Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AlLChheapPricei and rootkit concerns


  • This topic is locked This topic is locked
11 replies to this topic

#1 hotFORbugs

hotFORbugs

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 22 July 2014 - 06:16 PM

I recently came up against a nasty called AlLChheapPricei (which I *think* is now gone), and suspect someone at work has been trying to rootkit me.  Could someone kind and wise take a look at my logs and tell me what to do about any unresolved lurkers?  Thanks in advance :)

I have included logs for dds, hijackthis, and combofix.  Combofix took about an hour to run - maybe that's a bit slow.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 AM

Posted 27 July 2014 - 06:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541939 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hotFORbugs

hotFORbugs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 03 August 2014 - 05:36 AM

Thank you Mr Helpbot!  And yes I do still need help.  Here is the log and the additional info:

 

Windows 7, 64-bit.  I don't have the installation CD.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16866
Run by steve at 11:17:31 on 2014-08-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2415 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k networkservice
c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
C:\Program Files (x86)\iSafe\iSafeSvc.exe
C:\Program Files (x86)\iSafe\iSafeSvc2.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
c:\windows\system32\svchost.exe -k localservice
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\iSafe\ipcdl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\svchost.exe -k localservicepeernet
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{EA8A821D-59F0-49BC-A484-0C6A91958568} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{EA8A821D-59F0-49BC-A484-0C6A91958568}\244584F6D656845726D234230323 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys [2014-7-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys [2014-7-10 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-23 1530160]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys [2014-7-10 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140731.001\IDSviA64.sys [2014-8-1 525016]
R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-7-16 247488]
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [2014-7-16 78016]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [2014-7-16 65216]
R1 iSafeNetFilter;iSafeNetFilter NDIS Driver;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-7-16 48640]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys [2014-7-10 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys [2014-7-10 593112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-1 203264]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [2009-9-2 383544]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 iSafeService;iSafeService;C:\Program Files (x86)\iSafe\iSafeSvc.exe [2014-7-16 118048]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe [2014-7-10 276376]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-19 1692480]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-3-19 47672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-19 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-11 142128]
R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2014-7-16 25568]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-3-19 34872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2013-9-17 31744]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-7-16 45248]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-3 25584]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-1 216576]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-1-1 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-7 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-29 1255736]
S4 MSSQL$DB;SQL Server (DB);C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2012-12-29 192000]
S4 MSSQL$MYOP;SQL Server (MYOP);C:\Program Files\Microsoft SQL Server\MSSQL11.INTHRO\MSSQL\Binn\sqlservr.exe [2012-12-29 192000]
S4 MSSQLFDLauncher$MYOP;SQL Full-text Filter Daemon Launcher (MYOP);C:\Program Files\Microsoft SQL Server\MSSQL11.INTHRO\MSSQL\Binn\fdlauncher.exe [2012-2-11 49752]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]
S4 ReportServer$MYOP;SQL Server Reporting Services (MYOP);C:\Program Files\Microsoft SQL Server\MSRS11.INTHRO\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-10-20 2423792]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 RsFx0201;RsFx0201 Driver;C:\Windows\System32\drivers\RsFx0201.sys [2012-10-20 336880]
S4 SQLAgent$DB;SQL Server Agent (DB);C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-12-29 612864]
S4 SQLAgent$MYOP;SQL Server Agent (MYOP);C:\Program Files\Microsoft SQL Server\MSSQL11.INTHRO\MSSQL\Binn\SQLAGENT.EXE [2012-12-29 612864]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-08-03 07:51:24 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-03 07:50:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-03 07:50:28 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-03 07:50:28 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-03 07:50:28 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-02 09:58:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-02 09:58:27 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-23 11:07:58 -------- d-----w- C:\Users\steve\AppData\Roaming\Wise Registry Cleaner
2014-07-23 11:07:50 -------- d-----w- C:\Program Files (x86)\Wise
2014-07-22 21:52:02 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-22 20:56:08 -------- d-----w- C:\ComboFix
2014-07-22 08:13:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-22 08:13:34 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-22 08:07:51 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-22 08:07:51 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-20 10:35:19 -------- d-----w- C:\Users\steve\AppData\Roaming\CDTPL
2014-07-20 10:35:18 -------- d-----w- C:\ProgramData\CDTPL
2014-07-20 10:32:11 -------- d-----w- C:\Program Files (x86)\Common Files\CDTPL
2014-07-20 10:32:08 -------- d-----w- C:\Program Files (x86)\FREE MSG File Viewer
2014-07-17 07:38:22 98816 ----a-w- C:\Windows\sed.exe
2014-07-17 07:38:22 256000 ----a-w- C:\Windows\PEV.exe
2014-07-17 07:38:22 208896 ----a-w- C:\Windows\MBR.exe
2014-07-16 22:43:09 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-16 20:15:10 -------- d-----w- C:\Users\steve\AppData\Roaming\eCyber
2014-07-16 20:14:54 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-07-16 20:14:52 -------- d-----w- C:\Windows\System32\log
2014-07-16 20:14:26 -------- d-----w- C:\Program Files (x86)\iSafe
2014-07-16 20:14:14 -------- d-----w- C:\Users\steve\AppData\Roaming\iSafe
2014-07-16 15:10:40 -------- d-----w- C:\Users\steve\AppData\Local\{29646679-C2DE-4BF2-B11A-A14F6BC0EB6B}
2014-07-16 09:21:30 25568 ----a-w- C:\Windows\System32\drivers\KeyCrypt64.sys
2014-07-16 09:21:30 -------- d-----w- C:\Program Files (x86)\KeyCryptSDK
2014-07-16 09:21:29 -------- d-----w- C:\Users\steve\AppData\Local\AntiLogger Free
2014-07-16 09:21:29 -------- d-----w- C:\Program Files (x86)\Zemana AntiLogger Free
2014-07-15 15:01:41 -------- d-----w- C:\Users\steve\AppData\Roaming\Wireshark
2014-07-15 14:12:33 -------- d-----w- C:\Program Files\Wireshark
2014-07-10 18:59:18 -------- d-----w- C:\Users\steve\AppData\Local\{69710375-25AA-46C9-BBC9-8AF637B8F421}
2014-07-10 11:35:38 875736 ----a-w- C:\Windows\System32\drivers\NISx64\1504000.00D\srtsp64.sys
2014-07-10 11:35:38 593112 ----a-w- C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys
2014-07-10 11:35:38 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys
2014-07-10 11:35:38 36952 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\srtspx64.sys
2014-07-10 11:35:38 264280 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys
2014-07-10 11:35:38 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\symelam.sys
2014-07-10 11:35:38 1148120 ----a-w- C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys
2014-07-10 11:35:37 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys
2014-07-10 11:34:43 -------- d-----w- C:\Windows\System32\drivers\NISx64\1504000.00D
2014-07-09 23:57:07 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-09 23:57:06 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-09 23:57:06 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 23:57:06 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 23:57:05 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 23:57:05 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 23:57:05 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 23:55:35 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-09 23:55:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-09 23:55:34 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
.
==================== Find3M  ====================
.
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
============= FINISH: 11:19:42.73 ===============


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 AM

Posted 04 August 2014 - 07:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 AM

Posted 09 August 2014 - 07:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 AM

Posted 10 August 2014 - 08:30 AM

This topic has been re-opened at the request of the person who originally posted.

#7 hotFORbugs

hotFORbugs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 August 2014 - 09:54 AM

 
Thanks Nasdaq - here are the logs:
 
MBAM
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/08/2014
Scan Time: 22:00:21
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.04.07
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: steve
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 497206
Time Elapsed: 38 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
AdwCleaner
 
# AdwCleaner v3.304 - Report created 09/08/2014 at 23:29:59
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : steve - STEVE-PC
# Running from : C:\Users\steve\Downloads\adwcleaner_3.304.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\ProgramData\SaearCh-NewTab
Folder Found : C:\ProgramData\saVaeansharre
Folder Found : C:\Users\steve\AppData\LocalLow\SaearCh-NewTab
Folder Found : C:\Users\steve\AppData\LocalLow\saVaeansharre
Folder Found : C:\Users\steve\AppData\Roaming\eCyber
Folder Found : C:\Users\steve\AppData\Roaming\iSafe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\Software\iSafe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16866
 
 
-\\ Mozilla Firefox v30.0 (en-GB)
 
[ File : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1159 octets] - [09/08/2014 23:29:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1219 octets] ##########
 
 
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01
Ran by steve (administrator) on STEVE-PC on 09-08-2014 23:54:38
Running from C:\Users\steve\Desktop\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices) C:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [12720848 2014-08-04] (Zemana Ltd.)
HKU\S-1-5-21-791417803-505123121-3047711749-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll [90448 2014-08-04] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll [83208 2014-08-04] (Zemana Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\MSSQL$DB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\MSSQL$MYOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\MSSQLFDLauncher$MYOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\MSSQLSERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\ReportServer$MYOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {072D7692-3359-4AF0-BAB3-08A8502F8553} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {FC7F10CC-83E1-4F5E-8ECF-3E2000DE4A58} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Selenium IDE: C# Formatters - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default\Extensions\csharpformatters@seleniumhq.org.xpi [2014-06-12]
FF Extension: Selenium IDE: Java Formatters - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default\Extensions\javaformatters@seleniumhq.org.xpi [2014-06-12]
FF Extension: Selenium IDE: Python Formatters - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default\Extensions\pythonformatters@seleniumhq.org.xpi [2014-06-12]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default\Extensions\rubyformatters@seleniumhq.org.xpi [2014-06-12]
FF Extension: Selenium IDE - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\ln0ens7f.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2014-06-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\IPSFF [2014-08-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.4.0.13\coFFPlgn [2014-08-09]
 
Chrome: 
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR DefaultSearchKeyword: google
CHR DefaultNewTabURL: 
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-18]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-18]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-18]
CHR Extension: (Norton Identity Safe) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-09]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMDFusionSVC; c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [383544 2009-09-02] (Advanced Micro Devices)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S4 MSSQL$DB; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
S4 MSSQL$MYOP; c:\Program Files\Microsoft SQL Server\MSSQL11.INTHRO\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
S4 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
S4 MSSQLFDLauncher$MYOP; c:\Program Files\Microsoft SQL Server\MSSQL11.INTHRO\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S4 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL11.JOHN\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
S4 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14246 2014-02-13] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe [276376 2014-07-31] (Symantec Corporation)
S4 ReportServer$MYOP; c:\Program Files\Microsoft SQL Server\MSRS11.INTHRO\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2423792 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$DB; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S4 SQLAgent$MYOP; c:\Program Files\Microsoft SQL Server\MSSQL11.INTHRO\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL11.JOHN\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1505000.013\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-08] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\IPSDefs\20140808.002\IDSvia64.sys [525016 2014-08-08] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2014-08-04] (Zemana Ltd.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\VirusDefs\20140809.004\ENG64.SYS [126040 2014-08-08] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.4.0.13\Definitions\VirusDefs\20140809.004\EX64.SYS [2099288 2014-08-08] (Symantec Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1505000.013\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 23:51 - 2014-08-09 23:54 - 00000000 ____D () C:\Users\steve\Desktop\FRST
2014-08-09 23:50 - 2014-08-09 23:54 - 00000000 ____D () C:\FRST
2014-08-09 23:49 - 2014-08-09 23:49 - 02093568 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2014-08-09 23:34 - 2014-08-09 23:34 - 00001299 _____ () C:\Users\steve\Desktop\AdwCleaner[R0].txt
2014-08-09 23:29 - 2014-08-09 23:35 - 00000000 ____D () C:\AdwCleaner
2014-08-08 23:01 - 2014-08-08 23:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-08 22:51 - 2014-08-08 23:01 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-08 22:51 - 2014-08-08 22:51 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 22:51 - 2014-08-08 22:51 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 22:51 - 2014-08-08 22:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-08 22:49 - 2014-08-08 23:01 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-08 22:49 - 2014-08-08 23:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-08 22:49 - 2014-08-08 22:49 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-08 22:25 - 2014-08-09 19:53 - 00000000 ____D () C:\Users\steve\AppData\Local\LogMeIn Rescue Applet
2014-08-08 22:21 - 2014-08-08 22:21 - 00000009 _____ () C:\Users\steve\Desktop\caseID.txt
2014-08-08 22:18 - 2014-08-08 22:18 - 00000000 ____D () C:\Users\steve\Desktop\parents
2014-08-08 21:43 - 2014-08-08 21:44 - 00000000 ____D () C:\NPE
2014-08-06 20:53 - 2014-08-06 22:33 - 00001708 _____ () C:\Users\steve\Desktop\to do.txt
2014-08-04 22:53 - 2014-08-04 22:53 - 00001054 _____ () C:\Users\steve\Desktop\MBAM.txt
2014-08-04 21:56 - 2014-08-08 20:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-04 21:56 - 2014-08-04 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 08:51 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 08:51 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 08:51 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 08:51 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 08:50 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 08:50 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 08:50 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 08:50 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 08:50 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 08:50 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 08:50 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 08:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 08:50 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 08:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 10:58 - 2014-08-02 10:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 10:58 - 2014-08-02 10:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 09:53 - 2014-08-02 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-02 09:53 - 2014-08-02 09:53 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-23 12:59 - 2014-07-23 12:59 - 00019971 _____ () C:\Users\steve\AppData\Local\recently-used.xbel
2014-07-23 12:07 - 2014-07-23 12:48 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Wise Registry Cleaner
2014-07-23 12:07 - 2014-07-23 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-23 12:07 - 2014-07-23 12:07 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-07-22 23:51 - 2014-08-09 23:37 - 00001848 _____ () C:\Windows\setupact.log
2014-07-22 23:51 - 2014-07-22 23:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 23:50 - 2014-08-09 23:36 - 00367528 _____ () C:\Windows\PFRO.log
2014-07-22 22:51 - 2014-07-22 22:51 - 00017690 _____ () C:\ComboFix.txt
2014-07-22 21:56 - 2014-07-22 22:53 - 00000000 ____D () C:\ComboFix
2014-07-22 09:13 - 2014-05-06 06:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-22 09:13 - 2014-05-06 06:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-22 09:13 - 2014-05-06 04:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-22 09:13 - 2014-05-06 04:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-22 09:13 - 2014-05-06 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-22 09:13 - 2014-05-06 04:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-22 09:07 - 2013-12-21 10:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-22 09:07 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-22 08:23 - 2014-03-13 07:33 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-22 08:23 - 2014-03-13 07:33 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-22 08:23 - 2014-03-13 07:33 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-22 08:23 - 2014-03-13 07:32 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-22 08:23 - 2014-03-13 07:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-22 08:23 - 2014-03-13 07:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-22 08:23 - 2014-03-13 07:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-22 08:23 - 2014-03-13 07:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-22 08:23 - 2014-03-13 07:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-22 08:23 - 2014-03-13 07:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-22 08:23 - 2014-03-13 07:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-22 08:23 - 2014-03-13 07:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-22 08:23 - 2014-03-13 07:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-22 08:23 - 2014-03-13 07:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-22 08:23 - 2014-03-13 06:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-22 08:23 - 2014-03-13 06:10 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-22 08:23 - 2014-03-13 06:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-22 08:23 - 2014-03-13 04:59 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-22 08:23 - 2014-03-13 04:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 ____D () C:\Users\steve\AppData\Roaming\CDTPL
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 ____D () C:\ProgramData\CDTPL
2014-07-20 11:32 - 2014-07-20 11:36 - 00000000 ____D () C:\Program Files (x86)\FREE MSG File Viewer
2014-07-20 11:32 - 2014-07-20 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE MSG File Viewer
2014-07-17 08:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-17 08:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-17 08:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-17 08:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-17 08:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-17 08:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-17 08:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-17 08:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-16 23:43 - 2014-07-16 23:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-16 23:23 - 2014-07-22 22:51 - 00000000 ____D () C:\Qoobox
2014-07-16 23:23 - 2014-07-22 22:43 - 00000000 ____D () C:\Windows\erdnt
2014-07-16 21:14 - 2014-07-16 21:14 - 00000000 ____D () C:\Windows\system32\log
2014-07-16 21:14 - 2014-07-16 04:44 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-16 16:10 - 2014-07-16 16:10 - 00000000 ____D () C:\Users\steve\AppData\Local\{29646679-C2DE-4BF2-B11A-A14F6BC0EB6B}
2014-07-16 10:21 - 2014-08-08 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2014-07-16 10:21 - 2014-08-08 20:43 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-07-16 10:21 - 2014-08-08 20:43 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-07-16 10:21 - 2014-08-04 20:26 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\steve\AppData\Local\AntiLogger Free
2014-07-15 18:50 - 2014-07-15 18:50 - 00003208 _____ () C:\Windows\System32\Tasks\{42176D63-6AFE-4AC9-86BE-D4E616D91816}
2014-07-15 16:01 - 2014-07-15 16:01 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Wireshark
2014-07-15 15:12 - 2014-07-16 15:32 - 00000000 ____D () C:\Program Files\Wireshark
2014-07-10 19:59 - 2014-07-10 19:59 - 00000000 ____D () C:\Users\steve\AppData\Local\{69710375-25AA-46C9-BBC9-8AF637B8F421}
2014-07-10 00:57 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 00:57 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 00:56 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 00:56 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 00:56 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 00:56 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 00:56 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 00:56 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 00:56 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 00:56 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 00:56 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 00:56 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 00:56 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 00:56 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 00:56 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 00:56 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 00:56 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 00:56 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 00:56 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 00:56 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 00:55 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 00:55 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 00:55 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-09 23:54 - 2014-08-09 23:51 - 00000000 ____D () C:\Users\steve\Desktop\FRST
2014-08-09 23:54 - 2014-08-09 23:50 - 00000000 ____D () C:\FRST
2014-08-09 23:50 - 2009-07-14 06:10 - 01905631 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 23:49 - 2014-08-09 23:49 - 02093568 _____ (Farbar) C:\Users\steve\Downloads\FRST64.exe
2014-08-09 23:44 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 23:44 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 23:39 - 2010-03-19 04:32 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-08-09 23:38 - 2010-07-27 17:22 - 00000000 ____D () C:\Users\steve\AppData\Local\SoftThinks
2014-08-09 23:38 - 2010-03-19 05:08 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-08-09 23:38 - 2010-03-19 05:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-08-09 23:37 - 2014-07-22 23:51 - 00001848 _____ () C:\Windows\setupact.log
2014-08-09 23:37 - 2014-05-18 19:28 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 23:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 23:36 - 2014-07-22 23:50 - 00367528 _____ () C:\Windows\PFRO.log
2014-08-09 23:35 - 2014-08-09 23:29 - 00000000 ____D () C:\AdwCleaner
2014-08-09 23:34 - 2014-08-09 23:34 - 00001299 _____ () C:\Users\steve\Desktop\AdwCleaner[R0].txt
2014-08-09 23:33 - 2014-05-18 19:28 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 19:53 - 2014-08-08 22:25 - 00000000 ____D () C:\Users\steve\AppData\Local\LogMeIn Rescue Applet
2014-08-08 23:01 - 2014-08-08 23:01 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-08-08 23:01 - 2014-08-08 22:51 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-08 23:01 - 2014-08-08 22:49 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-08-08 23:00 - 2014-08-08 22:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-08-08 22:55 - 2014-06-09 13:30 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-08-08 22:55 - 2012-06-24 12:11 - 00000000 ____D () C:\ProgramData\Norton
2014-08-08 22:51 - 2014-08-08 22:51 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-08-08 22:51 - 2014-08-08 22:51 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-08-08 22:51 - 2014-08-08 22:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-08 22:49 - 2014-08-08 22:49 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-08-08 22:21 - 2014-08-08 22:21 - 00000009 _____ () C:\Users\steve\Desktop\caseID.txt
2014-08-08 22:18 - 2014-08-08 22:18 - 00000000 ____D () C:\Users\steve\Desktop\parents
2014-08-08 22:04 - 2013-04-16 16:45 - 00000000 ____D () C:\Users\steve\AppData\Local\NPE
2014-08-08 22:03 - 2014-04-16 20:43 - 00000000 ____D () C:\Users\ReportServer$MYOP
2014-08-08 22:03 - 2014-04-16 20:41 - 00000000 ____D () C:\Users\MSSQLFDLauncher$MYOP
2014-08-08 22:03 - 2014-04-16 20:37 - 00000000 ____D () C:\Users\MSSQL$MYOP
2014-08-08 22:03 - 2014-04-07 22:01 - 00000000 ____D () C:\Users\MSSQLSERVER
2014-08-08 22:03 - 2014-04-06 20:22 - 00000000 ____D () C:\Users\MSSQL$DB
2014-08-08 21:44 - 2014-08-08 21:43 - 00000000 ____D () C:\NPE
2014-08-08 21:20 - 2013-11-17 10:57 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-08-08 20:43 - 2014-08-04 21:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-08 20:43 - 2014-07-16 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2014-08-08 20:43 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2014-08-08 20:43 - 2014-07-16 10:21 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2014-08-08 20:43 - 2010-07-27 17:22 - 00000000 ____D () C:\Users\steve
2014-08-08 20:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-08-06 22:33 - 2014-08-06 20:53 - 00001708 _____ () C:\Users\steve\Desktop\to do.txt
2014-08-04 22:53 - 2014-08-04 22:53 - 00001054 _____ () C:\Users\steve\Desktop\MBAM.txt
2014-08-04 21:56 - 2014-08-04 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 20:26 - 2014-07-16 10:21 - 00025568 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2014-08-03 12:56 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-02 11:54 - 2013-01-28 09:13 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Skype
2014-08-02 10:58 - 2014-08-02 10:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 10:58 - 2014-08-02 10:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 09:53 - 2014-08-02 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-02 09:53 - 2014-08-02 09:53 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-28 21:27 - 2013-12-12 20:07 - 00000000 ____D () C:\Users\steve\Desktop\John
2014-07-27 16:09 - 2011-11-19 09:00 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8888B158-0621-4816-9121-F3FE313B8AB0}
2014-07-25 21:41 - 2013-03-16 11:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 21:40 - 2013-03-16 11:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 11:02 - 2013-03-16 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 19:49 - 2013-12-06 07:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-07-23 19:49 - 2013-12-06 07:50 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-07-23 18:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-23 12:59 - 2014-07-23 12:59 - 00019971 _____ () C:\Users\steve\AppData\Local\recently-used.xbel
2014-07-23 12:59 - 2013-12-06 07:07 - 00000000 ____D () C:\Users\steve\AppData\Local\gtk-2.0
2014-07-23 12:59 - 2013-12-05 23:32 - 00000000 ____D () C:\Users\steve\.gimp-2.8
2014-07-23 12:55 - 2009-07-14 06:13 - 01269914 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 12:48 - 2014-07-23 12:07 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Wise Registry Cleaner
2014-07-23 12:07 - 2014-07-23 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-07-23 12:07 - 2014-07-23 12:07 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-07-22 23:51 - 2014-07-22 23:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-22 23:32 - 2014-01-22 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 23:32 - 2014-01-22 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-22 23:32 - 2013-12-06 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-07-22 23:32 - 2013-01-06 09:12 - 00000000 ____D () C:\Users\steve\AppData\Local\CrashDumps
2014-07-22 23:32 - 2010-08-01 07:53 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 23:32 - 2010-03-19 06:33 - 00000000 ____D () C:\Windows\Panther
2014-07-22 23:32 - 2010-03-19 04:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless
2014-07-22 23:32 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-22 22:53 - 2014-07-22 21:56 - 00000000 ____D () C:\ComboFix
2014-07-22 22:51 - 2014-07-22 22:51 - 00017690 _____ () C:\ComboFix.txt
2014-07-22 22:51 - 2014-07-16 23:23 - 00000000 ____D () C:\Qoobox
2014-07-22 22:51 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-07-22 22:43 - 2014-07-16 23:23 - 00000000 ____D () C:\Windows\erdnt
2014-07-22 22:41 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-21 21:39 - 2013-01-20 15:25 - 00000000 ____D () C:\Program Files (x86)\Kodak
2014-07-21 21:39 - 2013-01-20 15:21 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-21 21:38 - 2013-01-20 15:32 - 00000000 ____D () C:\Users\steve\AppData\Local\Eastman_Kodak_Company
2014-07-21 21:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-20 11:36 - 2014-07-20 11:32 - 00000000 ____D () C:\Program Files (x86)\FREE MSG File Viewer
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 ____D () C:\Users\steve\AppData\Roaming\CDTPL
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 ____D () C:\ProgramData\CDTPL
2014-07-20 11:32 - 2014-07-20 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE MSG File Viewer
2014-07-17 22:47 - 2013-12-06 07:47 - 00000000 ____D () C:\Users\steve\Documents\Visual Studio 2010
2014-07-16 23:43 - 2014-07-16 23:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-16 21:14 - 2014-07-16 21:14 - 00000000 ____D () C:\Windows\system32\log
2014-07-16 21:07 - 2014-01-01 14:39 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-07-16 20:36 - 2013-01-06 09:26 - 00000000 ____D () C:\Program Files (x86)\mefeediatest
2014-07-16 20:32 - 2014-01-29 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2014-07-16 20:04 - 2014-04-30 21:51 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-07-16 16:10 - 2014-07-16 16:10 - 00000000 ____D () C:\Users\steve\AppData\Local\{29646679-C2DE-4BF2-B11A-A14F6BC0EB6B}
2014-07-16 15:32 - 2014-07-15 15:12 - 00000000 ____D () C:\Program Files\Wireshark
2014-07-16 10:21 - 2014-07-16 10:21 - 00000000 ____D () C:\Users\steve\AppData\Local\AntiLogger Free
2014-07-16 04:44 - 2014-07-16 21:14 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-15 18:50 - 2014-07-15 18:50 - 00003208 _____ () C:\Windows\System32\Tasks\{42176D63-6AFE-4AC9-86BE-D4E616D91816}
2014-07-15 18:43 - 2010-07-27 17:29 - 00000000 ____D () C:\Users\steve\AppData\Local\VirtualStore
2014-07-15 16:01 - 2014-07-15 16:01 - 00000000 ____D () C:\Users\steve\AppData\Roaming\Wireshark
2014-07-13 16:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 19:59 - 2014-07-10 19:59 - 00000000 ____D () C:\Users\steve\AppData\Local\{69710375-25AA-46C9-BBC9-8AF637B8F421}
2014-07-10 08:39 - 2009-07-14 05:45 - 00369704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 08:36 - 2009-07-14 08:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 08:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 08:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 01:22 - 2013-07-11 19:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 01:12 - 2011-05-14 04:49 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\steve\AppData\Local\Temp\ANT3F9F.exe
C:\Users\steve\AppData\Local\Temp\ANTDF56.exe
C:\Users\steve\AppData\Local\Temp\hmav8hii.dll
C:\Users\steve\AppData\Local\Temp\Quarantine.exe
C:\Users\steve\AppData\Local\Temp\ynzqru__.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-19 02:39
 
==================== End Of Log ============================
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
Ran by steve at 2014-08-09 23:58:02
Running from C:\Users\steve\Desktop\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Fusion Media Explorer (HKLM-x32\...\{9C3AAC01-10DA-418F-AEBC-F75500220415}) (Version: 1.0.1.0151 - Advanced Micro Devices, Inc.)
AMD USB Filter Driver (HKLM-x32\...\{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}) (Version: 1.0.13.88 - Advanced Micro Devices, Inc.)
AntiLogger Free version 1.7.2.382 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.7.2.382 - Zemana Ltd.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0729.2226 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.103 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FREE MSG File Viewer version 2.0 (HKLM-x32\...\{2D370F64-93D0-4731-B27B-35869AEEB460}_is1) (Version: 2.0 - SysTools Software)
Fusion Utility for Mobility (HKLM-x32\...\{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}) (Version: 1.1.1 - AMD)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.113.09020 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.113.09020 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM-x32\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{A6A4A258-0A48-4F76-B8F1-61F0514594DD}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (Version:  - ) Hidden
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{8F3AB164-B4F3-45B1-A85A-F5E5815A44E1}) (Version: 11.1.2816.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{94255301-0676-46EB-9DDA-083183B63B52}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 RsFx Driver (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{5FF7BC8C-92D4-4B95-9FF1-E3722DFA9292}) (Version: 5.1.29 - Oracle Corporation)
MySQL Connector Net 6.8.3 (HKLM-x32\...\{38157422-F952-42F7-88AA-CC16A63CD109}) (Version: 6.8.3 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{BDD417A0-EBEC-46E4-8879-426B9C617C53}) (Version: 6.1.3 - Oracle Corporation)
MySQL Connector/ODBC 5.2 (HKLM\...\{6F4E90AC-3B32-4631-A9E5-5CC0186CA97B}) (Version: 5.2.6 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{A87652F5-F5E8-4D2C-8D39-C33A9C4260DC}) (Version: 5.6.16 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{70F2F2A0-897B-4A0D-82EB-B658130E5D01}) (Version: 5.6.16 - Oracle Corporation)
MySQL For Excel 1.2.0 (HKLM-x32\...\{1F8CFEFC-1038-467A-A084-0137B1D6EE1E}) (Version: 1.2.0 - Oracle)
MySQL Installer (HKLM-x32\...\{AD5D6EFE-E72A-4306-A5BD-71E73B6C843A}) (Version: 1.3.5.0 - Oracle Corporation)
MySQL Notifier 1.1.5 (HKLM-x32\...\{DB02F4B3-3FC4-4FED-B2A2-7CDCF88D87D3}) (Version: 1.1.5 - Oracle)
MySQL Server 5.6 (HKLM\...\{AB691153-97AE-462B-AE70-3CA06D7B2571}) (Version: 5.6.16 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{E967FF67-DE28-4BB0-857C-87A825CCF003}) (Version: 1.3.6 - Oracle)
MySQL Workbench 6.0 CE (HKLM-x32\...\{43CCD58C-FCC8-45AB-9909-37347969DDD1}) (Version: 6.0.9 - Oracle Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.5.0.19 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NUnit 2.6.3 (HKLM-x32\...\{002B407D-DE66-4601-A10C-45941586C767}) (Version: 2.6.3.13283 - nunit.org)
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.8 - Dell Inc.)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skins (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
SQL Server 2012 BI Development Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Wise Registry Cleaner 8.22 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.22 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
21-07-2014 19:55:14 Windows Modules Installer
22-07-2014 08:02:16 Windows Update
25-07-2014 09:55:59 Windows Update
02-08-2014 08:51:55 Installed 7-Zip 9.20 (x64 edition)
03-08-2014 07:49:31 Windows Update
08-08-2014 19:36:37 Restore Operation
08-08-2014 20:58:22 Norton_Power_Eraser_20140808215815771
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {031AC0BF-AF95-489F-8175-4E14C8ED1A1D} - System32\Tasks\{FD7B337A-447B-4ED1-800F-8F973EAF1BF3} => D:\SETUP.EXE
Task: {03D1562B-79DC-408A-A5E2-BE882673B3E1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {0F33E0BC-A81A-42C5-B2B2-3AE6688575A3} - System32\Tasks\{AD66545D-9E3B-4325-BB4E-75F7A1C6E0B6} => D:\SETUP.EXE
Task: {2B16E34E-F220-43B1-9410-1F616DE8AC61} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3329B65C-404D-4EEF-9EF7-6873676B6913} - System32\Tasks\{5EE899FA-B69D-49AE-AF84-CBB6A63D5A94} => D:\SETUP.EXE
Task: {401F938F-AA0B-45DA-9024-FB3570BA2D4E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {5610A76C-A39F-4A61-AB49-CD774498E925} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {567F5032-B8AD-4DCD-8053-B9E888C8C475} - System32\Tasks\{9B3F15C3-6B95-44E7-AF39-7E82FD87BABD} => D:\SETUP.EXE
Task: {6D9A1F62-D742-4B08-9364-F5B6514DA698} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {71F563C7-D60F-468E-914A-EFAF8F2E3C1C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7A831FC3-99F8-459C-AF03-0B3F0B315D9A} - System32\Tasks\{80EF4820-D4EA-4AAA-949E-4F812D54446D} => D:\AutoRun.exe
Task: {823A0A79-011E-448A-908D-42A9E8006DE4} - System32\Tasks\DHC808L1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {8855EB51-40FB-49FC-A712-04A38A7FFE30} - System32\Tasks\{F1B8F03C-3C16-4F60-B0F8-910C285BFC69} => D:\AutoRun.exe
Task: {A0BF9A67-C0E2-456C-94A1-A900ED846573} - System32\Tasks\{93C2B952-AE8D-4260-AC0C-299764DBA3EC} => D:\SETUP.EXE
Task: {A9AAA9B3-299F-41F5-842D-BE3203B9E8D3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {BC33FC87-D11D-4F91-A2DA-049B2B2D7047} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe [2013-11-25] (Oracle Corporation)
Task: {D624ADCF-EC89-492E-A87F-FF068A65C60C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {FAFE2C0B-5F66-4252-9873-D507024C3741} - System32\Tasks\{E655A0CB-E609-4708-BA01-6FF0DBD79B15} => D:\SETUP.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-03-19 04:15 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-03-19 04:15 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2010-03-19 04:32 - 2011-08-18 16:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-01-03 07:59 - 2014-02-10 18:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 2db04d42 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: MSSQL$DB => 2
MSCONFIG\Services: MSSQL$MYOP => 2
MSCONFIG\Services: MSSQL$SQLEXPRESS => 2
MSCONFIG\Services: MSSQLFDLauncher$MYOP => 3
MSCONFIG\Services: MSSQLSERVER => 2
MSCONFIG\Services: MySQL56 => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: ReportServer$MYOP => 3
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: seclogon => 2
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: TermService => 2
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Astrill => "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/08/2014 08:47:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
 
Error: (07/22/2014 09:32:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (07/22/2014 09:32:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (07/22/2014 09:32:07 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (07/20/2014 01:11:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/17/2014 11:57:28 PM) (Source: iSafeService) (EventID: 0) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
Error: (07/17/2014 10:13:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (07/17/2014 10:13:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (07/17/2014 10:13:41 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (07/17/2014 10:11:59 AM) (Source: iSafeService) (EventID: 0) (User: )
Description: iSafeService error: 1063StartServiceCtrlDispatcher failed. ErrorCode=1063
 
 
System errors:
=============
Error: (08/09/2014 11:38:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (08/09/2014 11:37:07 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (08/09/2014 11:37:07 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (08/09/2014 11:06:35 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (08/09/2014 10:28:41 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (08/09/2014 09:46:14 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (08/09/2014 09:29:00 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (08/09/2014 07:52:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (08/09/2014 07:49:15 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (08/09/2014 07:49:15 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 0
 
The details view of this entry contains further information.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 4094.39 MB
Available physical RAM: 2715.11 MB
Total Pagefile: 8186.95 MB
Available Pagefile: 6483.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:217.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 880B8533)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 AM

Posted 10 August 2014 - 12:22 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
C:\Users\steve\AppData\Local\Temp\ANT3F9F.exe
C:\Users\steve\AppData\Local\Temp\ANTDF56.exe
C:\Users\steve\AppData\Local\Temp\hmav8hii.dll
C:\Users\steve\AppData\Local\Temp\ynzqru__.dll

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#9 hotFORbugs

hotFORbugs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 15 August 2014 - 12:34 AM

 
Hi nasdaq!  Followed the instructions and logs are below.  Computer seems to be running well thanks!  Does this mean I'm a nasty-free zone?
 
 
Fix log
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2014 01
Ran by steve at 2014-08-14 21:19:05 Run:1
Running from C:\Users\steve\Desktop\John\Tools\Security\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
C:\Users\steve\AppData\Local\Temp\ANT3F9F.exe
C:\Users\steve\AppData\Local\Temp\ANTDF56.exe
C:\Users\steve\AppData\Local\Temp\hmav8hii.dll
C:\Users\steve\AppData\Local\Temp\ynzqru__.dll
 
End
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\livecall" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\msnim" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"FF Plugin: @microsoft.com/GENUINE -> disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
PCDSRVC{D3412D80-CF3B4A27-06020200}_0 => Service deleted successfully.
Prot6Flt => Service deleted successfully.
C:\Users\steve\AppData\Local\Temp\ANT3F9F.exe => Moved successfully.
C:\Users\steve\AppData\Local\Temp\ANTDF56.exe => Moved successfully.
C:\Users\steve\AppData\Local\Temp\hmav8hii.dll => Moved successfully.
C:\Users\steve\AppData\Local\Temp\ynzqru__.dll => Moved successfully.
 
==== End of Fixlog ====
 
 
checkup
 
 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Wise Registry Cleaner 8.22  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 34.0.1847.137  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 AM

Posted 15 August 2014 - 08:04 AM

You are looking good.

 

If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe.
===


#11 hotFORbugs

hotFORbugs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 15 August 2014 - 03:10 PM

Fantastic - thanks Nasdaq!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 AM

Posted 16 August 2014 - 07:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users