Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Poweliks virus help


  • This topic is locked This topic is locked
19 replies to this topic

#1 Snehadavison

Snehadavison

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 09 November 2014 - 08:00 AM

I think my Windows 7 PC has been infected with the Poweliks virus. In investigating why my computer was running extremely slow, I checked Task Manager and found many instances of the dll*32 files being opened. I get frequent notices from Norton that various programs are exhibiting high disk usage even when those programs are not opened. I also get frequent notices from Windows that Powershell  is not working and needs to close. I have tried to download better malware programs (Malwarebytes, ESET Poweliks cleaner) but I get a notice saying my security settings won't allow it to be downloaded even when I(temporarily) turn off all security. I was met with the same result when I tried to download DDS and was therefore unable to complete step 6 in the Prep Guide. Please help!



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:09 PM

Posted 14 November 2014 - 10:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555364 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Snehadavison

Snehadavison
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 14 November 2014 - 01:03 PM

I am still unable to download DDS to create a log. I have a 64 bit Windows 7 Premium PC. I do not have the Windows cd.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:09 PM

Posted 14 November 2014 - 08:11 PM

Greetings Snehadavison and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • From a clean computer download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to a USB device
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Transfer the file to the desktop of your infected computer
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Snehadavison

Snehadavison
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 15 November 2014 - 12:14 AM

Hello! Thank you so much for your help :)

 

FRST Results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Sneha (administrator) on SNEHA-HP on 14-11-2014 23:27:32
Running from F:\Download
Loaded Profile: Sneha (Available profiles: Sneha & James)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(RoboHippo LLC) C:\Users\Sneha\Desktop\HippoVNC\WinVNC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft) C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(RoboHippo LLC) C:\Users\Sneha\Desktop\HippoVNC\WinVNC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Google Inc.) C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\jgttizpz.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2011-01-27] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2011-01-27] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-13] (Samsung)
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Run: [dknumzkfvbn] => regsvr32.exe /s "C:\Users\Sneha\AppData\Local\{55061FB0-05F6-4AE4-939C-2227AD5B7953}\dknumzkfvbn.dll" <===== ATTENTION
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\MountPoints2: {201530d7-4207-11e2-a3fe-eb8ee9327ae2} - H:\MotoCastSetup.exe -a
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {1A153E4F-FDE1-4E86-B354-D561529675AF} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {2F3864F6-3BDA-460E-BBB1-ECFF265351BB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {649EFF06-EDFD-47C5-BF1A-D5E61A9ACD72} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {1A153E4F-FDE1-4E86-B354-D561529675AF} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {2F3864F6-3BDA-460E-BBB1-ECFF265351BB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {649EFF06-EDFD-47C5-BF1A-D5E61A9ACD72} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {1A153E4F-FDE1-4E86-B354-D561529675AF} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {2F3864F6-3BDA-460E-BBB1-ECFF265351BB} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {4DC219A3-92E7-4A24-B2A4-EB93ED014161} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=02CFD62D-5220-43E0-AC8D-D506AD5B0914&apn_sauid=AA040E9A-17A4-4994-A5F9-4401E84F5BF4
SearchScopes: HKCU - {649EFF06-EDFD-47C5-BF1A-D5E61A9ACD72} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2515695283-1697546955-4081256366-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2515695283-1697546955-4081256366-1001: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKU\S-1-5-21-2515695283-1697546955-4081256366-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn [2014-11-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\IPSFF [2014-08-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hippovnc_service; C:\Users\Sneha\Desktop\HippoVNC\WinVNC.exe [1692160 2010-02-15] (RoboHippo LLC) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4343664 2014-04-09] (Symantec Corporation)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
R2 TunerFreeMCEService; C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [11264 2010-08-16] (Microsoft) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20141114.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-03-28] (MediaMall Technologies, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141114.002\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20141114.002\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.) [File not signed]
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 23:26 - 2014-11-14 23:28 - 00000000 ____D () C:\FRST
2014-11-14 23:26 - 2014-11-14 23:26 - 00000751 _____ () C:\Users\Sneha\Desktop\FRST64 - Shortcut.lnk
2014-11-08 19:44 - 2014-11-08 19:44 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-08 19:44 - 2014-11-08 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-08 19:40 - 2014-11-08 19:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-08 19:40 - 2014-11-08 19:43 - 00000000 ____D () C:\Program Files\iTunes
2014-11-08 19:40 - 2014-11-08 19:43 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-08 19:40 - 2014-11-08 19:40 - 00000000 ____D () C:\Program Files\iPod
2014-11-08 16:57 - 2014-11-08 16:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-11-08 16:57 - 2014-11-08 16:57 - 00000000 ____D () C:\Users\Administrator
2014-11-08 16:38 - 2014-11-08 16:38 - 40034920 ____T () C:\Windows\SysWOW64\00006797.tmp
2014-11-08 16:38 - 2014-11-08 16:38 - 40034920 ____T () C:\Windows\SysWOW64\00004150.tmp
2014-11-01 17:58 - 2014-11-01 17:58 - 00000000 ____D () C:\a6b04f8072f5c1b16fe35a880caf1d
2014-10-19 15:11 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 15:11 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 15:11 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 15:11 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 15:11 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 15:11 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 15:11 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 15:11 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 15:11 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 15:11 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 15:11 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 15:11 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 15:11 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 15:11 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 15:11 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 15:11 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 15:11 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 15:11 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 15:11 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 15:11 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 15:11 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 15:11 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 15:11 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 15:11 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 15:11 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 15:11 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 15:11 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 15:11 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 15:11 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 15:11 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 15:11 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 15:11 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 15:11 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 15:11 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 15:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 15:11 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 15:11 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 15:11 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 15:11 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 15:11 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 15:11 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 15:11 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 15:11 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 15:11 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 15:11 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 15:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 15:11 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 15:11 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 15:11 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 15:11 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 15:11 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 15:11 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 15:11 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 15:11 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 15:11 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 15:11 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 15:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 15:11 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 15:11 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 15:11 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 15:11 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 15:11 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-19 15:11 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 15:11 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 15:11 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 15:11 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 15:11 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 15:11 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 15:11 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 15:11 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 15:11 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 15:11 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 15:11 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 15:11 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 15:11 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-19 15:11 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-19 15:11 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 15:11 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 15:11 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 15:11 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 15:11 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-19 15:11 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-19 15:11 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-19 15:11 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-19 15:11 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-19 15:11 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-19 15:11 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-19 15:11 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-19 15:11 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-19 15:11 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-19 15:11 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-19 15:11 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-19 15:11 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 15:11 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 15:11 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 15:11 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 15:11 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 15:11 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 15:10 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 15:10 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 23:31 - 2010-11-25 09:59 - 01361787 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 23:29 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 23:25 - 2011-11-05 20:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-14 23:22 - 2012-08-07 16:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 23:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 23:22 - 2009-07-13 23:51 - 00166069 _____ () C:\Windows\setupact.log
2014-11-14 23:15 - 2009-07-13 23:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 23:15 - 2009-07-13 23:45 - 00026512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 23:01 - 2012-08-07 16:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-14 22:58 - 2011-03-15 10:01 - 00000000 ____D () C:\Users\Sneha\AppData\Local\CrashDumps
2014-11-14 22:51 - 2012-08-07 16:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 22:51 - 2011-06-09 02:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 12:19 - 2012-09-21 10:33 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-08 19:40 - 2011-01-16 10:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-08 19:38 - 2014-09-10 08:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-08 19:38 - 2011-01-17 15:48 - 00000000 ____D () C:\Users\Sneha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-11-08 19:37 - 2011-01-17 15:48 - 00001322 _____ () C:\Users\Sneha\Desktop\Norton Installation Files.lnk
2014-11-08 19:37 - 2010-11-25 10:17 - 00000000 ____D () C:\ProgramData\Norton
2014-11-05 19:10 - 2014-09-21 10:15 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSneha
2014-11-05 19:10 - 2014-09-21 10:15 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForSneha.job
2014-10-30 19:10 - 2012-11-16 08:12 - 00000000 ____D () C:\Users\Sneha\AppData\Local\{55061FB0-05F6-4AE4-939C-2227AD5B7953}
2014-10-30 19:00 - 2011-10-30 11:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-30 19:00 - 2011-01-16 05:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-30 18:48 - 2009-07-13 23:45 - 00278976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-23 18:44 - 2011-01-15 10:04 - 00665086 _____ () C:\Windows\PFRO.log
2014-10-23 18:41 - 2014-06-28 18:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-23 18:11 - 2013-08-16 20:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-23 18:05 - 2011-01-27 07:51 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 19:26 - 2011-01-15 04:39 - 00000000 ____D () C:\Users\Sneha\AppData\Roaming\SoftGrid Client

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2515695283-1697546955-4081256366-1001\$34abdb91f75e6e4d3541138e74b7a4fe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 21:47

==================== End Of Log ============================

 

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Sneha at 2014-11-14 23:41:37
Running from F:\Download
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Air Video Server 2.4.3 (HKLM-x32\...\Air Video Server) (Version: 2.4.3 - InMethod, s.r.o.)
Amazon Cloud Player (HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Amazon Amazon Cloud Player) (Version: 1.1.0.337 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MG5300 series User Registration (HKLM-x32\...\Canon MG5300 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1616 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4217 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{69ABD67D-5C2E-4724-B519-695DEF3EC23B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{00A42832-B21A-4296-B5F4-D296D0BC4A3E}) (Version: 2.6.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{329445EA-EBA3-45A0-A7A7-B6A6555DB881}) (Version: 1.8.53 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\MyFreeCodec) (Version:  - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{C6173775-C676-4E2A-9232-66E17261E614}) (Version: 2.9.0.19 - Symantec Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.25.824.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
TunerFree MCE (HKLM-x32\...\{1E7603CA-71BE-4113-86E7-DD9E17F6BA7D}) (Version: 4.0.2 - MillieSoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.1.4 - Vudu)
VUDU To Go (x32 Version: 2.1.4 - Vudu) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2515695283-1697546955-4081256366-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2515695283-1697546955-4081256366-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\SHELL32.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-10-2014 23:04:10 Windows Update
25-10-2014 14:33:28 Windows Update
01-11-2014 22:53:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {031CFBD7-442F-4C3B-BD11-68D11BDE2EF0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {1956813F-27FA-4127-8EDD-9701CCDFD868} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {19B350AD-F5DF-4ED5-AA7D-506220A3E82A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {26C8BC43-0A67-457D-9347-6D6FEA3F1EAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4B27ED40-9DDF-47F6-BB0E-92596636B266} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {88AB818D-A16B-4E64-A87C-7A7066316857} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-14] (Adobe Systems Incorporated)
Task: {9091291D-D8E5-4614-9136-5A3283C3B09A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {B71618B4-B1F1-4F0B-A9C2-B571FA0BCC07} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {BCB21D6B-3B0B-4127-A55F-EE203B37C97D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C074C427-6C1B-4197-887C-87671A0CF08E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {CE0BD600-EB81-42B2-9980-70059365F6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D963CBB0-269C-4FF6-800B-B72B8A46D189} - System32\Tasks\HPCeeScheduleForSneha => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F2FAA153-D1E2-48B4-9B22-3E1B63817091} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSneha.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-09-21 11:32 - 2011-02-07 11:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-09-08 02:32 - 2012-09-08 02:32 - 00943504 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-25 09:47 - 2014-10-25 09:47 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-11-25 10:02 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-10-30 19:10 - 2014-10-30 19:10 - 00718152 _____ () C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\36.0.1985.143\libglesv2.dll
2014-10-30 19:10 - 2014-10-30 19:10 - 00126280 _____ () C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\36.0.1985.143\libegl.dll
2014-10-30 19:10 - 2014-10-30 19:10 - 08537928 _____ () C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\36.0.1985.143\pdf.dll
2014-10-30 19:10 - 2014-10-30 19:10 - 00353096 _____ () C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-30 19:10 - 2014-10-30 19:10 - 01732936 _____ () C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\36.0.1985.143\ffmpegsumo.dll
2014-10-30 19:10 - 2014-10-30 19:10 - 14669128 _____ () C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt\Ildwyyk\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2515695283-1697546955-4081256366-500 - Administrator - Disabled)
Guest (S-1-5-21-2515695283-1697546955-4081256366-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2515695283-1697546955-4081256366-1002 - Limited - Enabled)
James (S-1-5-21-2515695283-1697546955-4081256366-1003 - Limited - Enabled) => C:\Users\James
Sneha (S-1-5-21-2515695283-1697546955-4081256366-1001 - Administrator - Enabled) => C:\Users\Sneha

==================== Faulty Device Manager Devices =============

Name: iPodDrv
Description: iPodDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iPodDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 10:53:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc959
Faulting module name: jscript9.dll, version: 11.0.9600.17344, time stamp: 0x541b85e6
Exception code: 0xc0000005
Fault offset: 0x0010537c
Faulting process id: 0x2d8c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/14/2014 00:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1341874

Error: (11/14/2014 00:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1341874

Error: (11/14/2014 00:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 00:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1340860

Error: (11/14/2014 00:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1340860

Error: (11/14/2014 00:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 00:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1339846

Error: (11/14/2014 00:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1339846

Error: (11/14/2014 00:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/14/2014 11:28:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/14/2014 11:25:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/14/2014 11:22:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPodDrv service failed to start due to the following error:
%%2

Error: (11/14/2014 11:22:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:16:16 PM on ‎11/‎14/‎2014 was unexpected.

Error: (11/14/2014 11:15:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.

Error: (11/14/2014 11:15:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

Error: (11/14/2014 11:13:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (11/14/2014 10:39:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (11/14/2014 10:38:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE2F9D0D-18A4-4845-BA41-DE6451A66D11}

Error: (11/14/2014 10:38:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Microsoft Office Sessions:
=========================
Error: (11/14/2014 10:53:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc959jscript9.dll11.0.9600.17344541b85e6c00000050010537c2d8c01d00086c6fae205C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dlle8aedd7f-6c7a-11e4-984b-e074d46eea9c

Error: (11/14/2014 00:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1341874

Error: (11/14/2014 00:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1341874

Error: (11/14/2014 00:52:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 00:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1340860

Error: (11/14/2014 00:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1340860

Error: (11/14/2014 00:52:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2014 00:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1339846

Error: (11/14/2014 00:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1339846

Error: (11/14/2014 00:52:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
  Date: 2013-04-19 15:29:07.457
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:29:07.280
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:29:05.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:29:04.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:29:02.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:29:02.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:29:00.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:28:59.864
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:28:57.623
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-19 15:28:57.460
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 64%
Total physical RAM: 3893.86 MB
Available physical RAM: 1392.8 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4677.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.45 GB) (Free:291.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.01 GB) (Free:2.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:58.53 GB) (Free:56.58 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1D505CB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 58.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Attached File  summary.zip   112.57KB   1 downloads

 

 



#6 Snehadavison

Snehadavison
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 15 November 2014 - 12:42 AM

Thought I should mention as well that Windows automatically updated and installed four updates when I shut the computer down.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:09 PM

Posted 15 November 2014 - 07:48 PM

Greetings,

I apologize for the delay. I was not notified you had responded.

Please consider and do this.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Run: [dknumzkfvbn] => regsvr32.exe /s "C:\Users\Sneha\AppData\Local\{55061FB0-05F6-4AE4-939C-2227AD5B7953}\dknumzkfvbn.dll" <===== ATTENTION
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
2014-11-08 16:38 - 2014-11-08 16:38 - 40034920 ____T () C:\Windows\SysWOW64\00006797.tmp
2014-11-08 16:38 - 2014-11-08 16:38 - 40034920 ____T () C:\Windows\SysWOW64\00004150.tmp
2014-11-01 17:58 - 2014-11-01 17:58 - 00000000 ____D () C:\a6b04f8072f5c1b16fe35a880caf1d
C:\$Recycle.Bin\S-1-5-21-2515695283-1697546955-4081256366-1001\$34abdb91f75e6e4d3541138e74b7a4fe
CustomCLSID: HKU\S-1-5-21-2515695283-1697546955-4081256366-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Snehadavison

Snehadavison
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 15 November 2014 - 10:27 PM

For now, I would like to go ahead and clean the machine as much as possible. I will consider reformatting sometime soon.

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Sneha at 2014-11-15 21:39:00 Run:1
Running from C:\Users\Sneha\Desktop
Loaded Profiles: Sneha & James (Available profiles: Sneha & James)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...\Run: [dknumzkfvbn] => regsvr32.exe /s "C:\Users\Sneha\AppData\Local\{55061FB0-05F6-4AE4-939C-2227AD5B7953}\dknumzkfvbn.dll" <===== ATTENTION
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
2014-11-08 16:38 - 2014-11-08 16:38 - 40034920 ____T () C:\Windows\SysWOW64\00006797.tmp
2014-11-08 16:38 - 2014-11-08 16:38 - 40034920 ____T () C:\Windows\SysWOW64\00004150.tmp
2014-11-01 17:58 - 2014-11-01 17:58 - 00000000 ____D () C:\a6b04f8072f5c1b16fe35a880caf1d
C:\$Recycle.Bin\S-1-5-21-2515695283-1697546955-4081256366-1001\$34abdb91f75e6e4d3541138e74b7a4fe
CustomCLSID: HKU\S-1-5-21-2515695283-1697546955-4081256366-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

*****************

C:\Users\Sneha\AppData\LocalLow\Sun\twipxflt => Moved successfully.
HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\Software\Microsoft\Windows\CurrentVersion\Run\\dknumzkfvbn => value deleted successfully.
"HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2515695283-1697546955-4081256366-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
iPodDrv => Service deleted successfully.
"C:\Windows\SysWOW64\00006797.tmp" => File/Directory not found.
"C:\Windows\SysWOW64\00004150.tmp" => File/Directory not found.
C:\a6b04f8072f5c1b16fe35a880caf1d => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-2515695283-1697546955-4081256366-1001\$34abdb91f75e6e4d3541138e74b7a4fe => Moved successfully.
"HKU\S-1-5-21-2515695283-1697546955-4081256366-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

==== End of Fixlog ====

 

 

Here is the AdwCleaner log:

 

# AdwCleaner v4.101 - Report created 15/11/2014 at 22:01:25
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sneha - SNEHA-HP
# Running from : C:\Users\Sneha\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Sneha\AppData\Roaming\dvdvideosoftiehelpers
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4DC219A3-92E7-4A24-B2A4-EB93ED014161}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{649EFF06-EDFD-47C5-BF1A-D5E61A9ACD72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{649EFF06-EDFD-47C5-BF1A-D5E61A9ACD72}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{649EFF06-EDFD-47C5-BF1A-D5E61A9ACD72}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [3100 octets] - [15/11/2014 21:57:11]
AdwCleaner[S0].txt - [2502 octets] - [15/11/2014 22:01:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2562 octets] ##########

 

Here is the Junkware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Sneha on Sat 11/15/2014 at 22:12:40.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{15BDAAC3-1096-4BB0-97E0-14657B1B1F48}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{195B2A0D-E8A5-439E-A276-2A775694F536}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{25149CBF-1BA2-4AE1-A728-DA09103622FB}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{31563C0F-846B-4A5A-9C2A-85DC2C248387}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{329B612F-5766-4B0E-BD6B-6553A0491BFB}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{361AF487-36A6-424C-A5DC-F4ACE42C1AA1}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{40EDCAB9-6EB2-4EA1-87E7-E81CE1D14829}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{41C95D77-4A74-4798-908C-ED075DCFC620}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{52E5B78E-9F6A-4FF9-A0A0-195457248151}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{559FEDF8-5FED-4D0F-AFDA-E6D9F2CF953A}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{5D8AE9B6-E565-4C73-AB9B-C6B9510FF3C2}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{6039DBEF-D519-45C5-AEF7-CF7D1A14D506}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{6457D3B6-B254-48C6-BA05-C70830170DD8}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{664F219B-D3C7-4620-B43E-F3822EA3493B}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{68BE2242-7BC6-48CF-A453-A71B7B10732F}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{7457C3C0-C3E1-4842-B9AC-7677FB453DAC}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{77EA5309-23BF-41C5-BA53-E18B6F8D99E8}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{7E399F95-F473-4F10-8640-38415166ABA7}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{8AAE0A00-9EDE-454D-89DC-77927BB42DE0}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{8DD24C49-5146-40FF-82FC-E0B31DF5CDB8}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{9AD949EA-5457-4D4F-9B9B-9234F46ABED1}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{A4FB3456-F4CA-4A3B-B8D3-1F0047726549}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{A866B5BC-50C4-492A-89B5-3BF038EE22B7}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{AF68C034-AAD5-4D38-8470-BAC9EC8A16AF}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{BDB2531F-6C99-48D3-9033-F8FCBEF12A38}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{C42B340C-3718-49B4-8C68-759A3BFB4325}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{C4F75E6A-B481-40A6-82F3-3A5A6182825A}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{CB647833-70E2-450A-A3DA-6A2EF421CC10}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{D92218BD-9C77-4DAC-8372-346C2EBAB3C1}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{E1BC0C16-9D81-4B98-83EF-2F9CA33BF7DC}
Successfully deleted: [Empty Folder] C:\Users\Sneha\appdata\local\{FC882CE7-ACEF-4032-9FC4-5E095F485BD1}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/15/2014 at 22:18:29.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:09 PM

Posted 15 November 2014 - 10:58 PM

No problem at all. Please run this.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Snehadavison

Snehadavison
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 16 November 2014 - 04:32 PM

From what I can tell so far, the computer seems to be running much cleaner and faster.  

 

Here is the Combofix log:

 

ComboFix 14-11-15.01 - Sneha 11/16/2014  16:01:03.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2213 [GMT -5:00]
Running from: c:\users\Sneha\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\2E5B.tmp
c:\programdata\Microsoft\Windows\DRM\9A17.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-16 to 2014-11-16  )))))))))))))))))))))))))))))))
.
.
2014-11-16 21:16 . 2014-11-16 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-16 21:16 . 2014-11-16 21:16 -------- d-----w- c:\users\James\AppData\Local\temp
2014-11-16 20:34 . 2014-11-16 20:34 -------- d-sh--w- c:\users\Sneha\AppData\Local\EmieBrowserModeList
2014-11-16 03:12 . 2014-11-16 03:12 -------- d-----w- c:\windows\ERUNT
2014-11-16 02:57 . 2014-11-16 03:01 -------- d-----w- C:\AdwCleaner
2014-11-15 05:22 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-15 05:22 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-15 05:20 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-15 05:18 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-15 05:18 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-15 05:17 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-15 05:17 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-15 04:26 . 2014-11-16 02:40 -------- d-----w- C:\FRST
2014-11-09 00:40 . 2014-11-09 00:40 -------- d-----w- c:\program files\iPod
2014-11-09 00:40 . 2014-11-09 00:43 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-09 00:40 . 2014-11-09 00:43 -------- d-----w- c:\program files\iTunes
2014-11-09 00:40 . 2014-11-09 00:43 -------- d-----w- c:\program files (x86)\iTunes
2014-11-08 21:57 . 2014-11-08 21:57 -------- d-----w- c:\users\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-15 05:27 . 2011-01-27 12:51 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-15 04:45 . 2012-08-07 21:52 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-15 04:45 . 2011-06-09 07:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 02:08 . 2014-10-03 20:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-03 20:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-23 01:20 . 2014-09-23 01:20 0 ----a-w- c:\windows\SysWow64\sho8BC.tmp
2014-09-10 13:06 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-27 02:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-27 02:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-26 02:20 . 2014-09-27 02:03 37592 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtspx64.sys
2014-08-26 02:20 . 2014-09-27 02:03 876248 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtsp64.sys
2014-08-25 18:37 . 2011-01-17 20:58 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-08-23 02:07 . 2014-08-28 19:09 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 19:09 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 hippovnc_service;hippovnc_service;c:\users\Sneha\Desktop\HippoVNC\WinVNC.exe;c:\users\Sneha\Desktop\HippoVNC\WinVNC.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20141114.001_858\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20141114.001_858\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TunerFreeMCEService;TunerFreeMCEService;c:\program files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe;c:\program files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 04:46]
.
2014-11-06 c:\windows\Tasks\HPCeeScheduleForSneha.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 08:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-27 6486120]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" [2014-11-12 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Sneha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-16  16:20:30
ComboFix-quarantined-files.txt  2014-11-16 21:20
.
Pre-Run: 313,809,014,784 bytes free
Post-Run: 314,553,589,760 bytes free
.
- - End Of File - - EC3190296CA4CC2FD3DD7780640956F3
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:09 PM

Posted 16 November 2014 - 06:52 PM

Great,

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Snehadavison

Snehadavison
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 16 November 2014 - 11:19 PM

Emisoft Report:

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/16/2014 7:33:33 PM
User account: Sneha-HP\Sneha

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, Q:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 11/16/2014 7:34:41 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-2515695283-1697546955-4081256366-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}  detected: Application.Win32.WSearch (A)
C:\Users\Sneha\AppData\Local\{55061FB0-05F6-4AE4-939C-2227AD5B7953}\dknumzkfvbn.dll  detected: Trojan.GenericKD.1951568 (B)
C:\Users\Sneha\AppData\LocalLow\obdvbfe.dll  detected: Trojan.GenericKD.1951568 (B)

Scanned 337544
Found 4

Scan end: 11/16/2014 10:42:32 PM
Scan time: 3:07:51

C:\Users\Sneha\AppData\LocalLow\obdvbfe.dll Quarantined Trojan.GenericKD.1951568 (B)
C:\Users\Sneha\AppData\Local\{55061FB0-05F6-4AE4-939C-2227AD5B7953}\dknumzkfvbn.dll Quarantined Trojan.GenericKD.1951568 (B)
Key: HKEY_USERS\S-1-5-21-2515695283-1697546955-4081256366-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Quarantined Application.Win32.WSearch (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)

Quarantined 4

 

 

Security Check log:

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65 
 Java version out of Date!
 Adobe Flash Player 15.0.0.223 
 Adobe Reader 10.1.10 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Symantec Norton Online Backup NOBuAgent.exe 
 Symantec Norton Online Backup NOBuClient.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:09 PM

Posted 16 November 2014 - 11:22 PM

Thanks,

We need to update those 2 programs. Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs update properly?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Snehadavison

Snehadavison
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:09 PM

Posted 17 November 2014 - 06:23 PM

Whenever I try to download anything, I get a message saying my security settings won't allow it. That never used to happen, so I assumed it had something to do with the virus. However, I'm still getting that message in trying to download Java. I've tried disabling Norton, but I still get the message. Up until now, I've been downloading the software you've asked for onto an sd card via my smartphone and then saving it to my desktop. Any idea what can be going on?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:09 PM

Posted 17 November 2014 - 06:36 PM

Which browser and have you tried another broswer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users