Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Possible Virus.


  • This topic is locked This topic is locked
6 replies to this topic

#1 jbull328

jbull328

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 13 March 2014 - 11:21 AM

I am hopping someone can help me analyze the logs from this computer I am working on.
I have been having trouble with this pc for a while and it is likely infected.
I have run malware bytes and combo fix
Combo fix has found a large temp folder with tons and tons of Data is this an issue?
 
I am not that familiar with these logs so I could use a little help.
 
Thanks in advance.
Jbull


EDIT: Pm sent about attachment

Edited by jbull328, 14 March 2014 - 11:14 AM.


BC AdBot (Login to Remove)

 


#2 jbull328

jbull328
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 13 March 2014 - 01:03 PM

ComboFix 14-03-10.01 - skirk 03/12/2014  15:35:04.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8065.5525 [GMT -7:00]
Running from: c:\users\skirk\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection.cloud *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection.cloud *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection.cloud *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\pst
c:\program files (x86)\pst\Binaries\cds.log
c:\program files (x86)\pst\Binaries\CenterOneStub.dll
c:\program files (x86)\pst\Binaries\ConfigDataServer.dll
c:\program files (x86)\pst\Binaries\DotNet35SP1Checker.exe
c:\program files (x86)\pst\Binaries\DotNet35SP1CheckerLog.txt
c:\program files (x86)\pst\Binaries\DotNet40Checker.exe
c:\program files (x86)\pst\Binaries\DotNet40CheckerLog.txt
c:\program files (x86)\pst\Binaries\dotnetfx35setup.exe
c:\program files (x86)\pst\Binaries\dotnetfx40ClientSetup.exe
c:\program files (x86)\pst\Binaries\dotnetwic32.exe
c:\program files (x86)\pst\Binaries\dotnetwic64.exe
c:\program files (x86)\pst\Binaries\EULAChecker.exe
c:\program files (x86)\pst\Binaries\EULACheckerLog.txt
c:\program files (x86)\pst\Binaries\EULAViewer.exe
c:\program files (x86)\pst\Binaries\EULAViewer.log
c:\program files (x86)\pst\Binaries\Event Logs\IAB.txt
c:\program files (x86)\pst\Binaries\Event Logs\PW.txt
c:\program files (x86)\pst\Binaries\Features.xml
c:\program files (x86)\pst\Binaries\images\ABECAD_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\ABECADCB_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\CPUT_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\Crossworks_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\IAB_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\IATools_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\MCSStar_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\PropWorks_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\PSTGroup_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\RailBuilder_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\TRCS_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\UDD_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\PDL.dll
c:\program files (x86)\pst\Binaries\PDL.LOG
c:\program files (x86)\pst\Binaries\PPRStandard.dll
c:\program files (x86)\pst\Binaries\PSTLicenseAgreement.html
c:\program files (x86)\pst\Binaries\RACurrTray.exe
c:\program files (x86)\pst\Binaries\RADTConfig.zip
c:\program files (x86)\pst\Binaries\RAISEUpdater.exe
c:\program files (x86)\pst\Binaries\RAISEUpdater.log
c:\program files (x86)\pst\Binaries\RAISEUpdater_Last.log
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsst.exe
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsst.exe.config
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsstLog.txt
c:\program files (x86)\pst\Binaries\RAMediator.dll
c:\program files (x86)\pst\Binaries\RegisterUser.exe
c:\program files (x86)\pst\Binaries\RKWordAsst.exe
c:\program files (x86)\pst\Binaries\RKWordAsst.tlb
c:\program files (x86)\pst\Binaries\RUIForJava.dll
c:\program files (x86)\pst\Binaries\RUIHost.exe
c:\program files (x86)\pst\Binaries\Security.dll
c:\program files (x86)\pst\Binaries\ShareMFCTestDLL.dll
c:\program files (x86)\pst\Binaries\ShareMFCTestDLL2012.dll
c:\program files (x86)\pst\Binaries\Symx.Security.RegisterUser.Business.dll
c:\program files (x86)\pst\Binaries\UpdateDetails\PSTPermMain.html
c:\program files (x86)\pst\Binaries\UpdateDetails\PSTPermNoAccess.html
c:\program files (x86)\pst\Binaries\UpdateDetails\Startup_CurrentUpdater.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_CPUTandShared.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_Crossworks.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_eCADWorks.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_FTViewSE.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_IAB.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_MCSStar.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_ProductLibrary.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_ProposalWorks.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_RailBuilder.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_TRCS.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_UDD.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_UpdateAll.html
c:\program files (x86)\pst\Binaries\UpdaterDll.dll
c:\program files (x86)\pst\Binaries\UpdaterDllNT.dll
c:\program files (x86)\pst\Binaries\UpdaterInfo.xml
c:\program files (x86)\pst\Binaries\UpdaterWorker.dll
c:\program files (x86)\pst\Binaries\UpdtAsst.xml
c:\program files (x86)\pst\Binaries\vcredist_x86.exe
c:\program files (x86)\pst\Binaries\vcredist2012_x86.exe
c:\program files (x86)\pst\Binaries\VCRedist2012CheckerLog.txt
c:\program files (x86)\pst\Binaries\vcredistchecker.exe
c:\program files (x86)\pst\Binaries\VCRedistChecker2012.exe
c:\program files (x86)\pst\Binaries\VCRedistCheckerLog.txt
c:\program files (x86)\pst\Crossworks\abxworks.rep
c:\program files (x86)\pst\Crossworks\ABXWorks.upd
c:\program files (x86)\pst\Crossworks\Client Import to Crossworks.xls
c:\program files (x86)\pst\Crossworks\Compxref.xls
c:\program files (x86)\pst\Crossworks\FAQs CrossWorks.pdf
c:\program files (x86)\pst\Crossworks\Sample.xwd
c:\program files (x86)\pst\Crossworks\User Guide CrossWorks.pdf
c:\program files (x86)\pst\Crossworks\XAddRsp.exe
c:\program files (x86)\pst\Crossworks\Xworks.exe
c:\program files (x86)\pst\Crossworks\XWorksWhatsNew.txt
c:\program files (x86)\pst\Crossworks\XWStdExportPresets.PDM
c:\program files (x86)\pst\Discount\DefDPS.dat
c:\program files (x86)\pst\Discount\Radps.dll
c:\program files (x86)\pst\Discount\USA.dis
c:\program files (x86)\pst\eCADWorks Clipboard\ABECADCB.EXE
c:\program files (x86)\pst\eCADWorks Clipboard\DRAWINGS.DOC
c:\program files (x86)\pst\eCADWorks Clipboard\Drawings.xls
c:\program files (x86)\pst\eCADWorks Clipboard\FAQs eCADWorks Clipboard.pdf
c:\program files (x86)\pst\eCADWorks Clipboard\User Guide eCADWorks Clipboard.pdf
c:\program files (x86)\pst\eCADWorks\ABECAD.ACD
c:\program files (x86)\pst\eCADWorks\ABECAD.ACI
c:\program files (x86)\pst\eCADWorks\ABECAD.DWG
c:\program files (x86)\pst\eCADWorks\ABECAD.dwt
c:\program files (x86)\pst\eCADWorks\ABECADr2000-2002.arx
c:\program files (x86)\pst\eCADWorks\ABECADr2004-2006.arx
c:\program files (x86)\pst\eCADWorks\ABECADReadMe.txt
c:\program files (x86)\pst\eCADWorks\DRAWINGS.DOC
c:\program files (x86)\pst\eCADWorks\Drawings.xls
c:\program files (x86)\pst\eCADWorks\ecadworks2007-2009.arx
c:\program files (x86)\pst\eCADWorks\ecadworks2010.arx
c:\program files (x86)\pst\eCADWorks\FAQs eCADWorks.pdf
c:\program files (x86)\pst\eCADWorks\Templates\Proto3DINCH.dwt
c:\program files (x86)\pst\eCADWorks\Templates\Proto3DMM.dwt
c:\program files (x86)\pst\eCADWorks\Templates\Proto3VINCH.dwt
c:\program files (x86)\pst\eCADWorks\Templates\Proto3VMM.dwt
c:\program files (x86)\pst\eCADWorks\Thumbs.db
c:\program files (x86)\pst\eCADWorks\User Guide eCADWorks.pdf
c:\program files (x86)\pst\MCS Star\MCSGetDB.exe
c:\program files (x86)\pst\MCS Star\MCSLocID.pdm
c:\program files (x86)\pst\MCS Star\MCSStar.exe
c:\program files (x86)\pst\MCS Star\MCSStar_Default.mdb
c:\program files (x86)\pst\MCS Star\MCSStar_en.chm
c:\program files (x86)\pst\MCS Star\MCSStarSAVAT.CSV
c:\program files (x86)\pst\MCS Star\Projects\Sample.mcs
c:\program files (x86)\pst\MCS Star\README.pdf
c:\program files (x86)\pst\MCS Star\STDPROP.DFT
c:\program files (x86)\pst\MTBF\MTBF.rgd
c:\program files (x86)\pst\MTBF\MtbfApp.exe
c:\program files (x86)\pst\MTBF\MtbfLib.dll
c:\program files (x86)\pst\MTBF\RAISE.NET.dll
c:\program files (x86)\pst\MTBF\Symx.Raise.Model.dll
c:\program files (x86)\pst\MTBF\Symx.Raise.UI.dll
c:\program files (x86)\pst\MTBF\System.Data.SQLite.dll
c:\program files (x86)\pst\MTBF\system.data.sqlite64bit.dll
c:\program files (x86)\pst\MTBF\WeifenLuo.WinFormsUI.Docking.dll
c:\program files (x86)\pst\MTBF\weifenluo_license.txt
c:\program files (x86)\pst\ProposalWorks\abxref.dat
c:\program files (x86)\pst\ProposalWorks\AttachedServices_USA.csv
c:\program files (x86)\pst\ProposalWorks\AttachedServicesSettings.csv
c:\program files (x86)\pst\ProposalWorks\Bundled Services Template.dot
c:\program files (x86)\pst\ProposalWorks\CDSGenerator.dll
c:\program files (x86)\pst\ProposalWorks\cli_basetypes.dll
c:\program files (x86)\pst\ProposalWorks\cli_cppuhelper.dll
c:\program files (x86)\pst\ProposalWorks\cli_oootypes.dll
c:\program files (x86)\pst\ProposalWorks\cli_ure.dll
c:\program files (x86)\pst\ProposalWorks\cli_uretypes.dll
c:\program files (x86)\pst\ProposalWorks\COMPXREF.IMP
c:\program files (x86)\pst\ProposalWorks\CUSTDB.PDM
c:\program files (x86)\pst\ProposalWorks\customerpreparermaping.xml
c:\program files (x86)\pst\ProposalWorks\Discounts-2010.08.30-2011.02.28-.csv
c:\program files (x86)\pst\ProposalWorks\Discounts-2011.03.01-2011.09.30-.csv
c:\program files (x86)\pst\ProposalWorks\Discounts-2011.10.01-2012.08.26-.csv
c:\program files (x86)\pst\ProposalWorks\Discounts-2011.10.01-2012.09.26-.csv

c:\users\skirk\AppData\Local\assembly\tmp
c:\users\skirk\AppData\Roaming\Microsoft\Windows\Recent\Mail.url
C:\WindowsPODIUM.LOG
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-13 to 2014-03-13  )))))))))))))))))))))))))))))))
.
.
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\temp
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\IAG\AppData\Local\temp
2014-03-12 22:21 . 2014-03-12 22:24 -------- d-----w- C:\AdwCleaner
2014-03-12 21:56 . 2014-03-12 21:56 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-03-12 17:32 . 2014-03-12 17:32 -------- d-----w- c:\users\skirk\AppData\Roaming\Malwarebytes
2014-03-12 07:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 07:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 07:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 07:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 23:08 . 2014-03-11 23:08 -------- d-----w- c:\users\TopLevelIAG\AppData\Roaming\Malwarebytes
2014-03-11 22:57 . 2014-03-11 22:57 -------- d-----w- c:\programdata\Malwarebytes
2014-03-11 22:57 . 2014-03-11 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-11 22:57 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 22:57 . 2014-03-11 22:57 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\Programs
2014-03-11 22:55 . 2014-03-11 22:55 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\ElevatedDiagnostics
2014-03-11 22:51 . 2014-03-11 22:51 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\Google
2014-03-11 22:51 . 2014-03-12 14:53 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\Box Sync
2014-03-11 22:51 . 2014-03-11 22:51 -------- d-----w- c:\users\TopLevelIAG\AppData\Roaming\Apple Computer
2014-03-11 22:51 . 2014-03-12 14:52 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\LogMeIn Hamachi
2014-03-11 22:51 . 2014-03-11 22:51 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\LogMeIn
2014-03-04 19:51 . 2014-03-05 15:46 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028
2014-03-04 19:47 . 2014-03-04 19:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D775EA8D-D786-4EA4-AF81-5886E089D096}\offreg.dll
2014-03-01 00:02 . 2014-03-01 00:02 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-02-28 06:45 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D775EA8D-D786-4EA4-AF81-5886E089D096}\mpengine.dll
2014-02-26 01:45 . 2014-02-26 01:45 -------- d-----w- c:\windows\Migration
2014-02-13 15:22 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 15:22 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 04:48 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 04:48 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 04:48 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 04:48 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 00:44 . 2012-12-27 01:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:44 . 2012-12-27 01:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 19:51 . 2013-05-06 23:16 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-02-18 01:18 . 2012-03-19 23:57 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-31 20:49 . 2012-03-07 03:02 1488 ----a-w- c:\windows\SysWow64\RdcyReg.reg
2014-01-31 20:49 . 2012-03-07 03:02 1488 ----a-w- c:\windows\SysWow64\Rsvchost.reg
2013-12-19 04:09 . 2014-01-08 16:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 14:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Akamai NetSession Interface"="c:\users\skirk\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Box Edit"="c:\users\skirk\AppData\Local\Box\Box Edit\Box Edit.exe" [2013-12-18 470552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UsbCipHelper"="c:\program files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe" [2011-10-18 434176]
"Symantec Backup Exec System Recovery 2010"="c:\program files (x86)\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" [2009-10-02 2596712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-18 291608]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-27 3814736]
.
c:\users\skirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\skirk\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ssPaSetMgr;Symantec.cloud Scheduler;c:\program files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe;c:\program files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [x]
R2 ssSpnAv;Symantec.cloud Endpoint Protection;c:\program files\Symantec.cloud\AntiVirus\AVAgent.exe;c:\program files\Symantec.cloud\AntiVirus\AVAgent.exe [x]
R3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelper.exe;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelper.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 LogReceiver;LogReceiver;c:\program files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe;c:\program files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
R3 pcidnt;pcidnt;c:\windows\System32\Drivers\pcidnt.sys;c:\windows\SYSNATIVE\Drivers\pcidnt.sys [x]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE;c:\windows\PSEXESVC.EXE [x]
R3 RAUSBCIP;RAUSBCIP;c:\windows\system32\drivers\rausbcipwdf.sys;c:\windows\SYSNATIVE\drivers\rausbcipwdf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe;c:\program files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [x]
R3 silabser;Festo USB Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SimModuleService;1789-SIM Simulator Module;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SsPaAdm;Symantec.cloud Cloud Agent;c:\program files\Symantec.cloud\PlatformAgent\ccSvcHst.exe;c:\program files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Endpoint Protection.cloud Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140311.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140311.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys;c:\windows\SYSNATIVE\Drivers\VirtualBackplane.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe;c:\program files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [x]
S2 ccSet_Cloud;CC Standalone Settings Manager;c:\windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys;c:\windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [x]
S2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [x]
S2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x]
S2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files (x86)\Common Files\Rockwell\FTAEArchiver.exe;c:\program files (x86)\Common Files\Rockwell\FTAEArchiver.exe [x]
S2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files (x86)\Common Files\Rockwell\FTAE_HistServ.exe;c:\program files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [x]
S2 FTSysDiagSvcHost;FTSysDiagSvcHost;c:\program files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe;c:\program files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [x]
S2 NIS;Endpoint Protection.cloud;c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe;c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NmspHost;Rockwell Namespace Services;c:\program files (x86)\Common Files\Rockwell\NmspHost.exe;c:\program files (x86)\Common Files\Rockwell\NmspHost.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RdcyHost;Rockwell Redundancy Services;c:\program files (x86)\Common Files\Rockwell\RdcyHost.exe;c:\program files (x86)\Common Files\Rockwell\RdcyHost.exe [x]
S2 RnaAeServer;Rockwell Alarm Server;c:\program files (x86)\Common Files\Rockwell\RnaAeServer.exe;c:\program files (x86)\Common Files\Rockwell\RnaAeServer.exe [x]
S2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files (x86)\Common Files\Rockwell\RnaAlarmMux.exe;c:\program files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [x]
S2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe;c:\program files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EventServer;Rockwell Event Server;c:\program files (x86)\Common Files\Rockwell\EventServer.exe;c:\program files (x86)\Common Files\Rockwell\EventServer.exe [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 15:35 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 00:44]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:53]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:53]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119254589-3248773182-1858609496-1000Core.job
- c:\users\IAG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 16:56]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119254589-3248773182-1858609496-1000UA.job
- c:\users\IAG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 16:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 21:33 2331336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 21:33 2331336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 21:33 2331336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"SymantecPaui"="c:\program files\Symantec.cloud\PlatformAgent\PAUI.exe" [2013-08-09 2403216]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-03-11 13157856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{19C55AA0-143A-4363-93FF-938EB7DDD1EC}\84F4D454D234332423: NameServer = 192.168.168.210
TCP: Interfaces\{19C55AA0-143A-4363-93FF-938EB7DDD1EC}\941474D2055524C49434: NameServer = 192.168.168.210
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
FF - ProfilePath - c:\users\skirk\AppData\Roaming\Mozilla\Firefox\Profiles\xwuw9u01.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RACurrTray.lnk - c:\program files (x86)\PST\Binaries\RACurrTray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-FESTCOMM&1E29&0102 - c:\program files (x86)\Festo\CPX-FMT\DRIVERS\DriverUninstaller.exe VCP CP210x Cardinal\FESTCOMM&1E29&0102
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
c:\program files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
c:\program files (x86)\COMMON FILES\ROCKWELL\RsvcHost.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Rockwell\RnaDirServer.exe
c:\program files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\users\skirk\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2014-03-13  08:19:55 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-13 15:19
.
Pre-Run: 192,115,703,808 bytes free
Post-Run: 204,237,438,976 bytes free
.
- - End Of File - - A78286F96BA8388675A75D71A57C9BE2

 

I have omitted 99% of the first section of the log. It is massive.

Please let me know if that is needed.
 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 AM

Posted 18 March 2014 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/527408 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:43 PM

Posted 19 March 2014 - 04:09 AM

Hi jbull328,

Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. :welcome:
My name is Mako and I will be helping you with your computer problems.

Before we begin, please note the following:

  • Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • The instructions given are for your system only!
  • Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • If you don't understand something don't hesitate to ask before running the tools.

You have clicked the link the autobot provided, but haven't posted a new DDS log. In order to get a topical view of your machine, it is important to do so.

 

Can you describe your issues with this computer a bit further please? Is the computer running slow or hampers at some points? Do you see any unusual pop-ups or words in your internet browser?


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#5 jbull328

jbull328
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 19 March 2014 - 02:17 PM

Hi Mako,

Thanks for getting back to me,

The Computer takes around 5 mins to boot. It is a black screen while booting, it wasn't like that when I got it. Also some software I normally run wouldn't run at all but when I tried it in safe mode with networking it worked fine.

Right now I have the wifi is disabled, because when I turn it on the computer slows down even more, I ran malware bytes as I have had success with that program before but found nothing. That's pretty much where we are at.

Attached Files


Edited by jbull328, 19 March 2014 - 04:45 PM.


#6 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:43 PM

Posted 19 March 2014 - 04:38 PM

Hello,

 

It seems like you've attached only one file. Can you paste (or add) the content of the DDS.txt file too, please?


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#7 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:43 PM

Posted 22 March 2014 - 03:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users