RegInOut System Utilities
Reimage Repair
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Scratch
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Service Pack 1 for SQL Server 2008 (KB968369)
SolutionCenter
SonicStage 4.3
Spelling Dictionaries Support For Adobe Reader 9
Sql Server Customer Experience Improvement Program
Status
Steam
System Recovery
SystemDiagnostics
The Elder Scrolls V: Skyrim
Toolbox
TrayApp
Trusteer Endpoint Protection
Tweaking.com - Windows Repair (All in One)
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VBA (2627.01)
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
Windows Media Player Firefox Plugin
.
==== End Of File ===========================
 

-20.01) - NTFS_AMD64
Internet Explorer: 7.0.6002.18005  BrowserJavaVersion: 1.6.0_37
Run by Robin at 19:46:50 on 2013-10-10
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.4094.1420 [GMT 1:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
mWinlogon: Userinit = userinit.exe
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>
BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\Program Files (x86)\Secure Speed Dial\IE\SpeedDial.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - <orphaned>
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
BHO: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - <orphaned>
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Robin\AppData\Local\Akamai\netsession_win.exe"
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
dRun: [fts-reg] c:\fts-reg\ftsreg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - <orphaned>
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - <orphaned>
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{19994A4E-E7B0-41A1-B630-08C4A8873001} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - <orphaned>
Handler: ms-help - <Clsid value has no data>
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL
SSODL: WebCheck - <orphaned>
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>
x64-mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: ms-help - <Clsid value has no data>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\h1dzfmxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={FCE44296-F9DC-4C8F-9743-1224BFD8C51D}&mid=30803f1d1da647d38ec7d16d67572516-167f820e9ebddc1b962bebaf3d74c53e0b2e3ffd&lang=en&ds=is015&pr=sa&d=&v=&pid=&sg=&sap=hp
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\h1dzfmxl.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-28 09:52; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-10-09 22:08; speeddial@instair.net; C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\h1dzfmxl.default\extensions\speeddial@instair.net
FF - ExtSQL: !HIDDEN! 2009-09-02 00:12; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-24 56336]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-8 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-8 1139800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-2 37720]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-24 1525848]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-8 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131009.002\IDSviA64.sys [2013-10-10 520280]
R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-8-5 589872]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-9-10 265872]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-9-10 384432]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-8 224416]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symtdiv.sys [2013-6-8 457304]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-10-1 574272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-14 202752]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-7-22 219480]
R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-1-31 339776]
R2 MSSQL$ACCUCHEK360;SQL Server (ACCUCHEK360);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-2-10 29178224]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-8 144368]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
R2 ReimageRealTimeProtection;Reimage Real Time Protection;C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [2013-10-9 4395880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-10 140376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-16 1024680]
S0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2013-10-2 21160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-10-1 2470736]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-9-14 36328]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-14 82112]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-9-27 1432400]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-7-31 30192]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2011-11-26 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2011-11-26 41280]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-9-18 295696]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-14 157160]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-14 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-14 177128]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-9-14 145384]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-14 202560]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-10-09 07:15:31    80541720    ----a-w-    C:\Windows\System32\mrt.exe
2013-10-09 06:36:14    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 06:36:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 19:50:22    37720    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-09-30 08:16:10    268968    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2013-09-24 03:06:56    19456    ----a-w-    C:\Windows\SysWow64\corpol.dll
2013-09-23 23:56:20    1032192    ----a-w-    C:\Windows\System32\wininet.dll
2013-09-23 23:56:02    1430528    ----a-w-    C:\Windows\System32\urlmon.dll
2013-09-23 23:56:02    108544    ----a-w-    C:\Windows\System32\url.dll
2013-09-23 23:53:36    1129984    ----a-w-    C:\Windows\System32\mstime.dll
2013-09-23 23:53:20    763392    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-09-23 23:53:20    5731328    ----a-w-    C:\Windows\System32\mshtml.dll
2013-09-23 23:53:18    623104    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-09-23 23:52:31    32256    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-09-23 23:52:15    224768    ----a-w-    C:\Windows\System32\ieui.dll
2013-09-23 23:52:14    7051776    ----a-w-    C:\Windows\System32\ieframe.dll
2013-09-23 23:52:14    377856    ----a-w-    C:\Windows\System32\iertutil.dll
2013-09-23 23:52:14    249856    ----a-w-    C:\Windows\System32\iepeers.dll
2013-09-23 23:52:13    422400    ----a-w-    C:\Windows\System32\ieapfltr.dll
2013-09-23 23:52:13    146944    ----a-w-    C:\Windows\apppatch\AppPatch64\iebrshim.dll
2013-09-23 23:50:50    33792    ----a-w-    C:\Windows\System32\corpol.dll
2013-09-23 22:14:19    485376    ----a-w-    C:\Windows\System32\html.iec
2013-09-23 21:36:21    1383424    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-09-23 20:13:08    389632    ----a-w-    C:\Windows\SysWow64\html.iec
2013-09-23 20:01:13    1383424    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-09-13 17:54:06    3641688    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2013-09-13 13:23:54    32882688    ----a-w-    C:\Windows\System32\RCoRes64.dat
2013-09-12 18:23:40    149208    ----a-w-    C:\Windows\System32\RCoInstII64.dll
2013-09-12 17:03:10    2586840    ----a-w-    C:\Windows\System32\RtkAPO64.dll
2013-09-10 22:18:28    295696    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-09-05 16:23:24    4933328    ----a-w-    C:\Windows\System32\RTKSMlfx.dll
2013-09-05 16:22:04    848184    ----a-w-    C:\Windows\System32\RTKSMSettingsIPC.dll
2013-09-03 13:49:16    1344256    ----a-w-    C:\Windows\System32\MaxxAudioAPO5064.dll
2013-09-03 13:49:14    2103040    ----a-w-    C:\Windows\System32\WavesGUILib64.dll
2013-09-03 13:49:06    2036992    ----a-w-    C:\Windows\System32\MaxxAudioEQ64.dll
2013-09-03 13:49:04    14151936    ----a-w-    C:\Windows\System32\MaxxAudioRealtek64.dll
2013-09-03 13:48:56    27643648    ----a-w-    C:\Windows\System32\MaxxAudioVnA64.dll
2013-09-03 13:48:44    3713280    ----a-w-    C:\Windows\System32\MaxxAudioVnN64.dll
2013-09-03 13:48:10    1921792    ----a-w-    C:\Windows\System32\MaxxAudioRealtek264.dll
2013-09-03 13:47:42    1011968    ----a-w-    C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-08-29 07:48:37    2775552    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-27 03:39:20    327680    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-08-27 03:39:20    287232    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-08-27 03:39:20    196096    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-08-27 03:39:20    1268224    ----a-w-    C:\Windows\System32\d3d10.dll
2013-08-27 02:47:50    219648    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-08-27 02:32:30    2002944    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-08-27 02:30:51    566272    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-08-27 02:06:03    834048    ----a-w-    C:\Windows\System32\d2d1.dll
2013-08-27 02:00:46    1556480    ----a-w-    C:\Windows\System32\DWrite.dll
2013-08-27 02:00:46    1149952    ----a-w-    C:\Windows\System32\FntCache.dll
2013-08-27 01:52:08    1172480    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-08-27 01:28:36    1069056    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-08-24 02:14:06    897792    ----a-w-    C:\Windows\System32\sl3apo64.dll
2013-08-24 02:14:06    722688    ----a-w-    C:\Windows\System32\sltech64.dll
2013-08-24 02:14:04    244480    ----a-w-    C:\Windows\System32\slprp64.dll
2013-08-24 02:14:04    1014016    ----a-w-    C:\Windows\System32\slcnt64.dll
2013-08-20 19:17:16    2809048    ----a-w-    C:\Windows\System32\RtPgEx64.dll
2013-08-20 16:37:00    605496    ----a-w-    C:\Windows\System32\audioLibVc.dll
2013-08-14 15:36:14    662784    ----a-w-    C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-08-14 15:35:58    1084160    ----a-w-    C:\Windows\System32\MaxxAudioAPO4064.dll
2013-08-14 15:35:52    907008    ----a-w-    C:\Windows\System32\MaxxVoiceAPO2064.dll
2013-08-14 15:35:48    663296    ----a-w-    C:\Windows\System32\MaxxAudioAPO30.dll
2013-08-07 16:41:58    113576    ----a-w-    C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2013-08-07 16:34:26    765184    ----a-w-    C:\Windows\System32\MaxxSpeechAPO64.dll
2013-08-06 08:47:12    947248    ----a-w-    C:\Windows\System32\SFSS_APO.dll
2013-08-06 03:56:00    6219096    ----a-w-    C:\Windows\System32\DDPP64A.dll
2013-08-06 03:56:00    312152    ----a-w-    C:\Windows\System32\DDPO64A.dll
2013-08-06 03:56:00    261464    ----a-w-    C:\Windows\System32\DDPA64.dll
2013-08-06 03:56:00    1908568    ----a-w-    C:\Windows\System32\DDPD64A.dll
2013-08-05 17:11:14    2743328    ----a-w-    C:\Windows\System32\FMAPO64.dll
2013-08-02 19:16:50    1005784    ----a-w-    C:\Windows\System32\RtkApi64.dll
2013-08-02 14:06:01    1706496    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35    1548288    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-01 04:10:46    901568    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-08-01 03:37:02    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-07-26 13:05:42    617176    ----a-w-    C:\Windows\System32\RtDataProc64.dll
2013-07-23 14:39:06    790272    ----a-w-    C:\Windows\SysWow64\MaxxAudioAPOShell.dll
2013-07-20 10:45:44    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:44:53    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 20:01:51    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-17 19:41:34    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-16 09:25:53    689152    ----a-w-    C:\Windows\System32\themeui.dll
2013-07-16 04:35:16    615936    ----a-w-    C:\Windows\SysWow64\themeui.dll
.


Edited by hamluis, 10 October 2013 - 04:33 PM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:51 PM

Posted 13 October 2013 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Kaspersky removal tool.
http://support.kaspersky.com/common/service.aspx?el=1464

Delete all programs you have installed from them.

Restart the computer normally.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the log in your next reply DO NOT ATTACH ITTHEM.

Let me know what problem persists.

#3 BigR99

BigR99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 13 October 2013 - 05:10 PM

Hi Nasdaq,

 

Combofix results, thanks.

 

ComboFix 13-10-13.02 - Robin 13/10/2013  22:40:07.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.4094.2178 [GMT 1:00]
Running from: c:\users\Robin\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\firefox.exe
c:\program files (x86)\firefox.exe\7z.dll
c:\program files (x86)\firefox.exe\Chameleon\chameleon.chm
c:\program files (x86)\firefox.exe\Chameleon\firefox.com
c:\program files (x86)\firefox.exe\Chameleon\firefox.exe
c:\program files (x86)\firefox.exe\Chameleon\firefox.pif
c:\program files (x86)\firefox.exe\Chameleon\firefox.scr
c:\program files (x86)\firefox.exe\Chameleon\iexplore.exe
c:\program files (x86)\firefox.exe\Chameleon\mbam-chameleon.com
c:\program files (x86)\firefox.exe\Chameleon\mbam-chameleon.exe
c:\program files (x86)\firefox.exe\Chameleon\mbam-chameleon.pif
c:\program files (x86)\firefox.exe\Chameleon\mbam-chameleon.scr
c:\program files (x86)\firefox.exe\Chameleon\mbam-killer.exe
c:\program files (x86)\firefox.exe\Chameleon\rundll32.exe
c:\program files (x86)\firefox.exe\Chameleon\svchost.exe
c:\program files (x86)\firefox.exe\Chameleon\winlogon.exe
c:\program files (x86)\firefox.exe\changes.txt
c:\program files (x86)\firefox.exe\Languages\arabic.lng
c:\program files (x86)\firefox.exe\Languages\belarusian.lng
c:\program files (x86)\firefox.exe\Languages\bosnian.lng
c:\program files (x86)\firefox.exe\Languages\bulgarian.lng
c:\program files (x86)\firefox.exe\Languages\catalan.lng
c:\program files (x86)\firefox.exe\Languages\chineseSI.lng
c:\program files (x86)\firefox.exe\Languages\chineseTR.lng
c:\program files (x86)\firefox.exe\Languages\croatian.lng
c:\program files (x86)\firefox.exe\Languages\czech.lng
c:\program files (x86)\firefox.exe\Languages\danish.lng
c:\program files (x86)\firefox.exe\Languages\dutch.lng
c:\program files (x86)\firefox.exe\Languages\english.lng
c:\program files (x86)\firefox.exe\Languages\estonian.lng
c:\program files (x86)\firefox.exe\Languages\finnish.lng
c:\program files (x86)\firefox.exe\Languages\french.lng
c:\program files (x86)\firefox.exe\Languages\german.lng
c:\program files (x86)\firefox.exe\Languages\greek.lng
c:\program files (x86)\firefox.exe\Languages\hebrew.lng
c:\program files (x86)\firefox.exe\Languages\hungarian.lng
c:\program files (x86)\firefox.exe\Languages\indonesian.lng
c:\program files (x86)\firefox.exe\Languages\italian.lng
c:\program files (x86)\firefox.exe\Languages\japanese.lng
c:\program files (x86)\firefox.exe\Languages\korean.lng
c:\program files (x86)\firefox.exe\Languages\latvian.lng
c:\program files (x86)\firefox.exe\Languages\lithuanian.lng
c:\program files (x86)\firefox.exe\Languages\norwegian.lng
c:\program files (x86)\firefox.exe\Languages\polish.lng
c:\program files (x86)\firefox.exe\Languages\portugueseBR.lng
c:\program files (x86)\firefox.exe\Languages\portuguesePT.lng
c:\program files (x86)\firefox.exe\Languages\romanian.lng
c:\program files (x86)\firefox.exe\Languages\russian.lng
c:\program files (x86)\firefox.exe\Languages\serbian.lng
c:\program files (x86)\firefox.exe\Languages\slovak.lng
c:\program files (x86)\firefox.exe\Languages\slovenian.lng
c:\program files (x86)\firefox.exe\Languages\spanish.lng
c:\program files (x86)\firefox.exe\Languages\swedish.lng
c:\program files (x86)\firefox.exe\Languages\thai.lng
c:\program files (x86)\firefox.exe\Languages\turkish.lng
c:\program files (x86)\firefox.exe\Languages\vietnamese.lng
c:\program files (x86)\firefox.exe\license.rtf
c:\program files (x86)\firefox.exe\mbam.chm
c:\program files (x86)\firefox.exe\mbam.dll
c:\program files (x86)\firefox.exe\mbam.exe
c:\program files (x86)\firefox.exe\mbamcore.dll
c:\program files (x86)\firefox.exe\mbamext.dll
c:\program files (x86)\firefox.exe\mbamgui.exe
c:\program files (x86)\firefox.exe\mbamnet.dll
c:\program files (x86)\firefox.exe\mbampt.exe
c:\program files (x86)\firefox.exe\mbamscheduler.exe
c:\program files (x86)\firefox.exe\mbamservice.exe
c:\program files (x86)\firefox.exe\ssubtmr6.dll
c:\program files (x86)\firefox.exe\unins000.dat
c:\program files (x86)\firefox.exe\unins000.exe
c:\program files (x86)\firefox.exe\unins000.msg
c:\program files (x86)\firefox.exe\vbalsgrid6.ocx
c:\programdata\ntuser.dat
c:\users\Robin\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Robin\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\users\Robin\Documents\~WRL0005.tmp
c:\users\Robin\Documents\~WRL0006.tmp
c:\users\Robin\Documents\~WRL3014.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-13 to 2013-10-13  )))))))))))))))))))))))))))))))
.
.
2013-10-13 21:55 . 2013-10-13 22:00    --------    d-----w-    c:\users\Robin\AppData\Local\temp
2013-10-13 21:55 . 2013-10-13 21:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-10 06:25 . 2013-10-10 06:27    --------    d-----w-    C:\NBRT
2013-10-09 06:19 . 2013-10-09 06:19    --------    d-----w-    c:\programdata\CDB
2013-10-09 06:18 . 2013-10-09 06:18    --------    d-----w-    c:\program files\Reimage
2013-10-09 06:18 . 2013-10-13 16:37    --------    d-----w-    C:\rei
2013-10-09 06:15 . 2013-10-09 06:15    --------    d-----w-    c:\program files (x86)\Tweaking.com
2013-10-07 22:07 . 2013-10-07 22:07    --------    d-----w-    c:\programdata\RegInOut
2013-10-07 22:06 . 2013-10-07 22:07    --------    d-----w-    c:\program files (x86)\RegInOut System Utilities
2013-10-04 17:11 . 2013-10-04 17:11    --------    d-----w-    c:\program files (x86)\ESET
2013-10-04 16:55 . 2013-10-04 16:57    --------    d-----w-    C:\AdwCleaner
2013-10-03 06:12 . 2013-10-03 06:14    --------    d-----w-    c:\program files (x86)\123abc
2013-10-02 20:16 . 2013-04-17 19:21    26432    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2013-10-02 20:00 . 2012-09-23 04:17    21160    ----a-w-    c:\windows\system32\drivers\amdkmafd.sys
2013-10-02 19:51 . 2013-10-02 19:51    --------    d-----w-    c:\users\Robin\AppData\Local\Innovative Solutions
2013-10-02 19:51 . 2013-10-07 21:53    --------    d-----w-    c:\program files (x86)\Innovative Solutions
2013-10-02 19:50 . 2013-10-02 19:50    37720    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-10-02 19:50 . 2013-10-02 19:50    --------    d-----w-    c:\program files (x86)\AVG SafeGuard toolbar
2013-10-02 19:50 . 2013-10-02 19:50    --------    d--h--w-    c:\programdata\Common Files
2013-10-01 22:24 . 2013-09-30 08:16    268968    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2013-10-01 22:23 . 2013-10-01 22:24    --------    d-----w-    c:\program files (x86)\Secure Speed Dial
2013-10-01 22:23 . 2013-10-01 22:23    --------    d-----w-    c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-01 22:22 . 2013-10-01 22:24    --------    d-----w-    c:\programdata\IObit
2013-10-01 22:22 . 2013-10-01 22:22    --------    d-----w-    c:\users\Robin\AppData\Roaming\IObit
2013-10-01 22:22 . 2013-10-01 22:22    --------    d-----w-    c:\program files (x86)\IObit
2013-10-01 18:25 . 2013-10-02 19:30    --------    d-----w-    c:\users\Robin\AppData\Local\LogMeIn Rescue Applet
2013-09-30 22:32 . 2013-09-30 22:32    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-30 22:32 . 2013-04-04 13:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-09-30 16:26 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-09-30 16:20 . 2013-09-30 16:20    --------    d-----w-    c:\program files (x86)\stinger
2013-09-30 14:07 . 2013-09-30 15:03    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-30 13:48 . 2013-09-30 13:48    --------    d-----w-    c:\users\Robin\AppData\Roaming\Malwarebytes
2013-09-30 13:48 . 2013-09-30 13:48    --------    d-----w-    c:\programdata\Malwarebytes
2013-09-29 19:21 . 2013-09-29 19:21    --------    d-----w-    c:\program files (x86)\Flickr Uploadr
2013-09-28 14:16 . 2013-09-28 22:45    --------    d-----w-    c:\program files\Common Files\Autodesk Shared
2013-09-28 14:16 . 2013-09-28 14:16    --------    d-----w-    c:\program files (x86)\DWG TrueView 2013
2013-09-28 14:01 . 2013-09-28 14:01    --------    d-----w-    c:\program files (x86)\Microsoft WSE
2013-09-28 14:00 . 2010-05-26 10:41    2526056    ----a-w-    c:\windows\system32\D3DCompiler_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    2106216    ----a-w-    c:\windows\SysWow64\D3DCompiler_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    1907552    ----a-w-    c:\windows\system32\d3dcsx_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    1868128    ----a-w-    c:\windows\SysWow64\d3dcsx_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    276832    ----a-w-    c:\windows\system32\d3dx11_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    248672    ----a-w-    c:\windows\SysWow64\d3dx11_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    511328    ----a-w-    c:\windows\system32\d3dx10_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    470880    ----a-w-    c:\windows\SysWow64\d3dx10_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    1998168    ----a-w-    c:\windows\SysWow64\D3DX9_43.dll
2013-09-28 14:00 . 2010-05-26 10:41    2401112    ----a-w-    c:\windows\system32\D3DX9_43.dll
2013-09-28 13:52 . 2013-09-28 22:45    --------    d-----w-    c:\program files (x86)\Common Files\Autodesk Shared
2013-09-28 13:52 . 2013-09-28 13:52    --------    d-----w-    c:\program files (x86)\Autodesk
2013-09-27 14:52 . 2013-10-08 22:14    --------    d-----w-    c:\programdata\FLEXnet
2013-09-27 08:20 . 2013-09-27 08:20    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2013-09-27 08:15 . 2013-09-28 17:43    --------    d-----w-    c:\program files\Autodesk
2013-09-26 23:50 . 2013-09-28 23:07    --------    d-----w-    c:\users\Robin\AppData\Roaming\Autodesk
2013-09-26 23:50 . 2013-09-28 22:48    --------    d-----w-    c:\programdata\Autodesk
2013-09-26 19:08 . 2013-09-28 12:54    --------    d-----w-    C:\Autodesk
2013-09-23 20:06 . 2013-09-28 23:07    --------    d-----w-    c:\users\Robin\AppData\Local\Autodesk
2013-09-23 20:02 . 2013-10-08 22:14    --------    d-----w-    c:\users\Robin\AppData\Local\Akamai
2013-09-23 20:01 . 2013-09-23 20:01    --------    d-----w-    c:\programdata\Applications
2013-09-14 18:07 . 2013-10-02 22:11    --------    d-----w-    c:\users\Robin\AppData\Local\NPE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 07:15 . 2006-11-02 12:35    80541720    ----a-w-    c:\windows\system32\mrt.exe
2013-10-09 06:36 . 2012-04-16 14:22    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 06:36 . 2011-08-14 07:48    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-24 03:07 . 2013-10-09 07:13    53760    ----a-w-    c:\windows\apppatch\iebrshim.dll
2013-09-23 23:52 . 2013-10-09 07:13    146944    ----a-w-    c:\windows\apppatch\AppPatch64\iebrshim.dll
2013-09-10 22:18 . 2011-09-18 20:02    295696    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-08-02 14:06 . 2013-08-27 20:55    1706496    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-02 04:09 . 2013-08-27 20:55    1548288    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-17 20:01 . 2013-08-15 17:52    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-15 17:52    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-07-16 09:25 . 2013-09-12 19:50    689152    ----a-w-    c:\windows\system32\themeui.dll
2013-07-16 04:35 . 2013-09-12 19:50    615936    ----a-w-    c:\windows\SysWow64\themeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-23 39408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-07-22 1093464]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 545872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928]
"Akamai NetSession Interface"="c:\users\Robin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-29 19856]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files (x86)\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111T\wlan111t.exe [2011-11-26 995328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys;c:\windows\SYSNATIVE\drivers\adp94xx.sys [x]
R4 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys;c:\windows\SYSNATIVE\drivers\adpahci.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
wcssvc    REG_MULTI_SZ       WcsPlugInService
DcomLaunch    REG_MULTI_SZ       PlugPlay DcomLaunch
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AeLookupSvc
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
SessionEnv
schedule
winmgmt
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-20 19:48    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 06:36]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 19:21]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 19:21]
.
2013-10-13 c:\windows\Tasks\User_Feed_Synchronization-{81A77B81-294B-4EC9-8E44-771838BA080D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
AeLookupSvc
wercplsupport
Themes
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
hkmsvc
EapHost
schedule
winmgmt
SessionEnv
browser
ProfSvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\h1dzfmxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={FCE44296-F9DC-4C8F-9743-1224BFD8C51D}&mid=30803f1d1da647d38ec7d16d67572516-167f820e9ebddc1b962bebaf3d74c53e0b2e3ffd&lang=en&ds=is015&pr=sa&d=&v=&pid=&sg=&sap=hp
FF - ExtSQL: 2013-09-28 09:52; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-10-09 22:08; speeddial@instair.net; c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\h1dzfmxl.default\extensions\speeddial@instair.net
FF - ExtSQL: !HIDDEN! 2009-09-02 00:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-fts-reg - c:\fts-reg\ftsreg.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4215180896-3694020858-4162859440-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3d,84,0a,2f,62,55,7e,76,96,de,95,d6,54,bf,51,ae,a8,cb,2a,af,78,5b,21,
   8d,19,18,4f,8e,de,45,2d,be,d9,d2,16,f1,24,06,38,a1,62,31,69,b9,91,77,49,78,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-4215180896-3694020858-4162859440-1000\Software\SecuROM\License information*]
"datasecu"=hex:b4,61,87,c5,9b,ce,47,9f,a5,20,c1,30,de,38,01,3d,70,b2,38,e8,e2,
   81,cb,83,2a,a2,fc,10,5c,13,74,cf,7c,d2,55,77,79,6f,c1,de,59,db,a0,81,83,e7,\
"rkeysecu"=hex:36,02,68,c6,2b,f2,6d,78,11,85,1e,66,81,c5,ed,8e
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\dynamiclinkmanager.exe
c:\windows\SysWOW64\WerFault.exe
.
**************************************************************************
.
Completion time: 2013-10-13  23:07:02 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-13 22:07
.
Pre-Run: 121,320,878,080 bytes free
Post-Run: 119,835,373,568 bytes free
.
- - End Of File - - D66E90B454897B3E7D2386BCB45F4F53
5C616939100B85E558DA92B899A0FC36
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:51 PM

Posted 14 October 2013 - 08:03 AM

Looking better.

Let me know what problem persists.

#5 BigR99

BigR99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 15 October 2013 - 06:44 AM

Hi,

 

Still having a number of problems. There seems to be an issue with Windows Installer, I tried to open a Powerpoint presentation, it tried to install powerpoint then stopped saying an issue with windows installer. I checked on the MS support site and  then tried to download microsoft portable fixit tool. This failed with a 80040154 error. I moved to Windows Repair (all-in-one), it downloads but won't run saying the script is out of range. I haven't tried to re-install 360 from disc yet but can do that this evening. Also no sound beyond bleeps although drivers/speakers etc seem to work ok and everytime I re-boot I get a message saying dynamiclinkmanager not working, searching internet for a  solution then nothing happens.

 

Any further suggestions gratefully appreciated.

 

Cheers



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:51 PM

Posted 15 October 2013 - 09:06 AM

Also no sound beyond bleeps although drivers/speakers etc seem to work ok and everytime I re-boot


The sequence of the beeps at startup can possibly lead you to a solutions.

See if you can find a pattern here.
http://www.computerhope.com/beep.htm
===

I get a message saying dynamiclinkmanager not working


This is the culprit.

c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\dynamiclinkmanager.exe


Can you reinstall the Elements 11 Organizer?

If you can I would remove it using the Add/Remove Programs.
Restart the computer normally.
Reinstall the application. You may have to save you personal files if you go that way.

#7 BigR99

BigR99
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 15 October 2013 - 05:52 PM

I am unable to uninstall elements as the computer says it is not there despite the icons appearing in control panel and the files being visible on the drive. I am also unable to access the CD to uninstall/reinstall as it says the autorun file is not there. My CD drive appears to working Ok although windows media player is not.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:51 PM

Posted 16 October 2013 - 09:20 AM

I am unable to uninstall elements as the computer says it is not there despite the icons appearing in control panel and the files being visible on the drive.

Can you just reinstall the application in the safe location?

===
 

unable to access the CD to uninstall/reinstall as it says the autorun file is not there. My CD drive appears to working Ok although windows media player is not.


Try some of the fixes suggested on this article. Hope you can get Windows Media back.
http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/windows-media-player-is-not-working-in-windows-7/1c7fb038-dbea-4442-809c-a0caf9201cbf

==

If all fails, then try this.

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Remove Policies Set By Infections
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users