Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow PC, When contented to Wifi Lots of network activity.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Jackbull328

Jackbull328

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 14 March 2014 - 12:37 PM

Am I hosed?
System takes forever to boot and log into the user account.
Black screen for about 3 min's then it finally logs in and is slow. I disabled the wireless nic. Due to constant network activity.
I did run malware bytes and it found a rouge antivirus.2008 but uninstalling it did not fix the problems so I ran combo fix on my own.
It deleted about 10 gigs of data.
This has me a little freaked out because I recently had a similar thing on another computer on my work group network.
I think users have been added to this machine as I see several strange files under c:/user...
Please take a look at this log, any help would be appreciated.


ComboFix 14-03-10.01 - skirk 03/12/2014 15:35:04.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8065.5525 [GMT -7:00]
Running from: c:\users\skirk\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection.cloud *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection.cloud *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection.cloud *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\pst
c:\program files (x86)\pst\Binaries\cds.log
c:\program files (x86)\pst\Binaries\CenterOneStub.dll
c:\program files (x86)\pst\Binaries\ConfigDataServer.dll
c:\program files (x86)\pst\Binaries\DotNet35SP1Checker.exe
c:\program files (x86)\pst\Binaries\DotNet35SP1CheckerLog.txt
c:\program files (x86)\pst\Binaries\DotNet40Checker.exe
c:\program files (x86)\pst\Binaries\DotNet40CheckerLog.txt
c:\program files (x86)\pst\Binaries\dotnetfx35setup.exe
c:\program files (x86)\pst\Binaries\dotnetfx40ClientSetup.exe
c:\program files (x86)\pst\Binaries\dotnetwic32.exe
c:\program files (x86)\pst\Binaries\dotnetwic64.exe
c:\program files (x86)\pst\Binaries\EULAChecker.exe
c:\program files (x86)\pst\Binaries\EULACheckerLog.txt
c:\program files (x86)\pst\Binaries\EULAViewer.exe
c:\program files (x86)\pst\Binaries\EULAViewer.log
c:\program files (x86)\pst\Binaries\Event Logs\IAB.txt
c:\program files (x86)\pst\Binaries\Event Logs\PW.txt
c:\program files (x86)\pst\Binaries\Features.xml
c:\program files (x86)\pst\Binaries\images\ABECAD_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\ABECADCB_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\CPUT_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\Crossworks_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\IAB_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\IATools_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\MCSStar_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\PropWorks_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\PSTGroup_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\RailBuilder_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\TRCS_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\UDD_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\PDL.dll
c:\program files (x86)\pst\Binaries\PDL.LOG
c:\program files (x86)\pst\Binaries\PPRStandard.dll
c:\program files (x86)\pst\Binaries\PSTLicenseAgreement.html
c:\program files (x86)\pst\Binaries\RACurrTray.exe
c:\program files (x86)\pst\Binaries\RADTConfig.zip
c:\program files (x86)\pst\Binaries\RAISEUpdater.exe
c:\program files (x86)\pst\Binaries\RAISEUpdater.log
c:\program files (x86)\pst\Binaries\RAISEUpdater_Last.log
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsst.exe
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsst.exe.config
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsstLog.txt
c:\program files (x86)\pst\Binaries\RAMediator.dll
c:\program files (x86)\pst\Binaries\RegisterUser.exe
c:\program files (x86)\pst\Binaries\RKWordAsst.exe
c:\program files (x86)\pst\Binaries\RKWordAsst.tlb
c:\program files (x86)\pst\Binaries\RUIForJava.dll
c:\program files (x86)\pst\Binaries\RUIHost.exe
c:\program files (x86)\pst\Binaries\Security.dll
c:\program files (x86)\pst\Binaries\ShareMFCTestDLL.dll
c:\program files (x86)\pst\Binaries\ShareMFCTestDLL2012.dll
c:\program files (x86)\pst\Binaries\Symx.Security.RegisterUser.Business.dll
c:\program files (x86)\pst\Binaries\UpdateDetails\PSTPermMain.html
c:\program files (x86)\pst\Binaries\UpdateDetails\PSTPermNoAccess.html
c:\program files (x86)\pst\Binaries\UpdateDetails\Startup_CurrentUpdater.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_CPUTandShared.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_Crossworks.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_eCADWorks.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_FTViewSE.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_IAB.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_MCSStar.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_ProductLibrary.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_ProposalWorks.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_RailBuilder.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_TRCS.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_UDD.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_UpdateAll.html
c:\program files (x86)\pst\Binaries\UpdaterDll.dll
c:\program files (x86)\pst\Binaries\UpdaterDllNT.dll
c:\program files (x86)\pst\Binaries\UpdaterInfo.xml
c:\program files (x86)\pst\Binaries\UpdaterWorker.dll
c:\program files (x86)\pst\Binaries\UpdtAsst.xml
c:\program files (x86)\pst\Binaries\vcredist_x86.exe
c:\program files (x86)\pst\Binaries\vcredist2012_x86.exe
c:\program files (x86)\pst\Binaries\VCRedist2012CheckerLog.txt
c:\program files (x86)\pst\Binaries\vcredistchecker.exe
c:\program files (x86)\pst\Binaries\VCRedistChecker2012.exe
c:\program files (x86)\pst\Binaries\VCRedistCheckerLog.txt
c:\program files (x86)\pst\Crossworks\abxworks.rep
c:\program files (x86)\pst\Crossworks\ABXWorks.upd
c:\program files (x86)\pst\Crossworks\Client Import to Crossworks.xls
c:\program files (x86)\pst\Crossworks\Compxref.xls
c:\program files (x86)\pst\Crossworks\FAQs CrossWorks.pdf
c:\program files (x86)\pst\Crossworks\Sample.xwd
c:\program files (x86)\pst\Crossworks\User Guide CrossWorks.pdf
c:\program files (x86)\pst\Crossworks\XAddRsp.exe
c:\program files (x86)\pst\Crossworks\Xworks.exe
c:\program files (x86)\pst\Crossworks\XWorksWhatsNew.txt
c:\program files (x86)\pst\Crossworks\XWStdExportPresets.PDM
c:\program files (x86)\pst\Discount\DefDPS.dat
c:\program files (x86)\pst\Discount\Radps.dll
c:\program files (x86)\pst\Discount\USA.dis
c:\program files (x86)\pst\eCADWorks Clipboard\ABECADCB.EXE
c:\program files (x86)\pst\eCADWorks Clipboard\DRAWINGS.DOC
c:\program files (x86)\pst\eCADWorks Clipboard\Drawings.xls
c:\program files (x86)\pst\eCADWorks Clipboard\FAQs eCADWorks Clipboard.pdf
c:\program files (x86)\pst\eCADWorks Clipboard\User Guide eCADWorks Clipboard.pdf
c:\program files (x86)\pst\eCADWorks\ABECAD.ACD
c:\program files (x86)\pst\eCADWorks\ABECAD.ACI
c:\program files (x86)\pst\eCADWorks\ABECAD.DWG
c:\program files (x86)\pst\eCADWorks\ABECAD.dwt
c:\program files (x86)\pst\eCADWorks\ABECADr2000-2002.arx
c:\program files (x86)\pst\eCADWorks\ABECADr2004-2006.arx
c:\program files (x86)\pst\eCADWorks\ABECADReadMe.txt
c:\program files (x86)\pst\eCADWorks\DRAWINGS.DOC
c:\program files (x86)\pst\eCADWorks\Drawings.xls
c:\program files (x86)\pst\eCADWorks\ecadworks2007-2009.arx
c:\program files (x86)\pst\eCADWorks\ecadworks2010.arx
c:\program files (x86)\pst\eCADWorks\FAQs eCADWorks.pdf
c:\program files (x86)\pst\eCADWorks\Templates\Proto3DINCH.dwt
c:\program files (x86)\pst\eCADWorks\Templates\Proto3DMM.dwt
c:\program files (x86)\pst\eCADWorks\Templates\Proto3VINCH.dwt
c:\program files (x86)\pst\eCADWorks\Templates\Proto3VMM.dwt
c:\program files (x86)\pst\eCADWorks\Thumbs.db
c:\program files (x86)\pst\eCADWorks\User Guide eCADWorks.pdf
c:\program files (x86)\pst\MCS Star\MCSGetDB.exe
c:\program files (x86)\pst\MCS Star\MCSLocID.pdm
c:\program files (x86)\pst\MCS Star\MCSStar.exe
c:\program files (x86)\pst\MCS Star\MCSStar_Default.mdb
c:\program files (x86)\pst\MCS Star\MCSStar_en.chm
c:\program files (x86)\pst\MCS Star\MCSStarSAVAT.CSV
c:\program files (x86)\pst\MCS Star\Projects\Sample.mcs
c:\program files (x86)\pst\MCS Star\README.pdf
c:\program files (x86)\pst\MCS Star\STDPROP.DFT
c:\program files (x86)\pst\MTBF\MTBF.rgd
c:\program files (x86)\pst\MTBF\MtbfApp.exe
c:\program files (x86)\pst\MTBF\MtbfLib.dll
c:\program files (x86)\pst\MTBF\RAISE.NET.dll
c:\program files (x86)\pst\MTBF\Symx.Raise.Model.dll
c:\program files (x86)\pst\MTBF\Symx.Raise.UI.dll
c:\program files (x86)\pst\MTBF\System.Data.SQLite.dll
c:\program files (x86)\pst\MTBF\system.data.sqlite64bit.dll
c:\program files (x86)\pst\MTBF\WeifenLuo.WinFormsUI.Docking.dll
c:\program files (x86)\pst\MTBF\weifenluo_license.txt
c:\program files (x86)\pst\ProposalWorks\abxref.dat
c:\program files (x86)\pst\ProposalWorks\AttachedServices_USA.csv
c:\program files (x86)\pst\ProposalWorks\AttachedServicesSettings.csv
c:\program files (x86)\pst\ProposalWorks\Bundled Services Template.dot
c:\program files (x86)\pst\ProposalWorks\CDSGenerator.dll
c:\program files (x86)\pst\ProposalWorks\cli_basetypes.dll
c:\program files (x86)\pst\ProposalWorks\cli_cppuhelper.dll
c:\program files (x86)\pst\ProposalWorks\cli_oootypes.dll
c:\program files (x86)\pst\ProposalWorks\cli_ure.dll
c:\program files (x86)\pst\ProposalWorks\cli_uretypes.dll
c:\program files (x86)\pst\ProposalWorks\COMPXREF.IMP
c:\program files (x86)\pst\ProposalWorks\CUSTDB.PDM
c:\program files (x86)\pst\ProposalWorks\customerpreparermaping.xml
c:\program files (x86)\pst\ProposalWorks\Discounts-2010.08.30-2011.02.28-.csv
c:\program files (x86)\pst\ProposalWorks\Discounts-2011.03.01-2011.09.30-.csv
c:\program files (x86)\pst\ProposalWorks\Discounts-2011.10.01-2012.08.26-.csv
c:\program files (x86)\pst\ProposalWorks\Discounts-2011.10.01-2012.09.26-.csv
c:\users\skirk\AppData\Local\assembly\tmp
c:\users\skirk\AppData\Roaming\Microsoft\Windows\Recent\Mail.url
C:\WindowsPODIUM.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
((((((((((((((((((((((((( Files Created from 2014-02-13 to 2014-03-13 )))))))))))))))))))))))))))))))
.
.
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\temp
2014-03-13 15:07 . 2014-03-13 15:07 -------- d-----w- c:\users\IAG\AppData\Local\temp
2014-03-12 22:21 . 2014-03-12 22:24 -------- d-----w- C:\AdwCleaner
2014-03-12 21:56 . 2014-03-12 21:56 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-03-12 17:32 . 2014-03-12 17:32 -------- d-----w- c:\users\skirk\AppData\Roaming\Malwarebytes
2014-03-12 07:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 07:32 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 07:32 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 07:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 23:08 . 2014-03-11 23:08 -------- d-----w- c:\users\TopLevelIAG\AppData\Roaming\Malwarebytes
2014-03-11 22:57 . 2014-03-11 22:57 -------- d-----w- c:\programdata\Malwarebytes
2014-03-11 22:57 . 2014-03-11 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-11 22:57 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-11 22:57 . 2014-03-11 22:57 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\Programs
2014-03-11 22:55 . 2014-03-11 22:55 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\ElevatedDiagnostics
2014-03-11 22:51 . 2014-03-11 22:51 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\Google
2014-03-11 22:51 . 2014-03-12 14:53 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\Box Sync
2014-03-11 22:51 . 2014-03-11 22:51 -------- d-----w- c:\users\TopLevelIAG\AppData\Roaming\Apple Computer
2014-03-11 22:51 . 2014-03-12 14:52 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\LogMeIn Hamachi
2014-03-11 22:51 . 2014-03-11 22:51 -------- d-----w- c:\users\TopLevelIAG\AppData\Local\LogMeIn
2014-03-04 19:51 . 2014-03-05 15:46 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028
2014-03-04 19:47 . 2014-03-04 19:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D775EA8D-D786-4EA4-AF81-5886E089D096}\offreg.dll
2014-03-01 00:02 . 2014-03-01 00:02 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-02-28 06:45 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D775EA8D-D786-4EA4-AF81-5886E089D096}\mpengine.dll
2014-02-26 01:45 . 2014-02-26 01:45 -------- d-----w- c:\windows\Migration
2014-02-13 15:22 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 15:22 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 04:48 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 04:48 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 04:48 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 04:48 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 00:44 . 2012-12-27 01:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:44 . 2012-12-27 01:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-04 19:51 . 2013-05-06 23:16 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-02-18 01:18 . 2012-03-19 23:57 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-31 20:49 . 2012-03-07 03:02 1488 ----a-w- c:\windows\SysWow64\RdcyReg.reg
2014-01-31 20:49 . 2012-03-07 03:02 1488 ----a-w- c:\windows\SysWow64\Rsvchost.reg
2013-12-19 04:09 . 2014-01-08 16:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 14:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Akamai NetSession Interface"="c:\users\skirk\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Box Edit"="c:\users\skirk\AppData\Local\Box\Box Edit\Box Edit.exe" [2013-12-18 470552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UsbCipHelper"="c:\program files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe" [2011-10-18 434176]
"Symantec Backup Exec System Recovery 2010"="c:\program files (x86)\Symantec\Backup Exec System Recovery\Agent\VProTray.exe" [2009-10-02 2596712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-18 291608]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-27 3814736]
.
c:\users\skirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\skirk\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ssPaSetMgr;Symantec.cloud Scheduler;c:\program files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe;c:\program files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [x]
R2 ssSpnAv;Symantec.cloud Endpoint Protection;c:\program files\Symantec.cloud\AntiVirus\AVAgent.exe;c:\program files\Symantec.cloud\AntiVirus\AVAgent.exe [x]
R3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelper.exe;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelper.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 LogReceiver;LogReceiver;c:\program files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe;c:\program files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
R3 pcidnt;pcidnt;c:\windows\System32\Drivers\pcidnt.sys;c:\windows\SYSNATIVE\Drivers\pcidnt.sys [x]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE;c:\windows\PSEXESVC.EXE [x]
R3 RAUSBCIP;RAUSBCIP;c:\windows\system32\drivers\rausbcipwdf.sys;c:\windows\SYSNATIVE\drivers\rausbcipwdf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe;c:\program files (x86)\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [x]
R3 silabser;Festo USB Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SimModuleService;1789-SIM Simulator Module;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe;c:\program files (x86)\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SsPaAdm;Symantec.cloud Cloud Agent;c:\program files\Symantec.cloud\PlatformAgent\ccSvcHst.exe;c:\program files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Endpoint Protection.cloud Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140311.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20140311.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys;c:\windows\SYSNATIVE\Drivers\VirtualBackplane.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 Backup Exec System Recovery;Backup Exec System Recovery;c:\program files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe;c:\program files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [x]
S2 ccSet_Cloud;CC Standalone Settings Manager;c:\windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys;c:\windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [x]
S2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [x]
S2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x]
S2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files (x86)\Common Files\Rockwell\FTAEArchiver.exe;c:\program files (x86)\Common Files\Rockwell\FTAEArchiver.exe [x]
S2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files (x86)\Common Files\Rockwell\FTAE_HistServ.exe;c:\program files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [x]
S2 FTSysDiagSvcHost;FTSysDiagSvcHost;c:\program files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe;c:\program files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [x]
S2 NIS;Endpoint Protection.cloud;c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe;c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NmspHost;Rockwell Namespace Services;c:\program files (x86)\Common Files\Rockwell\NmspHost.exe;c:\program files (x86)\Common Files\Rockwell\NmspHost.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RdcyHost;Rockwell Redundancy Services;c:\program files (x86)\Common Files\Rockwell\RdcyHost.exe;c:\program files (x86)\Common Files\Rockwell\RdcyHost.exe [x]
S2 RnaAeServer;Rockwell Alarm Server;c:\program files (x86)\Common Files\Rockwell\RnaAeServer.exe;c:\program files (x86)\Common Files\Rockwell\RnaAeServer.exe [x]
S2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files (x86)\Common Files\Rockwell\RnaAlarmMux.exe;c:\program files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [x]
S2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe;c:\program files (x86)\Rockwell Software\RSView Enterprise\ServerFramework.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EventServer;Rockwell Event Server;c:\program files (x86)\Common Files\Rockwell\EventServer.exe;c:\program files (x86)\Common Files\Rockwell\EventServer.exe [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 15:35 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 00:44]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:53]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-04 03:53]
.
2014-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119254589-3248773182-1858609496-1000Core.job
- c:\users\IAG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 16:56]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-119254589-3248773182-1858609496-1000UA.job
- c:\users\IAG\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 16:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-02 21:33 2331336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-02 21:33 2331336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-02 21:33 2331336 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\skirk\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"SymantecPaui"="c:\program files\Symantec.cloud\PlatformAgent\PAUI.exe" [2013-08-09 2403216]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-03-11 13157856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{19C55AA0-143A-4363-93FF-938EB7DDD1EC}\84F4D454D234332423: NameServer = 192.168.168.210
TCP: Interfaces\{19C55AA0-143A-4363-93FF-938EB7DDD1EC}\941474D2055524C49434: NameServer = 192.168.168.210
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
FF - ProfilePath - c:\users\skirk\AppData\Roaming\Mozilla\Firefox\Profiles\xwuw9u01.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RACurrTray.lnk - c:\program files (x86)\PST\Binaries\RACurrTray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-FESTCOMM&1E29&0102 - c:\program files (x86)\Festo\CPX-FMT\DRIVERS\DriverUninstaller.exe VCP CP210x Cardinal\FESTCOMM&1E29&0102
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Symantec.cloud\EndpointProtectionAgent\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
c:\program files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
c:\program files (x86)\COMMON FILES\ROCKWELL\RsvcHost.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Rockwell\RnaDirServer.exe
c:\program files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\users\skirk\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2014-03-13 08:19:55 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-13 15:19
.
Pre-Run: 192,115,703,808 bytes free
Post-Run: 204,237,438,976 bytes free
.
- - End Of File - - A78286F96BA8388675A75D71A57C9BE2

I have omitted 99% of the first section of the log. It is massive.
Please let me know if that is needed.

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 PM

Posted 19 March 2014 - 08:22 AM

Greetings Jackbull328 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 PM

Posted 22 March 2014 - 07:55 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 PM

Posted 24 March 2014 - 05:56 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users