Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi, I have picked up a redirect virus named jsdone.


  • This topic is locked This topic is locked
16 replies to this topic

#1 LionsnTigersnBears

LionsnTigersnBears

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 25 November 2013 - 11:20 AM

Hi

 

I have picked up a browser redirect virus and possibly more.  I would appreciate your help in removing this.

 

Thank you



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:14 AM

Posted 25 November 2013 - 02:00 PM

Hello LionsnTigersnBears and Welcome to Bleeping Computer!

Before we can continue I need you to read this topic and post the logs in your next post.

http://www.bleepingcomputer.com/forums/topic34773.html

Edited by seedy21, 25 November 2013 - 02:01 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 27 November 2013 - 10:23 AM

Hi, thank you for your response.  I have been tied up with overtime at work due to the approaching holidays.  I will run these as soon as possible and post.



#4 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 27 November 2013 - 10:40 AM

DDS.txt:

*****************************************************************

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Jasmine at 9:36:46 on 2013-11-27
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8049.5740 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Better-Surf: {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Jasmine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\Users\Jasmine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1C0D608F-6EA3-496A-B4E8-0AFDFEC53876} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5D980D4E-BD09-4692-8C7C-152DC11425A9} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL,C:\Windows\SysWOW64\nvinit.dll C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-10-27 651832]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-2-18 30496]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800]
R1 AntiLog32;AntiLog32;C:\windows\System32\Drivers\AntiLog64.sys [2013-1-19 49240]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-19 1524824]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\windows\System32\Drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-12-19 92536]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131126.001\IDSviA64.sys [2013-11-27 521816]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-12-19 1091520]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-12-19 1112000]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-19 7168]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-12-19 2451456]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-10-31 41024]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-19 166720]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe [2007-4-5 208896]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-2-21 1914728]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\Drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-19 365376]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-12-19 110592]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-12-19 825344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-22 137648]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-12-19 55848]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-12-19 342528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]
R3 keycrypt;keycrypt;C:\windows\System32\Drivers\KeyCrypt64.sys [2013-1-19 25056]
R3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\N360x64\1404000.028\symelam.sys [2013-7-16 23448]
S2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
S3 DellRbtn;Airplane Mode Switch;C:\windows\System32\Drivers\DellRbtn.sys [2012-12-19 10752]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-8-9 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\Drivers\nvstusb.sys [2012-12-19 445288]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-12-19 315536]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-8-9 48096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384]
.
=============== Created Last 30 ================
.
2013-11-26 16:34:16 -------- d-----w- C:\Program Files (x86)\Cisco
2013-11-26 16:31:51 -------- d-----w- C:\ProgramData\Package Cache
2013-11-26 16:31:35 -------- d-----w- C:\windows\LastGood.Tmp
2013-11-25 15:08:01 280752 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-25 14:52:33 -------- d-----w- C:\Program Files (x86)\Better-Surf
2013-11-20 12:09:49 1890816 ----a-w- C:\windows\System32\crypt32.dll
2013-11-20 12:08:32 2304512 ----a-w- C:\windows\System32\authui.dll
2013-11-20 12:08:32 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-11-07 22:28:15 -------- d-----w- C:\Program Files\iPod
2013-11-07 22:28:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 22:28:14 -------- d-----w- C:\Program Files\iTunes
2013-11-07 22:28:14 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-11-25 14:54:11 49240 ----a-w- C:\windows\System32\drivers\AntiLog64.sys
2013-11-05 22:58:57 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-05 22:58:57 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-10-16 19:03:00 10674488 ----a-w- C:\windows\SysWow64\ZALSDKCore.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-09 04:12:50 2193136 ----a-w- C:\windows\System32\Netwuw01.dll
2013-10-09 04:12:46 3345376 ----a-w- C:\windows\System32\drivers\NETwew00.sys
2013-10-02 23:25:41 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-01 22:22:19 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-09-23 22:30:14 419328 ----a-w- C:\windows\System32\schannel.dll
2013-09-23 22:30:03 323072 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-13 22:36:37 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-09-04 03:11:23 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2013-08-30 05:43:40 61784 ----a-w- C:\windows\System32\drivers\crashdmp.sys
2013-08-30 05:20:13 1173504 ----a-w- C:\windows\System32\UIAutomationCore.dll
2013-08-29 23:48:12 914432 ----a-w- C:\windows\SysWow64\UIAutomationCore.dll
.
============= FINISH:  9:37:18.90 ===============
 


Attach.txt

*************************************

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 1/19/2013 2:07:35 PM
System Uptime: 11/27/2013 9:15:44 AM (0 hours ago)
.
Motherboard: Dell Inc.          |  | 04M3YM
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz | CPU Socket - U3E1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 870.212 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Description: USB-IF xHCI USB Host Controller
Device ID: ROOT\UOIP_BUS_DRIVER\0000
Manufacturer: Intel Corporation
Name: USB-IF xHCI USB Host Controller
PNP Device ID: ROOT\UOIP_BUS_DRIVER\0000
Service: XHCIPort
.
==== System Restore Points ===================
.
RP38: 11/7/2013 10:36:02 AM - Scheduled Checkpoint
RP39: 11/13/2013 9:08:43 AM - Windows Update
RP40: 11/22/2013 1:42:26 PM - Windows Update
RP41: 11/26/2013 10:30:37 AM - Windows Update
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
64 Bit HP CIO Components Installer
Adobe Reader XI (11.0.05)
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Amazon Browser App
AntiLogger SDK version 1.6.6.296
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
BufferChm
Constant Guard Protection Suite
Copy
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Touchpad
Destinations
DeviceDiscovery
DocProc
Fax
Fitbit Connect
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Officejet and Deskjet All-In-One Driver Software
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
iCloud
Intel® Control Center
Intel® Management Engine Components
Intel® PRO/Wireless Driver
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.6
Intel® WiDi
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 15 (64-bit)
Java Auto Updater
Linksys EasyLink Advisor
MarketResearch
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
My Dell
Network64
Norton Security Suite
NVIDIA Control Panel 314.07
NVIDIA Graphics Driver 314.07
NVIDIA Install Application
NVIDIA Optimus 1.12.12
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.12.12
NVIDIA Update Components
OCR Software by I.R.I.S. 14.0
Photo Common
Photo Gallery
Pure Networks Platform
Quicken 2012
Quickset64
QuickTime
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Scan
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Shared C Run-time for x64
Software Version Updater
SolutionCenter
Status
System Checkup 3.3
TaxACT 2012 - 1040 Edition
TaxACT 2012 Arkansas
Toolbox
TrayApp
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
WebEx Support Manager for Internet Explorer
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wireless Keyboard & Mouse Driver
ZENcast Organizer
.
==== Event Viewer Messages From Past Week ========
.
11/27/2013 9:19:09 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  The password for this account has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/27/2013 9:19:09 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
11/27/2013 9:16:51 AM, Error: Service Control Manager [7034]  - The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
11/25/2013 8:59:10 AM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.
11/25/2013 8:59:10 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
11/25/2013 8:55:02 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
11/25/2013 8:54:26 AM, Error: Service Control Manager [7030]  - The CGPS Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/22/2013 2:09:45 PM, Error: Ntfs [55]  - A corruption was discovered in the file system structure on volume OS. A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".
11/22/2013 1:55:53 PM, Error: Service Control Manager [7023]  -
11/22/2013 1:54:00 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:  An instance of the service is already running.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7034]  - The Application Information service terminated unexpectedly.  It has done this 1 time(s).
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The System Events Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Secondary Logon service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The IP Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/22/2013 1:53:00 PM, Error: Service Control Manager [7000]  - The Computer Browser service failed to start due to the following error:  The pipe has been ended.
11/22/2013 1:51:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8 for x64-based Systems (KB2876331).
11/22/2013 1:51:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8 for x64-based Systems (KB2875783).
11/22/2013 1:51:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8 for x64-based Systems (KB2862152).
11/22/2013 1:48:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2883201).
11/22/2013 1:48:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8 for x64-based Systems (KB2868626).
11/22/2013 1:48:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Cumulative Security Update for ActiveX Killbits for Windows 8 for x64-based Systems (KB2900986).
11/22/2013 1:48:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Security Update for Windows 8 for x64-based Systems (KB2868725).
.
==== End Of File ===========================
 



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:14 AM

Posted 27 November 2013 - 04:46 PM

Hello LionsnTigersnBears

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
     
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
     
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
     
  • If you are using Cracked or Illegal software your thread will be closed
     

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Please Download Farbar Recovery Scan Tool download Farbar Recovery Scan Tool 64-Bit and save it to your Desktop.
  • Double Click the Program to Run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log FRST.txt and Additional.txt which will open in Notepad. Please copy and paste it to your reply.[/list]

Edited by seedy21, 27 November 2013 - 04:47 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 27 November 2013 - 05:09 PM

# AdwCleaner v3.013 - Report created 27/11/2013 at 16:02:27
# Updated 24/11/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Jasmine - TFNEW
# Running from : C:\Users\Jasmine\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Users\Jasmine\AppData\Local\Conduit
Folder Deleted : C:\Users\Jasmine\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Jasmine\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Jasmine\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jasmine\AppData\LocalLow\PriceGong
File Deleted : C:\END
File Deleted : C:\windows\Tasks\AmiUpdXp.job
File Deleted : C:\windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [10905 octets] - [27/11/2013 16:00:46]
AdwCleaner[S0].txt - [10828 octets] - [27/11/2013 16:02:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10889 octets] ##########



#7 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 27 November 2013 - 05:26 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Jasmine on Wed 11/27/2013 at 16:14:27.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AE8DA065-FCBA-4616-B936-E6575C7EA31F}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/27/2013 at 16:22:41.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 27 November 2013 - 05:33 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by Jasmine (administrator) on TFNEW on 27-11-2013 16:30:43
Running from C:\Users\Jasmine\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(UASSOFT.COM) C:\Program Files (x86)\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [4384928 2012-07-12] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [CTSyncU.exe] - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] ()
HKCU\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [nmctxth] - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\UpdatusUser\...\Run: [CTSyncU.exe] - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] ()
HKU\UpdatusUser\...\RunOnce: [Inetreg] - C:\Program Files (x86)\InstallShield Installation Information\{AC85CD9E-BC46-4874-90E6-ADB558DE7D9E}\setup.exe [116880 2003-11-10] (InstallShield Software Corporation)
HKU\UpdatusUser\...\RunOnce: [CTPostBootSequencer] - C:\Windows\Temp\CTPBSeq.exe [65536 2005-05-31] (Creative Technology Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [250504 2013-02-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL,C:\Windows\SysWOW64\nvinit.dll C:\windows\SysWOW64\nvinit.dll [205184 2013-02-09] (NVIDIA Corporation)
Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - DefaultScope {FB730E0F-75C1-4F63-AD7C-3E098E388A30} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {FB730E0F-75C1-4F63-AD7C-3E098E388A30} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {FB730E0F-75C1-4F63-AD7C-3E098E388A30} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {FB730E0F-75C1-4F63-AD7C-3E098E388A30} URL =
SearchScopes: HKCU - {FB730E0F-75C1-4F63-AD7C-3E098E388A30} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
BHO-x32: Better-Surf - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll ()
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll (WhiteSky)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0
CHR Extension: (Google Wallet) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (BetterSrf) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
R2 HPSLPSVC; C:\Users\Jasmine\AppData\Local\Temp\7zS31E3\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 KMWDSERVICE; C:\Program Files (x86)\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe [208896 2007-04-05] (UASSOFT.COM)
S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-11-25] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [1525848 2013-09-25] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSVia64.sys [520280 2013-09-23] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131127.003\ENG64.SYS [126040 2013-11-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131127.003\EX64.SYS [2099288 2013-11-27] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 TDKLIB; \??\C:\Users\Jasmine\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-27 16:30 - 2013-11-27 16:30 - 00019297 _____ C:\Users\Jasmine\Desktop\FRST.txt
2013-11-27 16:30 - 2013-11-27 16:30 - 00000000 ____D C:\FRST
2013-11-27 16:22 - 2013-11-27 16:22 - 00001083 _____ C:\Users\Jasmine\Desktop\JRT.txt
2013-11-27 16:14 - 2013-11-27 16:14 - 00000000 ____D C:\windows\ERUNT
2013-11-27 16:13 - 2013-11-27 16:13 - 00000000 ____D C:\windows\System32\Tasks\Norton Security Suite
2013-11-27 16:00 - 2013-11-27 16:02 - 00000000 ____D C:\AdwCleaner
2013-11-27 15:59 - 2013-11-27 15:59 - 01958850 _____ (Farbar) C:\Users\Jasmine\Desktop\FRST64.exe
2013-11-27 15:59 - 2013-11-27 15:59 - 01034531 _____ (Thisisu) C:\Users\Jasmine\Desktop\JRT.exe
2013-11-27 15:58 - 2013-11-27 15:58 - 01091882 _____ C:\Users\Jasmine\Desktop\AdwCleaner.exe
2013-11-27 10:43 - 2013-11-27 16:06 - 00002442 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-11-27 09:37 - 2013-11-27 09:38 - 00023037 _____ C:\Users\Jasmine\Desktop\dds.txt
2013-11-27 09:37 - 2013-11-27 09:38 - 00015460 _____ C:\Users\Jasmine\Desktop\attach.txt
2013-11-27 09:33 - 2013-11-27 09:33 - 00688992 ____R (Swearware) C:\Users\Jasmine\Desktop\dds.com
2013-11-27 09:16 - 2013-11-27 09:16 - 00433000 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-26 10:34 - 2013-11-26 10:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-26 10:31 - 2013-11-26 10:31 - 00000000 ____D C:\windows\LastGood.Tmp
2013-11-26 10:31 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-25 08:53 - 2013-11-25 08:53 - 00000000 _____ C:\extensions.sqlite
2013-11-25 08:52 - 2013-11-25 08:52 - 00000000 ____D C:\Program Files (x86)\Better-Surf
2013-11-20 06:10 - 2013-10-10 05:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-11-20 06:10 - 2013-10-10 03:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-20 06:10 - 2013-10-10 03:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-11-20 06:10 - 2013-10-02 17:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-20 06:10 - 2013-10-01 16:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-20 06:10 - 2013-09-13 19:15 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-11-20 06:10 - 2013-09-13 16:36 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-11-20 06:10 - 2013-09-13 16:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-11-20 06:10 - 2013-09-13 16:36 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-11-20 06:10 - 2013-09-13 16:36 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-11-20 06:10 - 2013-09-13 16:36 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-11-20 06:10 - 2013-09-13 16:34 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-11-20 06:10 - 2013-09-13 16:33 - 03279360 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-11-20 06:10 - 2013-09-13 16:33 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-11-20 06:10 - 2013-09-13 16:33 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-11-20 06:10 - 2013-09-13 16:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-11-20 06:10 - 2013-09-13 16:33 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-11-20 06:10 - 2013-09-13 16:33 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-11-20 06:10 - 2013-09-13 16:33 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-11-20 06:10 - 2013-09-13 16:33 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-11-20 06:10 - 2013-09-03 21:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-20 06:10 - 2013-08-29 23:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2013-11-20 06:10 - 2013-08-29 23:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2013-11-20 06:10 - 2013-08-29 17:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2013-11-20 06:10 - 2013-08-21 00:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-11-20 06:10 - 2013-08-10 00:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2013-11-20 06:10 - 2013-08-09 23:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-11-20 06:10 - 2013-08-09 21:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-11-20 06:10 - 2013-07-24 17:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-20 06:10 - 2013-07-24 17:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-11-20 06:10 - 2013-07-11 19:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2013-11-20 06:10 - 2013-07-11 19:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2013-11-20 06:09 - 2013-10-12 02:45 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-20 06:09 - 2013-10-12 02:45 - 01364992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-20 06:09 - 2013-10-12 02:45 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-20 06:09 - 2013-10-12 02:43 - 19269632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-20 06:09 - 2013-10-12 02:43 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-20 06:09 - 2013-10-12 02:43 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-20 06:09 - 2013-10-12 02:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-20 06:09 - 2013-10-12 02:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-20 06:09 - 2013-10-12 02:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-20 06:09 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-20 06:09 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-20 06:09 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-20 06:09 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-20 06:09 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-20 06:09 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-20 06:09 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-20 06:09 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-20 06:09 - 2013-10-01 17:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-20 06:09 - 2013-10-01 17:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-20 06:09 - 2013-09-23 16:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-20 06:09 - 2013-09-23 16:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-20 06:09 - 2013-08-23 01:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-11-20 06:09 - 2013-08-22 19:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-11-20 06:08 - 2013-10-01 17:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-20 06:08 - 2013-10-01 17:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-07 16:28 - 2013-11-07 16:28 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\Program Files\iPod
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2013-11-27 16:30 - 2013-11-27 16:30 - 00019297 _____ C:\Users\Jasmine\Desktop\FRST.txt
2013-11-27 16:30 - 2013-11-27 16:30 - 00000000 ____D C:\FRST
2013-11-27 16:25 - 2013-01-19 15:16 - 00000000 ____D C:\Users\Jasmine\AppData\Roaming\ID Vault
2013-11-27 16:22 - 2013-11-27 16:22 - 00001083 _____ C:\Users\Jasmine\Desktop\JRT.txt
2013-11-27 16:21 - 2013-01-19 14:14 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3273612433-2046082030-895261141-1002
2013-11-27 16:20 - 2013-01-19 14:07 - 01632943 _____ C:\windows\WindowsUpdate.log
2013-11-27 16:14 - 2013-11-27 16:14 - 00000000 ____D C:\windows\ERUNT
2013-11-27 16:13 - 2013-11-27 16:13 - 00000000 ____D C:\windows\System32\Tasks\Norton Security Suite
2013-11-27 16:13 - 2012-12-19 08:29 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-11-27 16:09 - 2012-07-26 01:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-27 16:08 - 2012-07-25 23:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-11-27 16:06 - 2013-11-27 10:43 - 00002442 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-11-27 16:06 - 2013-01-19 15:38 - 00003228 _____ C:\windows\System32\Tasks\Norton WSC Integration
2013-11-27 16:06 - 2013-01-19 15:38 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2013-11-27 16:06 - 2012-07-26 02:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-11-27 16:05 - 2013-09-16 13:35 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-27 16:04 - 2012-07-26 01:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-27 16:03 - 2012-07-25 23:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-11-27 16:02 - 2013-11-27 16:00 - 00000000 ____D C:\AdwCleaner
2013-11-27 16:02 - 2012-07-26 02:12 - 00000000 ____D C:\windows\system32\sru
2013-11-27 15:59 - 2013-11-27 15:59 - 01958850 _____ (Farbar) C:\Users\Jasmine\Desktop\FRST64.exe
2013-11-27 15:59 - 2013-11-27 15:59 - 01034531 _____ (Thisisu) C:\Users\Jasmine\Desktop\JRT.exe
2013-11-27 15:58 - 2013-11-27 15:58 - 01091882 _____ C:\Users\Jasmine\Desktop\AdwCleaner.exe
2013-11-27 15:50 - 2013-09-16 13:35 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-27 10:43 - 2013-01-19 15:38 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-27 10:43 - 2013-01-19 15:38 - 00008222 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-27 10:43 - 2013-01-19 15:29 - 00000000 ____D C:\ProgramData\Norton
2013-11-27 10:42 - 2013-01-19 15:38 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-11-27 10:39 - 2013-01-19 15:29 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-27 10:14 - 2013-01-25 21:10 - 00000000 ____D C:\Users\Jasmine\Documents\Outlook Files
2013-11-27 09:38 - 2013-11-27 09:37 - 00023037 _____ C:\Users\Jasmine\Desktop\dds.txt
2013-11-27 09:38 - 2013-11-27 09:37 - 00015460 _____ C:\Users\Jasmine\Desktop\attach.txt
2013-11-27 09:33 - 2013-11-27 09:33 - 00688992 ____R (Swearware) C:\Users\Jasmine\Desktop\dds.com
2013-11-27 09:21 - 2012-07-26 02:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-11-27 09:16 - 2013-11-27 09:16 - 00433000 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-27 09:15 - 2012-12-19 09:58 - 00152018 _____ C:\windows\PFRO.log
2013-11-26 10:35 - 2012-12-19 08:15 - 00000000 ____D C:\ProgramData\Intel
2013-11-26 10:34 - 2013-11-26 10:34 - 00000000 ____D C:\Program Files (x86)\Cisco
2013-11-26 10:34 - 2012-12-19 10:00 - 00000000 ____D C:\Program Files\Common Files\Intel
2013-11-26 10:34 - 2012-12-19 10:00 - 00000000 ____D C:\Program Files (x86)\Intel
2013-11-26 10:34 - 2012-12-19 08:16 - 00000000 ____D C:\ProgramData\Intel.sav
2013-11-26 10:34 - 2012-12-19 08:14 - 00000000 ____D C:\Program Files\Intel
2013-11-26 10:31 - 2013-11-26 10:31 - 00000000 ____D C:\windows\LastGood.Tmp
2013-11-26 10:31 - 2013-11-26 10:31 - 00000000 ____D C:\ProgramData\Package Cache
2013-11-26 10:31 - 2012-12-19 10:00 - 00000000 ____D C:\Intel
2013-11-25 08:54 - 2013-02-23 22:45 - 00001166 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-11-25 08:54 - 2013-01-19 15:23 - 00000000 ____D C:\Users\Jasmine\AppData\Local\ID Vault
2013-11-25 08:54 - 2013-01-19 15:16 - 00049240 _____ (Zemana Ltd.) C:\windows\system32\Drivers\AntiLog64.sys
2013-11-25 08:54 - 2013-01-19 15:16 - 00002191 _____ C:\Users\Public\Desktop\Constant Guard.lnk
2013-11-25 08:54 - 2013-01-19 15:16 - 00000000 ____D C:\windows\SysWOW64\ZALSDK_uninst
2013-11-25 08:54 - 2013-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-11-25 08:54 - 2013-01-19 15:16 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-11-25 08:53 - 2013-11-25 08:53 - 00000000 _____ C:\extensions.sqlite
2013-11-25 08:52 - 2013-11-25 08:52 - 00000000 ____D C:\Program Files (x86)\Better-Surf
2013-11-22 15:05 - 2012-07-26 02:12 - 00000000 ____D C:\windows\rescache
2013-11-22 14:17 - 2012-07-26 02:12 - 00000000 ____D C:\windows\WinStore
2013-11-22 13:52 - 2012-07-26 02:12 - 00000000 ___RD C:\windows\ToastData
2013-11-22 13:51 - 2013-01-22 23:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-22 13:48 - 2013-07-24 20:49 - 00000000 ____D C:\windows\system32\MRT
2013-11-22 13:45 - 2013-01-25 20:30 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-20 06:02 - 2013-06-19 15:32 - 00000000 ____D C:\Program Files\My Dell
2013-11-20 06:02 - 2012-12-19 08:21 - 00000000 ____D C:\ProgramData\PCDr
2013-11-19 08:02 - 2013-01-22 21:52 - 00000000 ____D C:\Users\Jasmine\Documents\Finance
2013-11-19 07:55 - 2013-09-16 13:35 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 09:28 - 2012-07-26 02:12 - 00000000 ____D C:\windows\system32\NDF
2013-11-07 16:28 - 2013-11-07 16:28 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\Program Files\iPod
2013-11-07 16:28 - 2013-11-07 16:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-05 16:58 - 2013-09-16 09:57 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 16:58 - 2013-09-16 09:57 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-29 10:31 - 2012-07-26 01:21 - 00027319 _____ C:\windows\setupact.log

Some content of TEMP:
====================
C:\Users\Jasmine\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-22 14:06

==================== End Of Log ============================


Edited by LionsnTigersnBears, 27 November 2013 - 05:35 PM.


#9 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 27 November 2013 - 05:40 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013 01
Ran by Jasmine at 2013-11-27 16:31:12
Running from C:\Users\Jasmine\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

5600 (x32 Version: 140.0.425.000)
5600_Help (x32 Version: 82.0.242.000)
5600Trb (x32 Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000)
AIO_CDB_Software (x32 Version: 140.0.428.000)
AIO_Scan (x32 Version: 130.0.421.000)
Amazon Browser App (x32 Version: 1.0.0.0)
AntiLogger SDK version 1.6.6.296 (x32 Version: 1.6.6.296)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Bing Bar (x32 Version: 7.2.241.0)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.298.000)
Constant Guard Protection Suite (x32 Version: 1.13.1030.3)
Copy (x32 Version: 140.0.298.000)
Creative Removable Disk Manager (x32)
Creative System Information (x32)
Creative ZEN V Series (R2) (x32 Version: 1.0)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913)
CyberLink Media Suite Essentials (x32 Version: 10.0)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904)
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.5)
Dell Backup and Recovery (x32 Version: 1.0.0.5)
Dell Touchpad (Version: 8.1200.101.209)
Destinations (x32 Version: 140.0.253.000)
DeviceDiscovery (x32 Version: 140.0.298.000)
DocProc (x32 Version: 140.0.185.000)
Fax (x32 Version: 140.0.307.000)
Fitbit Connect (x32 Version: 1.0.0.2578)
Google Chrome (x32 Version: 31.0.1650.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.297.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (Version: 14.0)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.298.000)
iCloud (Version: 3.0.2.163)
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577)
Intel® Processor Graphics (x32 Version: 9.17.10.2849)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.0.0344)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.5.0.0248)
Intel® Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel® Turbo Boost Technology Monitor 2.6 (Version: 2.6.2.0)
Intel® WiDi (Version: 3.5.34.0)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
iTunes (Version: 11.1.3.8)
Java 7 Update 15 (64-bit) (Version: 7.0.150)
Java Auto Updater (x32 Version: 2.0.5.1)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94)
Linksys EasyLink Advisor (x32)
MarketResearch (x32 Version: 140.0.299.000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3503.0728)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
My Dell (Version: 3.4.6361.48)
Network64 (Version: 140.0.306.000)
Norton Security Suite (x32 Version: 21.1.0.18)
NVIDIA Control Panel 314.07 (Version: 314.07)
NVIDIA Graphics Driver 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Optimus 1.12.12 (Version: 1.12.12)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
Pure Networks Platform (x32 Version: 11.1.9051.0)
Quicken 2012 (x32 Version: 21.1.7.18)
Quickset64 (Version: 11.1.27)
QuickTime (x32 Version: 7.74.80.86)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Scan (x32 Version: 140.0.253.000)
Shared C Run-time for x64 (Version: 10.0.0)
SolutionCenter (x32 Version: 140.0.299.000)
Status (x32 Version: 140.0.342.000)
System Checkup 3.3 (x32 Version: 3.3.2.56)
TaxACT 2012 - 1040 Edition (x32)
TaxACT 2012 Arkansas (x32)
Toolbox (x32 Version: 140.0.596.000)
TrayApp (x32 Version: 140.0.297.000)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
WebEx Support Manager for Internet Explorer (x32 Version: 6.5.47)
WebReg (x32 Version: 140.0.297.017)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
Wireless Keyboard & Mouse Driver (x32 Version: 2.0)
ZENcast Organizer (x32)

==================== Restore Points  =========================

07-11-2013 16:36:02 Scheduled Checkpoint
13-11-2013 15:08:43 Windows Update
22-11-2013 19:42:26 Windows Update
26-11-2013 16:30:37 Windows Update

==================== Hosts content: ==========================

2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {185684F0-82B4-4D5E-93A0-6B1ECA5796BE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-11-06] (PC-Doctor, Inc.)
Task: {196DFE3A-13D1-4054-B7F1-DB90125DF281} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {214B13FC-8E1E-42F0-84EF-A4CACFA93FF0} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {26B6F4A2-F88C-47B7-B11B-FCA549F497E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {474203F0-F6CA-46E9-8E00-DF90DD219DC1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A062111-2A21-4D41-AB6D-CF69EE223ABA} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {7B7648C0-C1A1-4309-99FB-933F2BA10754} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {A1186260-9174-4A0F-91D3-4A1250B3820A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {ABBB7B21-7499-4715-A498-4A20431C378D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {B6984BF6-1B2F-4EE2-A89C-A98E6018FA5D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BA5AB2A4-7695-4565-8AD3-C288B226A6D6} - \AmiUpdXp No Task File
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DE1CC67C-96D8-4955-868D-8A65F62A1771} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F4539B5B-FD15-4F54-98E4-7AE28DE40234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 09:37 - 2012-07-25 14:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-19 09:38 - 2012-08-01 02:02 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-19 09:38 - 2012-08-01 02:02 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-31 13:50 - 2013-10-31 13:50 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2013-02-23 17:54 - 2007-02-07 16:51 - 00188416 ____N () C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncRs.crl
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-12-19 08:23 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2013-08-19 16:19 - 2013-08-19 16:19 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll
2012-12-19 08:14 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-25 03:15 - 2013-11-25 03:15 - 00086016 _____ () C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2013 04:23:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: devmonsrv.exe, version: 2.5.0.244, time stamp: 0x50220e70
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x13f8
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (11/27/2013 04:23:37 PM) (Source: Application Error)(User: )
Description: devmonsrv.exe2.5.0.24450220e70unknown0.0.0.000000000c00000050000000013f801ceebbcce9caaf6C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeunknown8efdbe5e-57b2-11e3-beb4-6036dd28fcbb

CodeIntegrity Errors:
===================================
  Date: 2013-11-27 16:30:15.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:30:15.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:30:15.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:30:15.604
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:26:32.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:26:32.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:26:32.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:26:31.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:26:13.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imthx64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-27 16:26:13.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\imapo64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 8048.93 MB
Available physical RAM: 5371.26 MB
Total Pagefile: 9264.93 MB
Available Pagefile: 6821.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.28 GB) (Free:869.48 GB) NTFS
Drive e: (USB20FD) (Removable) (Total:7.59 GB) (Free:6.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 0A1E24F1)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)

==================== End Of Log ============================



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:14 AM

Posted 28 November 2013 - 03:08 PM

Hello LionsnTigersnBears

Step 1

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.

Step 2

Please download Malwarebytes' AntiMalware.
Double click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.

Attached Files


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 28 November 2013 - 05:37 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013
Ran by Jasmine at 2013-11-28 16:36:00 Run:1
Running from C:\Users\Jasmine\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [x]
SearchScopes: HKCU - DefaultScope {FB730E0F-75C1-4F63-AD7C-3E098E388A30} URL =
SearchScopes: HKCU - {FB730E0F-75C1-4F63-AD7C-3E098E388A30} URL =
BHO-x32: Better-Surf - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files (x86)\Better-Surf\ie\BetterSrf.dll ()
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
CHR Extension: (BetterSrf) - C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 TDKLIB; \??\C:\Users\Jasmine\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [x]
C:\Program Files (x86)\Better-Surf\
C:\Users\Jasmine\AppData\Local\Temp\ExtactTemp\
C:\Users\Jasmine\AppData\Local\Temp\Quarantine.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB730E0F-75C1-4F63-AD7C-3E098E388A30} => Key deleted successfully.
HKCR\CLSID\{FB730E0F-75C1-4F63-AD7C-3E098E388A30} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} => Key deleted successfully.
C:\Users\Jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco => Key deleted successfully.
C:\Program Files (x86)\Better-Surf\ch\Chrome.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
TDKLIB => Service deleted successfully.
C:\Program Files (x86)\Better-Surf\ => Moved successfully.
"C:\Users\Jasmine\AppData\Local\Temp\ExtactTemp\" => File/Directory not found.
C:\Users\Jasmine\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====



#12 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 28 November 2013 - 05:46 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Jasmine :: TFNEW [administrator]

Protection: Enabled

11/28/2013 4:41:21 PM
mbam-log-2013-11-28 (16-41-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233229
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:14 AM

Posted 29 November 2013 - 06:03 PM

Hi LionsnTigersnBears

Step 1

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
    [list]
  • Check in "Uninstall application on close"
  • Close program
If threats were found:
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply
Step 2

How is your machine running ? Are you having any further issues?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 LionsnTigersnBears

LionsnTigersnBears
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 30 November 2013 - 05:09 PM

Hi Seedy21, my computer is running MUCH better.  No annoying pop ups everytime I click in my browser.  Here is the ESET scan log:

 

*************************

 

C:\AdwCleaner\Quarantine\C\Users\Jasmine\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.I application cleaned by deleting - quarantined
C:\FRST\Quarantine\Better-Surf\ie\BetterSrf.dll a variant of Win32/AdWare.BetterSurf.B application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:07:14 AM

Posted 02 December 2013 - 11:19 AM

Hi LionsnTigersnBears

According to your logs, your system should now be clean.If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :


Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.
  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.


    Turn On Automatic Updates:

    Turn On Automatic Updates

    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users