Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost utilizing most memory resources


  • This topic is locked This topic is locked
8 replies to this topic

#1 splinter482

splinter482

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 19 July 2014 - 12:33 PM

I don't know what I have. Malwarebytes, Hitman, SuperAntispyware, etc. find no problems, but svchost hogs most memory for at least 30 minutes upon login, bringing all other processes to a painfully slow speed.

 

Any help that can be offered would be appreciated.

 

Thanks.

 

Attached File  attach.txt   8.73KB   0 downloads

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Derek at 13:03:49 on 2014-07-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2980.863 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\vcsFPService.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\N360.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\N360.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\PROGRA~1\Box\BOXSYN~1\BoxSync.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\N360.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - LocalServer32 - <no file>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.3.0.12\coieplg.dll
uRun: [Google Update] "C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
uRun: [GoogleChromeAutoLaunch_B9C7033751DE797094EA25EB4A81915F] "C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KeePass 2 PreLoad] "C:\Users\Derek\Dropbox\KeePass Password Safe 2\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [DellNetExtender] C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Derek\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: cruiseone.com
Trusted Zone: cruises.com
Trusted Zone: cruises.com
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://portal.fando.com/XTSAC.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://portal.fando.com/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} - hxxps://portal.fando.com/SWTSC.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8867F407-0275-4460-861B-7A38D46A2AD5} : DHCPNameServer = 8.8.8.8 8.8.4.4 4.2.2.2
TCP: Interfaces\{CCABEB92-82DC-44EB-AC8B-8D6E33C8B93F} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - LocalServer32 - <no file>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter scecli
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.3.0.12\CoIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [SonicWALLNetExtender] C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
x64-Run: [BoxSync] "c:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-23 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-3-23 21616]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1504000.00D\symds64.sys [2014-7-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1504000.00D\symefa64.sys [2014-7-15 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [2014-7-9 1530160]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2014-2-19 168096]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1504000.00D\ccsetx64.sys [2014-7-15 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140718.001\IDSviA64.sys [2014-7-18 525016]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1504000.00D\ironx64.sys [2014-7-15 264280]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-23 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-5-18 127752]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-7-30 358984]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2014-2-19 143928]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\n360.exe [2014-7-15 265040]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-3-23 27760]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-23 175168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-26 142128]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-23 317440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-3-23 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-3-23 181248]
R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\System32\drivers\NxDrv.sys [2010-12-2 24264]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-23 412264]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-6-19 593112]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2010-11-16 141192]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2014-4-14 28768]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-23 158976]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-11-12 40320]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-23 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-18 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2014-07-15 18:07:53 593112 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\symnets.sys
2014-07-15 18:07:53 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\symelam.sys
2014-07-15 18:07:53 1148120 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\symefa64.sys
2014-07-15 18:07:52 875736 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\srtsp64.sys
2014-07-15 18:07:52 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\symds64.sys
2014-07-15 18:07:52 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\srtspx64.sys
2014-07-15 18:07:51 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\ironx64.sys
2014-07-15 18:07:51 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1504000.00D\ccsetx64.sys
2014-07-15 18:06:24 -------- d-----w- C:\Windows\System32\drivers\N360x64\1504000.00D
2014-07-10 07:44:08 -------- d-----w- C:\Windows\SysWow64\Intuit
2014-07-09 18:07:50 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-09 18:02:50 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-09 18:02:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-09 18:02:49 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-09 13:21:06 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-08 20:31:25 11204096 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2014-07-08 20:31:40 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 20:31:40 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-19 14:27:31 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-18 22:24:34 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
.
============= FINISH: 13:06:01.71 ===============
 


Edited by hamluis, 19 July 2014 - 01:52 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 24 July 2014 - 08:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 splinter482

splinter482
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 26 July 2014 - 01:09 PM

Hi nasdaq,

 

Thank you for your assistance. See below and attached log files. I have tested, and the problem persists.

 

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Derek [Admin rights]
Mode : Remove -- Date : 07/26/2014  12:51:25
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 8 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) msi.dll - DllCanUnloadNow : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c2350
[EAT:Addr] (explorer.exe) msi.dll - DllGetClassObject : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c2130
[EAT:Addr] (explorer.exe) msi.dll - DllRegisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c1f70
[EAT:Addr] (explorer.exe) msi.dll - DllUnregisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c2060
[EAT:Addr] (explorer.exe) msi.dll - DllCanUnloadNow : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c2350
[EAT:Addr] (explorer.exe) msi.dll - DllGetClassObject : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c2130
[EAT:Addr] (explorer.exe) msi.dll - DllRegisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c1f70
[EAT:Addr] (explorer.exe) msi.dll - DllUnregisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fef56c2060
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEKT-75PVMT0 +++++
--- User ---
[MBR] f14fa01bdfcd97e11a67aeac8a96cd7c
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 208845 | Size: 23000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 47312845 | Size: 215372 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_07262014_124914.log
 
 
 
 
# AdwCleaner v3.216 - Report created 26/07/2014 at 13:01:36
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Derek - VOSTRO
# Running from : C:\Users\Derek\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Kellie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=360&amp;chn=retail&amp;geo=US&amp;ver=6&gct=sb&qsrc=2869
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.foodnetwork.com/search/search-results.html?searchTerm={searchTerms}&form=global&_charset_=UTF-8
 
[ File : C:\Users\Kellie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.disneystore.com/disney/store/DSISearch?Searchstr={searchTerms}&storeId=10051&catalogId=10002&langId=-1&pageCmdName=homeLandingPage&Ntx=mode+matchallpartial&N=0&Nu=pProductID&Nr=pPublished%3A1&Ntk=All_Shopping&Ntt=disney+frozen&D=disney+frozen&Dr=pPublished%3A1
Deleted [Search Provider] : hxxp://www.foodnetwork.com/search/search-results.html?searchTerm={searchTerms}&form=global&_charset_=UTF-8
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}&amp;o=15527&amp;l=dis&amp;prt=360&amp;chn=retail&amp;geo=US&amp;ver=6&gct=sb&qsrc=2869
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1
Deleted [Search Provider] : hxxp://www.disneystore.com/disney/store/DSISearch?Searchstr={searchTerms}&storeId=10051&catalogId=10002&langId=-1&pageCmdName=homeLandingPage&Ntx=mode+matchallpartial&N=0&Nu=pProductID&Nr=pPublished%3A1&Ntk=All_Shopping&Ntt=cruise&D=cruise&Dr=pPublished%3A1
Deleted [Extension] : dlmebkoiahbppacaicbgncnjhbpdfkcc
 
*************************
 
AdwCleaner[R0].txt - [3361 octets] - [26/07/2014 12:58:37]
AdwCleaner[S0].txt - [3714 octets] - [26/07/2014 13:01:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3774 octets] ##########
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Derek (administrator) on VOSTRO on 26-07-2014 13:30:58
Running from C:\Users\Derek\Desktop\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\n360.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Dropbox, Inc.) C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp 
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [SonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1281536 2013-10-24] (Dell)
HKLM\...\Run: [BoxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [13606960 2014-07-17] (Box, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Users\Derek\Dropbox\KeePass Password Safe 2\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [DellNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1281536 2013-10-24] (Dell)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-760091760-3840814353-2893001587-1003\...\Run: [Google Update] => C:\Users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-15] (Google Inc.)
HKU\S-1-5-21-760091760-3840814353-2893001587-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-760091760-3840814353-2893001587-1003\...\Run: [KeePass Password Safe 2] => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" 
HKU\S-1-5-21-760091760-3840814353-2893001587-1003\...\Run: [GoogleChromeAutoLaunch_B9C7033751DE797094EA25EB4A81915F] => C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-760091760-3840814353-2893001587-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-760091760-3840814353-2893001587-1003\...\MountPoints2: {c406e9a2-d994-11e1-8806-bc7737064f09} - E:\setup.exe -a
HKU\S-1-5-21-760091760-3840814353-2893001587-1003\...\MountPoints2: {c406e9f2-d994-11e1-8806-bc7737064f09} - E:\setup.exe -a
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Derek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {b973655f-b823-3729-abea-e88cb316ddd4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {a316141f-fa66-334c-8d40-a8f4e6d21080} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {a74ad9e8-37eb-31db-9026-8eda10d85860} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {c3de22fc-b307-320f-ba41-27d95101bbf3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Derek\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {A6FB5F4A-E88D-4E25-BF75-9B68BF5C268E} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://portal.fando.com/XTSAC.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://portal.fando.com/NELX.cab
DPF: HKLM-x32 {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} https://portal.fando.com/SWTSC.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll No File
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Derek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Derek\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-06-22]
 
Chrome: 
=======
CHR HomePage: hxxp://www.dell.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-13]
CHR Extension: (Adblock Plus) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-12-13]
CHR Extension: (NetExtender Launcher) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\comamnkieeagpjjdfonbapjefalbbgoj [2014-06-08]
CHR Extension: (Google Search) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-13]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2013-07-13]
CHR Extension: (Full Screen Weather) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-05-05]
CHR Extension: (Gist) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkdeicjlogpjofphmccgkaekkbhchfnc [2011-12-31]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-03-13]
CHR Extension: (Dropbox) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-05-05]
CHR Extension: (Google Play) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-05-05]
CHR Extension: (Evernote Web) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2012-02-06]
CHR Extension: (Norton Identity Protection) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-22]
CHR Extension: (Hangouts) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-06-04]
CHR Extension: (Google Wallet) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-02-06]
CHR Extension: (chromeIPass) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae [2013-02-26]
CHR Extension: (Evernote Web Clipper) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-02-06]
CHR Extension: (Gmail) - C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-13]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Derek\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28768 2014-04-14] (Box, Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-23] (SurfRight B.V.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 N360; C:\Program Files (x86)\Norton 360\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-10-24] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [589312 2013-10-24] (Dell)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.3.0.12\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-19] (Symantec Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-26] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.3.0.12\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-06-20] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140725.008\ENG64.SYS [126040 2014-06-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\Norton 360\NortonData\21.3.0.12\Definitions\VirusDefs\20140725.008\EX64.SYS [2099288 2014-06-19] (Symantec Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-12-02] (SonicWALL Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-26 13:28 - 2014-07-26 13:31 - 00000000 ____D () C:\FRST
2014-07-26 13:20 - 2014-07-26 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-26 13:19 - 2014-07-26 13:19 - 00000000 ___HD () C:\Users\Derek\.boxsync
2014-07-26 13:17 - 2014-07-26 13:17 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-26 13:16 - 2014-07-26 13:30 - 00000000 ____D () C:\Users\Derek\Desktop\FRST
2014-07-26 13:13 - 2014-07-26 13:14 - 02093568 _____ (Farbar) C:\Users\Derek\Downloads\FRST64.exe
2014-07-26 13:11 - 2014-07-26 13:11 - 00003854 _____ () C:\Users\Derek\Desktop\AdwCleaner[S0].txt
2014-07-26 13:09 - 2014-07-26 13:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-26 12:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-26 12:58 - 2014-07-26 13:03 - 00000000 ____D () C:\AdwCleaner
2014-07-26 12:55 - 2014-07-26 12:55 - 01354223 _____ () C:\Users\Derek\Downloads\AdwCleaner.exe
2014-07-26 12:08 - 2014-07-26 12:08 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-26 12:08 - 2014-07-26 12:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-26 12:07 - 2014-07-26 12:07 - 05379160 _____ () C:\Users\Derek\Downloads\RogueKillerX64.exe
2014-07-20 21:11 - 2014-07-20 21:11 - 00003975 _____ () C:\Users\Derek\Downloads\table (1).csv
2014-07-20 19:34 - 2014-07-20 19:34 - 00081478 _____ () C:\Users\Derek\Downloads\table.csv
2014-07-20 19:08 - 2014-07-20 19:08 - 00880494 _____ () C:\Users\Derek\Downloads\PIMCO_Index_HistoricalData_07-20-2014.xls
2014-07-20 19:04 - 2014-07-20 19:04 - 00005634 _____ () C:\Users\Derek\Downloads\ftbo.csv
2014-07-20 18:21 - 2014-07-20 18:21 - 00021063 _____ () C:\Users\Derek\Downloads\Vacation Time Analysis.xlsx
2014-07-19 13:06 - 2014-07-19 13:07 - 00008937 _____ () C:\Users\Derek\Desktop\attach.txt
2014-07-19 13:06 - 2014-07-19 13:06 - 00027877 _____ () C:\Users\Derek\Desktop\dds.txt
2014-07-19 12:59 - 2014-07-19 12:59 - 00688992 ____R (Swearware) C:\Users\Derek\Downloads\dds.com
2014-07-15 13:58 - 2014-07-15 13:58 - 00000000 __SHD () C:\Users\Kellie\AppData\Local\EmieUserList
2014-07-15 13:58 - 2014-07-15 13:58 - 00000000 __SHD () C:\Users\Kellie\AppData\Local\EmieSiteList
2014-07-10 03:44 - 2014-07-10 03:44 - 00000000 ____D () C:\Windows\SysWOW64\Intuit
2014-07-09 14:08 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 14:08 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 14:08 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 14:08 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 14:08 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 14:08 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 14:08 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 14:08 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 14:08 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 14:08 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 14:08 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 14:08 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 14:08 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 14:08 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 14:08 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 14:08 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 14:08 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 14:08 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 14:08 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 14:08 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 14:08 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 14:08 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 14:08 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 14:08 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 14:08 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 14:08 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 14:08 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 14:08 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 14:08 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 14:08 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 14:08 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 14:08 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 14:08 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 14:08 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 14:08 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 14:08 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 14:08 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 14:08 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 14:08 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 14:08 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 14:08 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 14:08 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 14:08 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 14:08 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 14:08 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 14:08 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 14:08 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 14:08 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 14:08 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 14:08 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 14:08 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 14:08 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 14:08 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 14:08 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 14:08 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 14:08 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 14:08 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 14:08 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 14:07 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 14:07 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 14:07 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 14:07 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 14:07 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 14:07 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 14:07 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 14:07 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 14:07 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 14:07 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 14:07 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 14:07 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 14:07 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 14:07 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 14:07 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 14:07 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 14:07 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 14:07 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 14:07 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 14:07 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 14:02 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 14:02 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 14:02 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:21 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-09 09:21 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-09 09:21 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-09 09:21 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-09 09:20 - 2014-07-09 09:21 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-08 16:31 - 2014-07-08 16:31 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-26 13:37 - 2013-07-13 22:11 - 00000000 ____D () C:\Users\Derek\AppData\Local\Box Sync
2014-07-26 13:31 - 2014-07-26 13:28 - 00000000 ____D () C:\FRST
2014-07-26 13:31 - 2012-08-01 12:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 13:31 - 2011-11-06 17:03 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 13:31 - 2011-11-06 17:03 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 13:30 - 2014-07-26 13:16 - 00000000 ____D () C:\Users\Derek\Desktop\FRST
2014-07-26 13:29 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 13:29 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 13:26 - 2009-07-14 01:10 - 01489989 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 13:24 - 2011-10-12 20:14 - 00000000 ____D () C:\Users\Derek\AppData\Roaming\Dropbox
2014-07-26 13:23 - 2011-10-12 20:30 - 00000000 ___RD () C:\Users\Derek\Dropbox
2014-07-26 13:21 - 2011-10-12 20:15 - 00000000 ____D () C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-26 13:20 - 2014-07-26 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-26 13:19 - 2014-07-26 13:19 - 00000000 ___HD () C:\Users\Derek\.boxsync
2014-07-26 13:19 - 2011-05-15 14:59 - 00000000 ____D () C:\Users\Derek
2014-07-26 13:17 - 2014-07-26 13:17 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-07-26 13:14 - 2014-07-26 13:13 - 02093568 _____ (Farbar) C:\Users\Derek\Downloads\FRST64.exe
2014-07-26 13:14 - 2013-07-13 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2014-07-26 13:11 - 2014-07-26 13:11 - 00003854 _____ () C:\Users\Derek\Desktop\AdwCleaner[S0].txt
2014-07-26 13:10 - 2012-05-02 22:01 - 00000000 ___RD () C:\Users\Derek\Google Drive
2014-07-26 13:10 - 2011-05-22 16:14 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-07-26 13:09 - 2014-07-26 13:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-07-26 13:08 - 2014-06-22 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-26 13:08 - 2014-05-02 10:49 - 00002510 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-26 13:08 - 2013-03-14 07:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 13:08 - 2013-03-14 07:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 13:08 - 2012-05-23 16:17 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-07-26 13:08 - 2011-03-23 12:50 - 00965058 _____ () C:\Windows\PFRO.log
2014-07-26 13:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 13:08 - 2009-07-14 00:51 - 00058050 _____ () C:\Windows\setupact.log
2014-07-26 13:03 - 2014-07-26 12:58 - 00000000 ____D () C:\AdwCleaner
2014-07-26 13:01 - 2011-05-15 15:21 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-760091760-3840814353-2893001587-1003UA.job
2014-07-26 12:58 - 2012-08-27 20:58 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-760091760-3840814353-2893001587-1001UA.job
2014-07-26 12:55 - 2014-07-26 12:55 - 01354223 _____ () C:\Users\Derek\Downloads\AdwCleaner.exe
2014-07-26 12:08 - 2014-07-26 12:08 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-26 12:08 - 2014-07-26 12:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-26 12:07 - 2014-07-26 12:07 - 05379160 _____ () C:\Users\Derek\Downloads\RogueKillerX64.exe
2014-07-25 21:01 - 2011-05-15 15:21 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-760091760-3840814353-2893001587-1003Core.job
2014-07-25 13:58 - 2012-08-27 20:58 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-760091760-3840814353-2893001587-1001Core.job
2014-07-24 03:03 - 2013-03-14 08:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-20 22:51 - 2013-04-14 18:47 - 00000000 ____D () C:\Users\Derek\.thinkorswim
2014-07-20 22:51 - 2011-10-26 21:12 - 00000000 ____D () C:\Program Files (x86)\thinkTDA
2014-07-20 21:11 - 2014-07-20 21:11 - 00003975 _____ () C:\Users\Derek\Downloads\table (1).csv
2014-07-20 19:34 - 2014-07-20 19:34 - 00081478 _____ () C:\Users\Derek\Downloads\table.csv
2014-07-20 19:08 - 2014-07-20 19:08 - 00880494 _____ () C:\Users\Derek\Downloads\PIMCO_Index_HistoricalData_07-20-2014.xls
2014-07-20 19:04 - 2014-07-20 19:04 - 00005634 _____ () C:\Users\Derek\Downloads\ftbo.csv
2014-07-20 18:21 - 2014-07-20 18:21 - 00021063 _____ () C:\Users\Derek\Downloads\Vacation Time Analysis.xlsx
2014-07-20 12:44 - 2011-08-02 20:45 - 00000000 ____D () C:\Users\Kellie\Desktop\Resume
2014-07-19 13:07 - 2014-07-19 13:06 - 00008937 _____ () C:\Users\Derek\Desktop\attach.txt
2014-07-19 13:06 - 2014-07-19 13:06 - 00027877 _____ () C:\Users\Derek\Desktop\dds.txt
2014-07-19 12:59 - 2014-07-19 12:59 - 00688992 ____R (Swearware) C:\Users\Derek\Downloads\dds.com
2014-07-17 21:04 - 2012-08-27 21:02 - 00002371 _____ () C:\Users\Kellie\Desktop\Google Chrome.lnk
2014-07-15 13:58 - 2014-07-15 13:58 - 00000000 __SHD () C:\Users\Kellie\AppData\Local\EmieUserList
2014-07-15 13:58 - 2014-07-15 13:58 - 00000000 __SHD () C:\Users\Kellie\AppData\Local\EmieSiteList
2014-07-15 13:57 - 2011-10-22 15:55 - 00000000 ____D () C:\Users\Derek\AppData\Local\CrashDumps
2014-07-10 17:15 - 2014-03-27 16:44 - 00695808 ___SH () C:\Users\Kellie\Downloads\Thumbs.db
2014-07-10 13:25 - 2011-07-06 17:22 - 02438656 ___SH () C:\Users\Kellie\Desktop\Thumbs.db
2014-07-10 08:02 - 2013-07-14 07:11 - 00000000 ____D () C:\Users\Kellie\AppData\Local\Box Sync
2014-07-10 05:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:50 - 2014-03-20 07:00 - 00004690 _____ () C:\stp.log
2014-07-10 03:47 - 2009-07-14 00:45 - 00412296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:44 - 2014-07-10 03:44 - 00000000 ____D () C:\Windows\SysWOW64\Intuit
2014-07-10 03:42 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 03:42 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:22 - 2011-05-15 14:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:11 - 2013-08-18 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:07 - 2011-06-04 14:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 09:22 - 2014-02-23 23:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-09 09:21 - 2014-07-09 09:20 - 00004430 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-09 09:21 - 2011-03-23 11:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-08 16:31 - 2014-07-08 16:31 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 16:31 - 2012-08-01 12:03 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:31 - 2012-08-01 12:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:31 - 2011-06-07 07:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 07:52 - 2012-05-02 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-29 22:09 - 2014-07-09 14:08 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 14:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Some content of TEMP:
====================
C:\Users\Derek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrcy00.dll
C:\Users\Derek\AppData\Local\Temp\log4net.dll
C:\Users\Derek\AppData\Local\Temp\Quarantine.exe
C:\Users\Derek\AppData\Local\Temp\SyncRestarter.exe
C:\Users\Derek\AppData\Local\Temp\sync_upgrader.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 00:54
 
==================== End Of Log ============================
 
 
 
Attached File  Addition.txt   49.37KB   1 downloads

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 26 July 2014 - 01:34 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-03-23]
CHR Plugin: (Shockwave Flash) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
C:\Users\Derek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrcy00.dll
C:\Users\Derek\AppData\Local\Temp\log4net.dll
C:\Users\Derek\AppData\Local\Temp\SyncRestarter.exe
C:\Users\Derek\AppData\Local\Temp\sync_upgrader.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 splinter482

splinter482
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 26 July 2014 - 03:08 PM

svchost (LocalSystemNetworkRestricted) still using a ton of resources, and I've been rebooted for a solid 10 minutes...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Derek at 2014-07-26 15:31:27 Run:1
Running from C:\Users\Derek\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program
Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files
(x86)\DigitalPersona\Bin\FirefoxExt [2011-03-23]
CHR Plugin: (Shockwave Flash) - C:\Users\Derek\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No
File
C:\Users\Derek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrcy00.dll
C:\Users\Derek\AppData\Local\Temp\log4net.dll
C:\Users\Derek\AppData\Local\Temp\SyncRestarter.exe
C:\Users\Derek\AppData\Local\Temp\sync_upgrader.exe
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\intu-help-qb4" => Key deleted successfully.
"HKCR\CLSID\{ACE22922-D07C-4860-B51B-8CF472FEC2CB}" => Key not found.
"HKCR\PROTOCOLS\Handler\qbwc" => Key deleted successfully.
"HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}" => Key not found.
"HKCR\PROTOCOLS\Handler\tmpx" => Key deleted successfully.
"HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\intu-help-qb4" => Key not found.
"HKCR\Wow6432Node\CLSID\{ACE22922-D07C-4860-B51B-8CF472FEC2CB}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\tmpx" => Key not found.
"HKCR\Wow6432Node\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully.
FF Extension: DigitalPersona Extension - C:\Program Files not found.
(x86)\DigitalPersona\Bin\FirefoxExt [2011-03-23] => Error: No automatic fix found for this entry.
C:\Users\Derek\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
File => Error: No automatic fix found for this entry.
"C:\Users\Derek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgrcy00.dll" => File/Directory not found.
C:\Users\Derek\AppData\Local\Temp\log4net.dll => Moved successfully.
C:\Users\Derek\AppData\Local\Temp\SyncRestarter.exe => Moved successfully.
C:\Users\Derek\AppData\Local\Temp\sync_upgrader.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 60  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 ESET NOD32 Antivirus egui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 27 July 2014 - 06:56 AM

Refer to this article.

http://social.technet.microsoft.com/Forums/windows/en-US/f23f7cfb-cda7-45e0-9b0c-39e490d4b5cd/svchostexe-localsystemnetworkrestricted-using-45-mem-virus?forum=w7itprosecurity

Look at the last two messages. The Superfetch service may be the cause of some drivers need to be updated.

From the Start > run box
type services.msc disable the Superfetch service.

Restart the computer normally.

If you need to check for some driver issues check with this tool.

Secunia Personal Software Inspector (PSI)
http://secunia.com/vulnerability_scanning/personal/
Secunia PSI is a security scanner which identifies programs/drivers that are damaged OR needs to be updated.

===

When all is well I suggest you the the latest JAVA version.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 60

===

#7 splinter482

splinter482
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 July 2014 - 11:27 AM

I've completed these steps, the performance has improved, and svchost is behaving itself.

 

Thank you very much for the help!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 30 July 2014 - 01:14 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 AM

Posted 05 August 2014 - 08:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users