Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.cidox, Trojan.Powerlik, Trojan.Adclicker, AnglerExploitKit Website 12 & 15


  • This topic is locked This topic is locked
23 replies to this topic

#1 Shelley6324

Shelley6324

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 20 November 2014 - 04:51 PM

Hello,
Several weeks ago, my computer slowed WAY down, and weird things started happening.  At that time, I had FortiClient installed.  I installed Norton, which found Boot.Cidox, which it said it couldn't remove.
 
I am running Windows 7 64 bit.
 
I have also now installed and run Malwarebytes.
 
Some of the problems I was having during the first couple of weeks included the following (I kept a log), with problems I am still having marked with an asterisk:
- *Outlook hangs on start-up and the message "contacting the server for info" runs for quite a while
- Often when I rebooted, I had to force close Seagate Scheduled 2.
- *Adobe Acrobat got error message and closed.
- *Weather.com often hangs on opening (on Splash screen) and I have to shut down the application.
- *Typing is sluggish in Microsoft Word and Outlook, and I get way ahead of the letters that show up on the screen.  Actually, as I was typing this, the same thing happened, and I had to click back on the message to continue typing.
- *My IE settings don't keep--every day, I get a message, "Your current security settings do not allow this file to be downloaded," and I have to go into Internet Tools to change the security settings back to default.
- *Often, words and icons in the menu bars of IE and Firefox start flickering rapidly, as if they are being rapidly clicked on.
- IE was freezing when I scrolled, and I received the following message, "Warning: Unresponsive plug-in in Shockwave: Flash."
- *Outlook periodically loses its internet connection and pictures don't show up in email messages.
- I received a message in Firefox: "Adobe Flash plug-in crashed."
- *When I play Scrabble, it frequently stops working because it thinks that I clicked somewhere out of the program (which normally causes it to stop until I click back on the program."
- There have been a few days when after I restarted my computer, I tried to start Outlook and received a message saying another instance of the program is running.
- I've received a message that said "Adobe Flash Player security: Flash stopped potentially unsafe operation. JavaScript: window ["contents"] is trying to communicate with ds.serving.sys.com."
- I've received messages saying "another program is using Outlook" when I tried to reboot Outlook when it became non-responsive.
- *I get pop-up messages from Norton saying that there is a high usage from COM Surrogate.
 
Over the past week, I have received the pop-ups from Norton every day saying that it has stopped attacks by the following:
- Trojan.Powerlik
- Trojan.Adclicker
- AnglerExploitKit Website 12
- AnglerExploitKit Website 15
 
Help!
 
I have run DDS, and pasted the DDS.txt log below (it actually took several minutes for the file to open):
 
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.71.2
Run by Shelley at 12:50:07 on 2014-11-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.2846 [GMT -8:00]
.
AV: FortiClient AntiVirus *Enabled/Updated* {385618A6-2256-708E-3FB9-7E98B93F91F9}
SP: FortiClient AntiVirus *Enabled/Updated* {8337F942-046C-7F00-0509-45EAC2B8DB44}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Immunet\3.1.13\sfc.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Users\Shelley\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Users\Shelley\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Immunet\3.1.13\iptray.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\splwow64.exe
C:\Windows\syswow64\wextract.exe
C:\Windows\syswow64\cmmon32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\syswow64\svchost.exe
C:\Windows\syswow64\logagent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://dogpile.com/
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
uURLSearchHooks: FCToolbarURLSearchHook Class: {e719d8a6-cca4-41b5-b27c-ccf969280033} -
C:\Program Files (x86)\Dogpile Toolbar\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-
4C09146192CA} - C:\Program Files
(x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files
(x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files
(x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Freecause Toolbar BHO: {61AFBC1F-52F3-43F5-A5ED-AFA778C579E1} - C:\Program Files
(x86)\Dogpile Toolbar\Toolbar.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files
(x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files
(x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files
(x86)\Java\jre7\bin\ssv.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin
Games\iWinGamesHookIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files
(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files
(x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -
C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.1014.1\NativeBHO.dll
BHO: {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files
(x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Dogpile Toolbar: {8A936F47-6B90-4537-A1BC-6F369A203D47} - C:\Program Files (x86)\Dogpile
Toolbar\Toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google
Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files
(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security
Suite\Engine\21.6.0.32\coieplg.dll
TB: Dogpile Toolbar: {8A936F47-6B90-4537-A1BC-6F369A203D47} - C:\Program Files (x86)\Dogpile
Toolbar\Toolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files
(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google
Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
Suite\Engine\21.6.0.32\coieplg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files
(x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Facebook Update] "C:\Users\Shelley\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c
/nocrashserver
uRun: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
uRun: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
uRun: [ALconnect] C:\Users\Shelley\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller
Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe"
/startup
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [BlackArmorBackupMonitor.exe] C:\Program Files
(x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [sendmng] "C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application
Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Immunet Protect] "C:\Program Files\Immunet\3.1.13\iptray.exe"
dRun: [20090604] C:\Program Files (x86)\The Print Shop 3.0 Standard\RegApp\encore_reg.exe /r "C:\Program
Files (x86)\The Print Shop 3.0 Standard\RegApp\encore_reg.rpd"
StartupFolder:
C:\Users\Shelley\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK -
C:\Users\Shelley\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK -
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK -
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTR~1.LNK -
C:\Program Files (x86)\The Print Shop 23.1\Remind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGET~1.LNK -
C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK -
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK -
C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK -
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program
Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} -
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - C:\Program Files (x86)\Pinterest\Pin It\FrameScript.htm
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} -
hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} -
hxxps://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB
DPF: {62789780-B744-11D0-986B-00609731A21D} -
hxxp://download.autodesk.com/esd/mapguide/SP1/ENG/mgaxctrl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -
hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-
windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-
windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-
1_7_0_71-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-
T28L10NSP7-15458/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{610581E4-0AAC-4115-93AC-30212E5F6F3B} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common
Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common
Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files
(x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files
(x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verboselogging
--system-level --multi-install --chrome
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
4C09146192CA} - C:\Program Files
(x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files
(x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program
Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files
(x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program
Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google
Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton
Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common
Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} -
C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft
Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program
Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin:
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\Shelley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
============= SERVICES / DRIVERS ===============
.
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security
Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [2014-11-19 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-
11-4 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security
Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141119.001\IDSviA64.sys [2014-11-19 637656]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\immunetprotect.sys [2014-10-
31 58064]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\immunetselfprotect.sys
[2014-10-31 32976]
R2
ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetw
orkMonitor.sys [2014-10-31 100048]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec
Shared\EENGINE\EraserUtilRebootDrv.sys [2014-11-4 142640]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18
4865568]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-
20 6144]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-29
129752]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19
23552]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-
3-19 27648]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2013-3-20 12288]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\Acrobat.exe="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe"
"%1" [UserChoice]
ShellExec: dreamweaver.exe: open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver
CS5\dreamweaver.exe", "%1"
ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\MICROS~1\Office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-11-15 01:33:37 1176168 ----atw- C:\Windows\SysWow64\00023170.tmp
2014-11-15 01:33:36 1176168 ----atw- C:\Windows\SysWow64\00021470.tmp
2014-11-15 01:33:33 1176168 ----atw- C:\Windows\SysWow64\00012836.tmp
2014-11-15 01:33:18 1176168 ----atw- C:\Windows\SysWow64\00009246.tmp
2014-11-15 01:31:28 1176168 ----atw- C:\Windows\SysWow64\00016384.tmp
2014-11-15 01:31:13 1176168 ----atw- C:\Windows\SysWow64\00022283.tmp
2014-11-15 01:31:10 1176168 ----atw- C:\Windows\SysWow64\00019446.tmp
2014-11-15 01:31:09 1176168 ----atw- C:\Windows\SysWow64\00015845.tmp
2014-11-15 01:31:09 1176168 ----atw- C:\Windows\SysWow64\00013078.tmp
2014-11-15 01:31:07 1176168 ----atw- C:\Windows\SysWow64\00006919.tmp
2014-11-15 01:31:02 1176168 ----atw- C:\Windows\SysWow64\00008168.tmp
2014-11-15 01:31:00 1176168 ----atw- C:\Windows\SysWow64\00014181.tmp
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
2014-11-14 23:57:48 1176168 ----atw- C:\Windows\SysWow64\00020630.tmp
2014-11-14 23:56:58 40034920 ----atw- C:\Windows\SysWow64\00023751.tmp
2014-11-14 23:44:59 1176168 ----atw- C:\Windows\SysWow64\00031884.tmp
2014-11-14 23:44:59 1176168 ----atw- C:\Windows\SysWow64\00029185.tmp
2014-11-14 23:44:59 1176168 ----atw- C:\Windows\SysWow64\00001539.tmp
2014-11-14 23:44:58 1176168 ----atw- C:\Windows\SysWow64\00025951.tmp
2014-11-14 23:44:56 40034920 ----atw- C:\Windows\SysWow64\00001238.tmp
2014-11-14 23:44:54 40034920 ----atw- C:\Windows\SysWow64\00003767.tmp
2014-11-14 23:44:51 40034920 ----atw- C:\Windows\SysWow64\00026169.tmp
2014-11-14 23:29:59 1176168 ----atw- C:\Windows\SysWow64\00024875.tmp
2014-11-14 22:10:23 1176168 ----atw- C:\Windows\SysWow64\00014631.tmp
2014-11-14 22:09:59 1176168 ----atw- C:\Windows\SysWow64\00028168.tmp
2014-11-14 04:54:26 1176168 ----atw- C:\Windows\SysWow64\00013838.tmp
2014-11-14 04:54:20 1176168 ----atw- C:\Windows\SysWow64\00008015.tmp
2014-11-14 04:54:10 1176168 ----atw- C:\Windows\SysWow64\00008229.tmp
2014-11-10 18:52:03 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-11-10 18:52:03 25401968 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2014-11-10 18:52:01 91032 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-11-10 18:52:00 273008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2014-11-07 21:34:31 -------- d-----w- C:\ProgramData\iWin Games
2014-11-05 08:59:41 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-05 06:11:18 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-11-05 06:11:17 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-11-05 06:11:14 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-11-05 06:11:14 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-11-05 06:11:14 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-11-05 06:11:13 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-11-05 06:11:13 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-11-05 06:11:13 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-11-05 06:08:33 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2014-11-05 03:57:49 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-11-05 03:56:02 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2014-11-05 03:56:02 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2014-11-05 03:55:36 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0700000.012
2014-11-05 03:55:36 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2014-11-05 03:55:32 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-11-05 03:30:39 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-11-05 03:19:50 -------- d-----w- C:\NPE
2014-11-05 03:11:14 -------- d-----w- C:\ProgramData\SMR430
2014-11-05 03:10:07 -------- d-----w- C:\Users\Shelley\AppData\Local\NPE
2014-11-05 03:05:51 -------- d-----w- C:\Users\Shelley\AppData\Local\CrashDumps
2014-11-05 02:41:03 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-11-05 02:41:03 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2014-11-05 02:32:29 -------- d-----w- C:\Windows\System32\drivers\N360x64
2014-11-05 02:32:25 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2014-11-05 02:30:12 -------- d-----w- C:\ProgramData\NortonInstaller
2014-11-05 02:30:12 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2014-11-05 02:20:23 -------- d-----w- C:\ProgramData\Norton
2014-11-02 05:11:06 -------- d-----w- C:\ProgramData\IsolatedStorage
2014-11-02 05:11:04 -------- d-----w- C:\Users\Shelley\AppData\Local\White_Sky,_Inc
2014-11-02 05:10:58 -------- d-----w- C:\Users\Shelley\AppData\Local\ID Vault
2014-11-02 05:09:26 -------- d-----w- C:\Users\Shelley\AppData\Roaming\ID Vault
2014-11-02 05:09:00 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2014-11-02 05:08:45 -------- d-----w- C:\ProgramData\White Sky, Inc
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
2014-10-31 21:30:31 -------- d-----w- C:\ProgramData\Immunet
2014-10-31 21:30:04 -------- d-----w- C:\Program Files\Immunet
2014-10-30 22:34:39 0 ----a-w- C:\Windows\System32\tfdqfx.dll
2014-10-30 03:25:34 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-30 03:16:58 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-30 03:16:58 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-30 03:16:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 16:18:12 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition
Updates\{BA98CE72-4C94-48B7-8007-B854967401A6}\mpengine.dll
.
==================== Find3M ====================
.
2014-11-14 23:57:47 1176168 ----atw- C:\Windows\SysWow64\00011403.tmp
2014-11-14 23:45:11 1176168 ----atw- C:\Windows\SysWow64\00015305.tmp
2014-11-14 23:30:06 1176168 ----atw- C:\Windows\SysWow64\00025487.tmp
2014-11-14 23:30:06 1176168 ----atw- C:\Windows\SysWow64\00019472.tmp
2014-11-14 23:30:06 1176168 ----atw- C:\Windows\SysWow64\00013508.tmp
2014-11-14 23:30:06 1176168 ----atw- C:\Windows\SysWow64\00012466.tmp
2014-11-14 23:30:06 1176168 ----atw- C:\Windows\SysWow64\00007606.tmp
2014-11-14 23:30:06 1176168 ----atw- C:\Windows\SysWow64\00004074.tmp
2014-11-14 23:30:04 1176168 ----atw- C:\Windows\SysWow64\00030151.tmp
2014-11-14 23:30:03 1176168 ----atw- C:\Windows\SysWow64\00015533.tmp
2014-11-14 23:30:02 1176168 ----atw- C:\Windows\SysWow64\00004052.tmp
2014-11-14 23:30:01 1176168 ----atw- C:\Windows\SysWow64\00027640.tmp
2014-11-14 23:30:01 1176168 ----atw- C:\Windows\SysWow64\00013882.tmp
2014-11-14 23:30:00 1176168 ----atw- C:\Windows\SysWow64\00030518.tmp
2014-11-14 23:30:00 1176168 ----atw- C:\Windows\SysWow64\00023055.tmp
2014-11-14 22:10:22 1176168 ----atw- C:\Windows\SysWow64\00012816.tmp
2014-11-14 22:09:59 1176168 ----atw- C:\Windows\SysWow64\00014567.tmp
2014-11-14 04:53:46 1176168 ----atw- C:\Windows\SysWow64\00025739.tmp
2014-11-12 08:37:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 08:37:54 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-18 22:19:53 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-10-18 22:19:53 353864 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-10-15 00:04:38 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-02 22:53:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
file:///C|/Users/Shelley/Desktop/dds.txt[11/20/2014 1:47:45 PM]
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 13:02:13.11 ===============

Edited by Budapest, 20 November 2014 - 05:06 PM.
Moved from AII ~Budapest


BC AdBot (Login to Remove)

 


#2 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 20 November 2014 - 06:04 PM

Here is my Attach.txt file.  I couldn't find the "Attach files" section in the previous message.

Attached Files



#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 21 November 2014 - 09:47 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 21 November 2014 - 09:40 PM

Thank you so much for your message.  When I attempt to either run or save the Farbar tool, Norton gives me an error message that the file is unsafe.  When I choose "run anyway," Norton deletes the program as a threat.  Clicking on the name of the threat (WS.Reputation.1) for more info gives me the following Norton message:

 

Updated:

February 15, 2012 3:15:47 PM Type: Other Risk Impact: High Systems Affected: Windows 2000, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
 
 
Behavior

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

Antivirus Protection Dates
  • Initial Rapid Release version October 2, 2014 revision 022
  • Latest Rapid Release version October 2, 2014 revision 022
  • Initial Daily Certified version March 27, 2009 revision 005
  • Latest Daily Certified version April 20, 2010 revision 024
  • Initial Weekly Certified release date April 1, 2009
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 21 November 2014 - 10:37 PM

You are going to have to temporarily disable your Norton software then, I really need to see those logs.  If you don't know how to do that check HERE


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 21 November 2014 - 11:22 PM

Sorry for the delay--I had to disable more than I thought....

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-11-2014
Ran by Shelley (administrator) on SHELLEY-PC on 21-11-2014 20:17:32
Running from C:\Users\Shelley\Downloads
Loaded Profiles: Shelley & UpdatusUser (Available profiles: Shelley & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(iWin Inc.) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
(Koninklijke Philips Electronics N.V.) C:\Users\Shelley\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Samsung Electronices Co., Ltd.) C:\Users\Shelley\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Seagate) C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
(Seagate) C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Sagem-Interstar Inc.) C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Farbar) C:\Users\Shelley\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [376272 2009-07-23] (Seagate)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-18] (Google)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM-x32\...\Run: [BlackArmorBackupMonitor.exe] => C:\Program Files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe [4352960 2009-07-23] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe [963784 2009-07-23] (Seagate)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [sendmng] => C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe [520192 2008-03-31] (Sagem-Interstar Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-10-18] (RealNetworks, Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Run: [Facebook Update] => C:\Users\Shelley\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Run: [HLBackupScheduler] => C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7065224 2012-08-20] ()
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48640 2014-08-29] ()
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [167936 2014-08-23] (Fieldston Software)
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Run: [ALconnect] => C:\Users\Shelley\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\MountPoints2: {034f1f1d-b600-11e2-b5c4-485b39c9efe8} - I:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\MountPoints2: {05265bc8-84b5-11e0-a967-485b39c9efe8} - I:\LaunchU3.exe
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\MountPoints2: {1d0792ea-8e5b-11e0-a967-485b39c9efe8} - I:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\MountPoints2: {bde4095a-9863-11e0-b819-485b39c9efe8} - I:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...\MountPoints2: {c6221095-e2d4-11e3-9cc7-00090ffe0001} - I:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-1175399016-948265358-1381322279-1007\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 3.0 Standard\RegApp\encore_reg.exe [102522 2009-08-19] (DataLode, Inc.)
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-18] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Users\Shelley\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronices Co., Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1A125D00A40FCB01
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 - Default Value = {e719d8a6-cca4-41b5-b27c-ccf969280033}
URLSearchHook: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 - FCToolbarURLSearchHook Class - {e719d8a6-cca4-41b5-b27c-ccf969280033} - C:\Program Files (x86)\Dogpile Toolbar\Helper.dll ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> 63DFFE82FD554A63B99A93CADFC0D6F5 URL = http://www.dogpile.com/Dogpile_fctb_prefer/ws/redir/_iceUrlFlag=11?_IceUrl=true&qsrc=freecause&user_id=%userid&tool_id=60241&qkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=9JusN69T0g5VoVhDd2s75v9FupE?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Freecause Toolbar BHO -> {61AFBC1F-52F3-43F5-A5ED-AFA778C579E1} -> C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll ()
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IEHlprObj Class -> {8CA5ED52-F3FB-4414-A105-2E3491156990} -> C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.1014.1\NativeBHO.dll (WhiteSky)
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Dogpile Toolbar - {8A936F47-6B90-4537-A1BC-6F369A203D47} - C:\Program Files (x86)\Dogpile Toolbar\Toolbar.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> No Name - {8A936F47-6B90-4537-A1BC-6F369A203D47} -  No File
Toolbar: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKU\S-1-5-21-1175399016-948265358-1381322279-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://download.autodesk.com/esd/mapguide/SP1/ENG/mgaxctrl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/webex/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1175399016-948265358-1381322279-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Shelley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default\Extensions\idvaultaddon@whitesky [2014-11-03]
FF Extension: No Name - C:\Users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default\Extensions\temp [2014-11-03]
FF Extension: Dogpile Toolbar - C:\Users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default\Extensions\{9a94d785-2979-44e9-b331-9e09d0cc7cff}.xpi [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-18]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\ProgramData\iWin Games\firefox
FF Extension: iWinGames Plugin - C:\ProgramData\iWin Games\firefox [2014-11-07]
FF Extension: No Name - {9D2AA73B-6049-4799-B8AC-925723370070} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.dogpile.com/
CHR StartupUrls: Default -> "hxxp://www.dogpile.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DYMO Label Framework) - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Shelley\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-03-03]
CHR Extension: (Google Drive) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhchefbgfgaodjebncjkplhbgopbcmno [2014-11-08]
CHR Extension: (Norton Identity Safe) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-08]
CHR Extension: (Poppit!) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-03-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-11-04]
CHR Extension: (Google Wallet) - C:\Users\Shelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [176241 2004-07-21] (American Power Conversion Corporation) [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-18] (Google)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2006-12-10] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2006-12-10] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-18] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 NPEService; "C:\Users\Shelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51DXB29E\NPE.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-30] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141120.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141121.003\ENG64.SYS [129752 2014-11-05] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141121.003\EX64.SYS [2137304 2014-11-05] (Symantec Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-06-21] (Acronis)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-11-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-06-21] (Acronis)
S3 mdareDriver_43; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [X]
S3 mdareDriver_47; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_47.sys [X]
S3 mdareDriver_48; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_48.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 20:17 - 2014-11-21 20:18 - 00040834 _____ () C:\Users\Shelley\Downloads\FRST.txt
2014-11-21 20:17 - 2014-11-21 20:17 - 00000000 ____D () C:\FRST
2014-11-21 20:16 - 2014-11-21 20:16 - 02117632 _____ (Farbar) C:\Users\Shelley\Downloads\FRST64 (1).exe
2014-11-21 20:14 - 2014-11-21 20:14 - 02117632 _____ (Farbar) C:\Users\Shelley\Downloads\FRST64.exe
2014-11-21 20:05 - 2014-11-21 20:05 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1175399016-948265358-1381322279-1000
2014-11-21 20:04 - 2014-11-21 20:04 - 00065536 ___HT () C:\Users\Shelley\Desktop\~Outlook backup 9-10-10.pst.tmp
2014-11-21 20:04 - 2014-11-21 20:04 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1175399016-948265358-1381322279-1000
2014-11-20 17:59 - 2014-11-20 17:59 - 00001006 _____ () C:\Users\Public\Desktop\Stamps.com.lnk
2014-11-20 17:58 - 2014-11-20 17:58 - 00000000 ____D () C:\ProgramData\{8C1C591D-720A-4A62-A419-9F74C2ECCCA8}
2014-11-20 17:57 - 2014-11-20 17:57 - 00000000 ____D () C:\ProgramData\{F3F3634B-3007-4C12-9A5E-96613A28F63B}
2014-11-20 17:57 - 2014-11-20 17:57 - 00000000 ____D () C:\ProgramData\{3B9E33B4-4951-4C74-8AAD-8DF86708D34A}
2014-11-20 17:56 - 2014-11-20 17:56 - 00000000 ____D () C:\ProgramData\{C6A6CCB8-6EAF-4F5C-98EC-350B88B73F34}
2014-11-20 17:55 - 2014-11-20 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
2014-11-20 13:02 - 2014-11-20 13:02 - 00127082 _____ () C:\Users\Shelley\Desktop\attach.txt
2014-11-20 13:02 - 2014-11-20 13:02 - 00033517 _____ () C:\Users\Shelley\Desktop\dds.txt
2014-11-20 12:47 - 2014-11-20 12:47 - 00688992 _____ (Swearware) C:\Users\Shelley\Downloads\dds (1).com
2014-11-20 12:44 - 2014-11-20 12:45 - 00688992 ____R (Swearware) C:\Users\Shelley\Downloads\dds.com
2014-11-14 17:33 - 2014-11-14 17:33 - 01176168 ____T () C:\Windows\SysWOW64\00023170.tmp
2014-11-14 17:33 - 2014-11-14 17:33 - 01176168 ____T () C:\Windows\SysWOW64\00021470.tmp
2014-11-14 17:33 - 2014-11-14 17:33 - 01176168 ____T () C:\Windows\SysWOW64\00012836.tmp
2014-11-14 17:33 - 2014-11-14 17:33 - 01176168 ____T () C:\Windows\SysWOW64\00009246.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00022283.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00019446.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00016384.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00015845.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00014181.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00013078.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00008168.tmp
2014-11-14 17:31 - 2014-11-14 17:31 - 01176168 ____T () C:\Windows\SysWOW64\00006919.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 40034920 ____T () C:\Windows\SysWOW64\00013321.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 40034920 ____T () C:\Windows\SysWOW64\00010715.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 40034920 ____T () C:\Windows\SysWOW64\00001899.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00031856.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00029837.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00028693.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00026135.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00025438.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00023674.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00023091.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00022729.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00022420.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00020653.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00020322.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00019765.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00018796.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00016657.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00016563.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00014920.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00014687.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00013975.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00013667.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00012887.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00011406.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00010933.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00010859.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00010371.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00009946.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00006109.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00003820.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00002189.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00001105.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00000434.tmp
2014-11-14 17:30 - 2014-11-14 17:30 - 01176168 ____T () C:\Windows\SysWOW64\00000368.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 40034920 ____T () C:\Windows\SysWOW64\00026083.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 40034920 ____T () C:\Windows\SysWOW64\00002524.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00032004.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00030688.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00030632.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00030107.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00029038.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00029015.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00028557.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00027797.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00026783.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00025242.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00025156.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00024833.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00024569.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00023427.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00022582.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00020958.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00020630.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00018954.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00018224.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00017923.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00017775.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00015178.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00014633.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00014012.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00014004.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00013855.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00012376.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00012045.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00011682.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00011403.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00010686.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00007852.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00006720.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00005145.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00003604.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00002683.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00001464.tmp
2014-11-14 15:57 - 2014-11-14 15:57 - 01176168 ____T () C:\Windows\SysWOW64\00000681.tmp
2014-11-14 15:56 - 2014-11-14 15:56 - 40034920 ____T () C:\Windows\SysWOW64\00023751.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00032721.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00030328.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00029944.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00029548.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00029163.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00028138.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00028131.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00025884.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00025840.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00025045.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00024890.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00024612.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00023707.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00023406.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00023174.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00022433.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00020944.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00020574.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00019398.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00018332.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00016339.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00015305.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00013580.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00011915.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00011347.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00009369.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00009359.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00007973.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00007626.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00007593.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00007537.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00006696.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00005386.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00002369.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00001180.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00000674.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00000638.tmp
2014-11-14 15:45 - 2014-11-14 15:45 - 01176168 ____T () C:\Windows\SysWOW64\00000340.tmp
2014-11-14 15:44 - 2014-11-14 15:44 - 40034920 ____T () C:\Windows\SysWOW64\00026169.tmp
2014-11-14 15:44 - 2014-11-14 15:44 - 40034920 ____T () C:\Windows\SysWOW64\00003767.tmp
2014-11-14 15:44 - 2014-11-14 15:44 - 40034920 ____T () C:\Windows\SysWOW64\00001238.tmp
2014-11-14 15:44 - 2014-11-14 15:44 - 01176168 ____T () C:\Windows\SysWOW64\00031884.tmp
2014-11-14 15:44 - 2014-11-14 15:44 - 01176168 ____T () C:\Windows\SysWOW64\00029185.tmp
2014-11-14 15:44 - 2014-11-14 15:44 - 01176168 ____T () C:\Windows\SysWOW64\00025951.tmp
2014-11-14 15:44 - 2014-11-14 15:44 - 01176168 ____T () C:\Windows\SysWOW64\00001539.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00030518.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00030151.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00027640.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00025487.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00023055.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00019472.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00015533.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00013882.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00013508.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00012466.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00007606.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00004074.tmp
2014-11-14 15:30 - 2014-11-14 15:30 - 01176168 ____T () C:\Windows\SysWOW64\00004052.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 40034920 ____T () C:\Windows\SysWOW64\00020007.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 40034920 ____T () C:\Windows\SysWOW64\00015436.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 40034920 ____T () C:\Windows\SysWOW64\00009681.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00032063.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00029198.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00028426.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00026240.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00025892.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00024875.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00024471.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00023954.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00022560.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00020942.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00020784.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00020572.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00020277.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00019830.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00019100.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00019049.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00018313.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00018139.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00015649.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00014276.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00013001.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00011545.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00010645.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00010329.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00008093.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00006210.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00005164.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00003407.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00001505.tmp
2014-11-14 15:29 - 2014-11-14 15:29 - 01176168 ____T () C:\Windows\SysWOW64\00001264.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00032760.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00030235.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00027220.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00027173.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00025293.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00024790.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00023607.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00023016.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00022330.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00020080.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00017877.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00016721.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00014631.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00014041.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00012816.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00012201.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00011731.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00009532.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00008387.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00007765.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00006983.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00006075.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00004418.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00004242.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00003875.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00003178.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00001732.tmp
2014-11-14 14:10 - 2014-11-14 14:10 - 01176168 ____T () C:\Windows\SysWOW64\00000759.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 40034920 ____T () C:\Windows\SysWOW64\00032757.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 40034920 ____T () C:\Windows\SysWOW64\00028160.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 40034920 ____T () C:\Windows\SysWOW64\00022814.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00032410.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00028168.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00026253.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00023265.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00021337.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00020580.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00016945.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00016173.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00015689.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00015139.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00014567.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00013036.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00009823.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00008665.tmp
2014-11-14 14:09 - 2014-11-14 14:09 - 01176168 ____T () C:\Windows\SysWOW64\00008616.tmp
2014-11-13 22:45 - 2014-11-13 22:45 - 00002481 _____ () C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BETSI - Ultimate Bulk Editi... (2).lnk
2014-11-13 22:45 - 2014-11-13 22:45 - 00002451 _____ () C:\Users\Shelley\Desktop\BETSI - Ultimate Bulk Editi... (2).lnk
2014-11-13 20:54 - 2014-11-13 20:54 - 01176168 ____T () C:\Windows\SysWOW64\00013838.tmp
2014-11-13 20:54 - 2014-11-13 20:54 - 01176168 ____T () C:\Windows\SysWOW64\00008229.tmp
2014-11-13 20:54 - 2014-11-13 20:54 - 01176168 ____T () C:\Windows\SysWOW64\00008015.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 40034920 ____T () C:\Windows\SysWOW64\00022308.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 40034920 ____T () C:\Windows\SysWOW64\00012687.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 40034920 ____T () C:\Windows\SysWOW64\00002843.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00032483.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00030912.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00027409.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00026437.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00026106.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00025921.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00025739.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00022905.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00022688.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00021031.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00020893.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00019742.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00019423.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00019396.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00016696.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00015019.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00012574.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00012551.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00011208.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00008924.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00005855.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00005331.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00004958.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00004828.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00004692.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00003686.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00003653.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00003150.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00003008.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00002992.tmp
2014-11-13 20:53 - 2014-11-13 20:53 - 01176168 ____T () C:\Windows\SysWOW64\00001209.tmp
2014-11-10 10:51 - 2014-11-10 10:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 15:25 - 2010-06-19 03:43 - 00000360 _____ () C:\Users\Shelley\Desktop\Mahjong.lnk
2014-11-07 13:34 - 2014-11-07 13:35 - 00003378 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-11-07 13:34 - 2014-11-07 13:35 - 00000000 ____D () C:\ProgramData\iWin Games
2014-11-06 12:51 - 2014-11-06 12:52 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Shelley\Downloads\tdsskiller(2).exe
2014-11-06 12:46 - 2014-11-06 12:47 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Shelley\Downloads\tdsskiller(1).exe
2014-11-06 11:35 - 2014-11-06 11:35 - 03918668 _____ () C:\Users\Shelley\Documents\Rozen Consulting & Design110514.QBB
2014-11-05 15:12 - 2010-06-19 03:43 - 00000368 _____ () C:\Users\Shelley\Desktop\Solitaire.lnk
2014-11-05 01:12 - 2014-11-05 01:12 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-11-05 00:59 - 2014-11-05 00:59 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-11-05 00:55 - 2014-11-05 00:56 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Shelley\Downloads\tdsskiller.exe
2014-11-04 19:57 - 2012-07-25 21:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-11-04 19:56 - 2012-07-25 21:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2014-11-04 19:56 - 2012-07-25 21:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2014-11-04 19:55 - 2014-11-04 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-11-04 19:55 - 2014-11-04 19:55 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-11-04 19:55 - 2014-11-04 19:55 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-11-04 19:19 - 2014-11-04 19:19 - 00000000 ____D () C:\NPE
2014-11-04 19:11 - 2014-11-04 19:11 - 00000000 ____D () C:\ProgramData\SMR430
2014-11-04 19:10 - 2014-11-05 01:02 - 00000000 ____D () C:\Users\Shelley\AppData\Local\NPE
2014-11-04 19:05 - 2014-11-21 13:50 - 00000000 ____D () C:\Users\Shelley\AppData\Local\CrashDumps
2014-11-04 18:41 - 2014-11-05 01:06 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-04 18:41 - 2014-11-04 18:41 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-04 18:41 - 2014-11-04 18:41 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-04 18:41 - 2014-11-04 18:41 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-04 18:38 - 2014-11-05 01:06 - 00002440 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-11-04 18:32 - 2014-11-05 01:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-11-04 18:32 - 2014-11-05 01:06 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-11-04 18:32 - 2014-11-04 18:32 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2014-11-04 18:20 - 2014-11-04 19:58 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-11-04 18:20 - 2014-11-04 19:58 - 00000000 ____D () C:\ProgramData\Norton
2014-11-04 18:20 - 2014-11-04 19:53 - 00001376 _____ () C:\Users\Shelley\Desktop\Norton Installation Files.lnk
2014-11-04 18:20 - 2014-11-04 19:52 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-11-01 21:11 - 2014-11-01 21:11 - 00000000 ____D () C:\Users\Shelley\AppData\Local\White_Sky,_Inc
2014-11-01 21:11 - 2014-11-01 21:11 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-11-01 21:10 - 2014-11-01 21:40 - 00000000 ____D () C:\Users\Shelley\AppData\Local\ID Vault
2014-11-01 21:09 - 2014-11-21 20:15 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\ID Vault
2014-11-01 21:09 - 2014-11-21 12:41 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-11-01 21:09 - 2014-11-01 21:09 - 00002273 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-11-01 21:09 - 2014-11-01 21:09 - 00002261 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-11-01 21:08 - 2014-11-01 21:08 - 00000000 ____D () C:\ProgramData\White Sky, Inc
2014-10-31 17:09 - 2014-10-31 17:09 - 00000216 _____ () C:\Users\Shelley\Downloads\EtsyDeposits2014-7.csv
2014-10-31 13:30 - 2014-10-31 13:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2014-10-31 07:30 - 2014-11-15 17:02 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1175399016-948265358-1381322279-1000
2014-10-31 07:30 - 2014-11-15 17:02 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1175399016-948265358-1381322279-1000
2014-10-30 22:10 - 2014-11-21 19:58 - 00002190 _____ () C:\Windows\setupact.log
2014-10-30 22:10 - 2014-10-30 22:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-30 22:06 - 2014-10-30 22:06 - 03915605 _____ () C:\Users\Shelley\Documents\Rozen Consulting & Design103014.QBB
2014-10-30 14:34 - 2014-10-30 14:34 - 00003856 _____ () C:\Windows\System32\Tasks\{79CCBED1-EADF-9DEA-3EB9-8964BF2A52E4}
2014-10-30 14:34 - 2014-10-30 14:34 - 00000000 _____ () C:\Windows\system32\tfdqfx.dll
2014-10-29 19:25 - 2014-11-12 18:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 19:17 - 2014-10-29 19:17 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 19:17 - 2014-10-29 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 19:16 - 2014-11-13 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 19:16 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 19:16 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 19:14 - 2014-10-29 19:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Shelley\Downloads\mbam-setup-2.0.3.1025(1).exe
2014-10-29 19:12 - 2014-10-29 19:13 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Shelley\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-28 13:07 - 2014-10-28 13:07 - 03913409 _____ () C:\Users\Shelley\Documents\Rozen Consulting & Design102814.QBB

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-21 20:18 - 2010-09-10 19:44 - 156451840 _____ () C:\Users\Shelley\Desktop\Outlook backup 9-10-10.pst
2014-11-21 20:17 - 2009-07-13 20:45 - 00027376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 20:17 - 2009-07-13 20:45 - 00027376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 20:04 - 2014-08-06 18:55 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\gSyncit
2014-11-21 20:03 - 2010-06-19 00:02 - 01929655 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 20:00 - 2013-05-06 11:57 - 00000000 ____D () C:\Temp
2014-11-21 20:00 - 2010-06-19 02:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 19:58 - 2010-06-24 16:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-21 19:58 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 19:57 - 2010-06-19 03:42 - 01475090 _____ () C:\Windows\PFRO.log
2014-11-21 19:54 - 2014-09-09 10:58 - 16675840 _____ () C:\Users\Shelley\Desktop\Rozen Consulting & Design2013.QBW
2014-11-21 19:46 - 2010-06-19 02:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 19:45 - 2014-01-26 10:12 - 00000542 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1175399016-948265358-1381322279-1000.job
2014-11-21 19:37 - 2012-04-12 09:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-21 19:23 - 2010-06-19 03:39 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B6DC1A5-245F-4F5A-B627-A499D2837007}
2014-11-21 19:15 - 2012-04-28 15:05 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1175399016-948265358-1381322279-1000UA.job
2014-11-21 18:47 - 2014-09-10 11:34 - 00000000 ____D () C:\Users\Shelley\Desktop\INET
2014-11-21 17:47 - 2013-04-20 09:26 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-21 16:15 - 2012-04-28 15:05 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1175399016-948265358-1381322279-1000Core.job
2014-11-21 09:11 - 2012-06-02 18:43 - 00000036 ____H () C:\Windows\SysWOW64\f9t.dat
2014-11-20 18:41 - 2012-06-02 18:44 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Stamps.com Internet Postage
2014-11-20 17:59 - 2012-06-02 18:43 - 00000000 ____D () C:\Program Files (x86)\Stamps.com Internet Postage
2014-11-19 22:16 - 2010-06-19 02:32 - 00000000 ____D () C:\Users\Shelley\Documents\PageMaker docs
2014-11-19 21:34 - 2013-12-21 16:18 - 00000000 ____D () C:\Users\Shelley\AppData\Local\pyGraboid
2014-11-17 21:38 - 2010-06-19 02:28 - 00000000 ____D () C:\Users\Shelley\Documents\Excel docs
2014-11-14 20:41 - 2010-06-19 02:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 20:41 - 2010-06-19 02:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 11:36 - 2011-08-15 18:18 - 00000000 ___RD () C:\Users\Shelley\Dropbox
2014-11-12 00:38 - 2012-04-12 09:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 00:37 - 2012-04-12 09:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 00:37 - 2011-06-17 09:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 17:28 - 2014-08-19 12:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-08 23:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-08 20:42 - 2014-08-15 09:05 - 00000000 ____D () C:\Users\Shelley\AppData\Local\Adobe
2014-11-07 13:36 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-07 13:33 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-11-06 11:48 - 2009-07-13 21:13 - 00800310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 15:26 - 2012-06-22 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-05 10:07 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-02 12:44 - 2014-03-11 12:58 - 00000000 ____D () C:\Program Files (x86)\Fortinet
2014-11-01 13:46 - 2014-01-26 10:12 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1175399016-948265358-1381322279-1000
2014-10-31 12:40 - 2013-10-15 16:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-31 12:38 - 2010-10-19 19:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-31 11:03 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2014-10-30 19:14 - 2011-06-05 17:19 - 00000000 ____D () C:\Windows\Minidump
2014-10-30 17:26 - 2014-03-27 16:17 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-30 09:50 - 2009-07-13 21:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-29 19:17 - 2013-08-23 15:08 - 00000000 ____D () C:\Users\Shelley\AppData\Roaming\Malwarebytes
2014-10-29 19:17 - 2013-08-23 15:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-27 11:46 - 2010-06-19 02:24 - 00522752 ___SH () C:\Users\Shelley\Documents\Thumbs.db

Some content of TEMP:
====================
C:\Users\Shelley\AppData\Local\Temp\drm_dyndata_7320010.dll
C:\Users\Shelley\AppData\Local\Temp\ose00000.exe
C:\Users\Shelley\AppData\Local\Temp\pnD14F.exe
C:\Users\Shelley\AppData\Local\Temp\pnD7CA.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 02:58

==================== End Of Log ============================

 

Attached Files



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 22 November 2014 - 10:13 AM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2014-11-20 17:58 - 2014-11-20 17:58 - 00000000 ____D () C:\ProgramData\{8C1C591D-720A-4A62-A419-9F74C2ECCCA8}
2014-11-20 17:57 - 2014-11-20 17:57 - 00000000 ____D () C:\ProgramData\{F3F3634B-3007-4C12-9A5E-96613A28F63B}
2014-11-20 17:57 - 2014-11-20 17:57 - 00000000 ____D () C:\ProgramData\{3B9E33B4-4951-4C74-8AAD-8DF86708D34A}
2014-11-20 17:56 - 2014-11-20 17:56 - 00000000 ____D () C:\ProgramData\{C6A6CCB8-6EAF-4F5C-98EC-350B88B73F34}
cmd: del C:\Windows\SysWOW64\*.tmp
C:\Users\Shelley\AppData\Local\Temp\pnD14F.exe
C:\Users\Shelley\AppData\Local\Temp\pnD7CA.exe
CustomCLSID: HKU\S-1-5-21-1175399016-948265358-1381322279-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
AlternateDataStreams: C:\ProgramData\TEMP:6C1A9365
HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 23 November 2014 - 03:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-11-2014 01

Ran by Shelley at 2014-11-22 21:54:06 Run:1

Running from C:\Users\Shelley\Desktop

Loaded Profile: Shelley (Available profiles: Shelley & UpdatusUser)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

HKU\S-1-5-21-1175399016-948265358-1381322279-1000\...A8F59079A8D5}\localserver32: rundll32.exe

javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry

has 239 more characters). <==== Poweliks!

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

2014-11-20 17:58 - 2014-11-20 17:58 - 00000000 ____D () C:\ProgramData\{8C1C591D-720A-4A62-A419-

9F74C2ECCCA8}

2014-11-20 17:57 - 2014-11-20 17:57 - 00000000 ____D () C:\ProgramData\{F3F3634B-3007-4C12-9A5E-

96613A28F63B}

2014-11-20 17:57 - 2014-11-20 17:57 - 00000000 ____D () C:\ProgramData\{3B9E33B4-4951-4C74-8AAD-

8DF86708D34A}

2014-11-20 17:56 - 2014-11-20 17:56 - 00000000 ____D () C:\ProgramData\{C6A6CCB8-6EAF-4F5C-98EC-

350B88B73F34}

cmd: del C:\Windows\SysWOW64\*.tmp

C:\Users\Shelley\AppData\Local\Temp\pnD14F.exe

C:\Users\Shelley\AppData\Local\Temp\pnD7CA.exe

CustomCLSID: HKU\S-1-5-21-1175399016-948265358-1381322279-1000_Classes\CLSID\{AB8902B4-09CA-

4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication

";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

AlternateDataStreams: C:\ProgramData\TEMP:6C1A9365

HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Classes\.exe: => <===== ATTENTION!

EmptyTemp:

*****************

"HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-

B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.

"HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-

B78D-A8F59079A8D5}" => Key deleted successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

C:\ProgramData\{8C1C591D-720A-4A62-A419-9F74C2ECCCA8} => Moved successfully.

C:\ProgramData\{F3F3634B-3007-4C12-9A5E-96613A28F63B} => Moved successfully.

C:\ProgramData\{3B9E33B4-4951-4C74-8AAD-8DF86708D34A} => Moved successfully.

C:\ProgramData\{C6A6CCB8-6EAF-4F5C-98EC-350B88B73F34} => Moved successfully.

========= del C:\Windows\SysWOW64\*.tmp =========

========= End of CMD: =========

C:\Users\Shelley\AppData\Local\Temp\pnD14F.exe => Moved successfully.

C:\Users\Shelley\AppData\Local\Temp\pnD7CA.exe => Moved successfully.

"HKU\S-1-5-21-1175399016-948265358-1381322279-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78DA8F59079A8D5}"

=> Key not found.

C:\ProgramData\TEMP => ":6C1A9365" ADS removed successfully.

"HKU\S-1-5-21-1175399016-948265358-1381322279-1000\Software\Classes\.exe" => Key deleted successfully.

file:///C|/Users/Shelley/Desktop/Fixlog.txt[11/23/2014 12:32:58 PM]


Edited by RPMcMurphy, 23 November 2014 - 05:47 PM.


#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 23 November 2014 - 05:47 PM

Great! Please do this next. You will have to disable your security sofware again:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 23 November 2014 - 07:56 PM

I really appreciate your help!  My computer has been misbehaving less and less with every step you've had me take.

 

Is it okay that some of the lines appear to have my name misspelled?  For example,

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

 

By the way, I had uninstalled FortiClient a few weeks ago, but it was still showing up in these reports.  There was one folder I found when I did a search, but it was empty.

 

---------------------------------------

 

ComboFix 14-11-18.01 - Shelley 11/23/2014  16:13:49.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8191.4451 [GMT -8:00]
Running from: c:\users\Shelley\Desktop\ComboFix.exe
AV: FortiClient AntiVirus *Enabled/Updated* {385618A6-2256-708E-3FB9-7E98B93F91F9}
SP: FortiClient AntiVirus *Enabled/Updated* {8337F942-046C-7F00-0509-45EAC2B8DB44}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Shelley\AppData\Local\Adobe\gccheck.exe
c:\users\Shelley\AppData\Local\Adobe\gtbcheck.exe
c:\users\Shelley\AppData\Local\Adobe\install_flash_player_ax.exe
c:\users\Shelley\AppData\Local\assembly\tmp
c:\users\Shelley\AppData\Local\assembly\tmp\WOOKX283\__AssemblyInfo__.ini
c:\users\Shelley\AppData\Local\assembly\tmp\WOOKX283\DYMO.DLS.Runtime.DLL
c:\users\Shelley\Documents\~WRL0001.tmp
c:\users\Shelley\Documents\AD$4292.tmp
c:\users\Shelley\g2mdlhlpx.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-24 to 2014-11-24  )))))))))))))))))))))))))))))))
.
.
2014-11-22 04:17 . 2014-11-23 08:44 -------- d-----w- C:\FRST
2014-11-07 21:34 . 2014-11-07 21:35 -------- d-----w- c:\programdata\iWin Games
2014-11-05 08:59 . 2014-11-05 08:59 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-05 03:57 . 2012-07-26 05:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-11-05 03:56 . 2012-07-26 05:32 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2014-11-05 03:55 . 2014-11-05 03:55 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2014-11-05 03:55 . 2014-11-05 03:55 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2014-11-05 03:30 . 2014-11-05 03:30 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-11-05 03:19 . 2014-11-05 03:19 -------- d-----w- C:\NPE
2014-11-05 03:11 . 2014-11-05 03:11 -------- d-----w- c:\programdata\SMR430
2014-11-05 03:10 . 2014-11-05 09:02 -------- d-----w- c:\users\Shelley\AppData\Local\NPE
2014-11-05 03:05 . 2014-11-23 05:24 -------- d-----w- c:\users\Shelley\AppData\Local\CrashDumps
2014-11-05 02:41 . 2014-11-05 02:41 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-11-05 02:41 . 2014-11-05 02:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-11-05 02:32 . 2014-11-05 09:06 -------- d-----w- c:\windows\system32\drivers\N360x64
2014-11-05 02:32 . 2014-11-05 02:32 -------- d-----w- c:\program files (x86)\Norton Security Suite
2014-11-05 02:30 . 2014-11-05 03:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-11-05 02:20 . 2014-11-05 03:58 -------- d-----w- c:\programdata\Norton
2014-11-02 05:11 . 2014-11-02 05:11 -------- d-----w- c:\programdata\IsolatedStorage
2014-11-02 05:11 . 2014-11-02 05:11 -------- d-----w- c:\users\Shelley\AppData\Local\White_Sky,_Inc
2014-11-02 05:10 . 2014-11-02 05:40 -------- d-----w- c:\users\Shelley\AppData\Local\ID Vault
2014-11-02 05:09 . 2014-11-24 00:22 -------- d-----w- c:\users\Shelley\AppData\Roaming\ID Vault
2014-11-02 05:09 . 2014-11-23 23:39 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2014-11-02 05:08 . 2014-11-02 05:08 -------- d-----w- c:\programdata\White Sky, Inc
2014-10-31 20:40 . 2014-10-31 20:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-30 22:34 . 2014-10-30 22:34 0 ----a-w- c:\windows\system32\tfdqfx.dll
2014-10-30 03:25 . 2014-11-13 02:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 03:16 . 2014-11-13 20:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-30 03:16 . 2014-10-01 18:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-30 03:16 . 2014-10-01 18:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 08:37 . 2012-04-12 17:20 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 08:37 . 2011-06-17 17:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-18 22:19 . 2014-10-18 22:19 505416 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-10-18 22:19 . 2014-10-18 22:19 353864 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-10-16 10:01 . 2010-06-18 08:46 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-15 00:04 . 2014-10-15 00:04 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-14 19:59 . 2014-10-29 16:18 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA98CE72-4C94-48B7-8007-B854967401A6}\mpengine.dll
2014-10-10 02:05 . 2014-10-16 08:55 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 02:05 . 2014-10-16 08:55 507392 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 02:00 . 2014-10-16 08:55 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-07 02:54 . 2014-10-16 08:55 378552 ----a-w- c:\windows\system32\iedkcs32.dll
2014-10-02 22:53 . 2010-06-19 10:02 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 18:11 . 2013-08-23 23:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-29 00:58 . 2014-10-16 08:56 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 22:50 . 2014-10-16 08:55 13619200 ----a-w- c:\windows\system32\ieframe.dll
2014-09-25 22:32 . 2014-10-16 08:55 2017280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31 . 2014-10-16 08:55 2108416 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-25 02:08 . 2014-10-01 04:44 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 04:44 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-19 02:25 . 2014-10-16 08:55 23631360 ----a-w- c:\windows\system32\mshtml.dll
2014-09-19 01:56 . 2014-10-16 08:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:55 . 2014-10-16 08:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:41 . 2014-10-16 08:55 2796032 ----a-w- c:\windows\system32\iertutil.dll
2014-09-19 01:40 . 2014-10-16 08:55 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:40 . 2014-10-16 08:55 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:39 . 2014-10-16 08:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 01:38 . 2014-10-16 08:55 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 01:36 . 2014-10-16 08:55 5829632 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:31 . 2014-10-16 08:55 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-09-19 01:30 . 2014-10-16 08:55 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-09-19 01:27 . 2014-10-16 08:55 595968 ----a-w- c:\windows\system32\ieui.dll
2014-09-19 01:26 . 2014-10-16 08:55 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 01:25 . 2014-10-16 08:55 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 01:25 . 2014-10-16 08:55 4201472 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-09-19 01:25 . 2014-10-16 08:55 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 01:18 . 2014-10-16 08:55 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 01:14 . 2014-10-16 08:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-09-19 01:14 . 2014-10-16 08:55 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-09-19 01:06 . 2014-10-16 08:55 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 01:02 . 2014-10-16 08:55 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-09-19 01:01 . 2014-10-16 08:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-09-19 01:01 . 2014-10-16 08:55 195584 ----a-w- c:\windows\system32\msrating.dll
2014-09-19 01:01 . 2014-10-16 08:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 01:00 . 2014-10-16 08:55 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-09-19 00:59 . 2014-10-16 08:55 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:58 . 2014-10-16 08:55 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-09-19 00:50 . 2014-10-16 08:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49 . 2014-10-16 08:55 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:42 . 2014-10-16 08:55 731136 ----a-w- c:\windows\system32\msfeeds.dll
2014-09-19 00:42 . 2014-10-16 08:55 710656 ----a-w- c:\windows\system32\ie4uinit.exe
2014-09-19 00:40 . 2014-10-16 08:55 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-19 00:36 . 2014-10-16 08:55 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33 . 2014-10-16 08:55 2309632 ----a-w- c:\windows\system32\wininet.dll
2014-09-19 00:18 . 2014-10-16 08:55 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-09-19 00:14 . 2014-10-16 08:55 1447936 ----a-w- c:\windows\system32\urlmon.dll
2014-09-18 23:59 . 2014-10-16 08:55 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-09-18 23:59 . 2014-10-16 08:55 1810944 ----a-w- c:\windows\SysWow64\wininet.dll
2014-09-18 02:00 . 2014-10-16 08:55 3241472 ----a-w- c:\windows\system32\msi.dll
2014-09-18 01:32 . 2014-10-16 08:55 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-09-13 01:58 . 2014-10-16 08:53 77312 ----a-w- c:\windows\system32\packager.dll
2014-09-13 01:40 . 2014-10-16 08:53 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-09-09 22:11 . 2014-09-24 10:04 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 10:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-19 14:14 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-19 14:14 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-16 08:54 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 08:54 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-19 14:14 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e719d8a6-cca4-41b5-b27c-ccf969280033}"= "c:\program files (x86)\Dogpile Toolbar\Helper.dll" [2010-06-18 243200]
.
[HKEY_CLASSES_ROOT\clsid\{e719d8a6-cca4-41b5-b27c-ccf969280033}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{3B225215-1853-4687-B70B-E963AC563B52}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{61AFBC1F-52F3-43F5-A5ED-AFA778C579E1}]
2010-06-18 18:41 1547776 ----a-w- c:\program files (x86)\Dogpile Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2011-04-08 15:17 141312 ----a-w- c:\program files (x86)\iWin Games\iWinGamesHookIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8A936F47-6B90-4537-A1BC-6F369A203D47}"= "c:\program files (x86)\Dogpile Toolbar\Toolbar.dll" [2010-06-18 1547776]
.
[HKEY_CLASSES_ROOT\clsid\{8a936f47-6b90-4537-a1bc-6f369a203d47}]
[HKEY_CLASSES_ROOT\FCTB000060241.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{74D520AB-80D4-4543-8F3D-97AF340A4067}]
[HKEY_CLASSES_ROOT\FCTB000060241.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]
"TWC.Win7"="c:\program files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe" [2014-08-29 48640]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2014-08-23 167936]
"ALconnect"="c:\users\Shelley\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" [2013-06-10 715880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-20 136544]
"BlackArmorBackupMonitor.exe"="c:\program files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2009-07-23 4352960]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2009-07-23 963784]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"sendmng"="c:\program files (x86)\OneSuiteFax\Client\SendMng.exe" [2008-03-31 520192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2014-10-18 296520]
.
c:\users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Utility Application.lnk - c:\users\Shelley\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2011-1-27 487424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-6-21 221295]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2014-10-14 2532656]
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
Image Transfer Utility.lnk - c:\program files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe [2012-11-1 1952768]
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-8-30 69120]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-10-18 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19440720.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NPEService;NPEService;c:\users\Shelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51DXB29E\NPE.exe;c:\users\Shelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51DXB29E\NPE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mdareDriver_43;mdareDriver_43;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys [x]
R3 mdareDriver_47;mdareDriver_47;c:\program files (x86)\Fortinet\FortiClient\mdare64_47.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_47.sys [x]
R3 mdareDriver_48;mdareDriver_48;c:\program files (x86)\Fortinet\FortiClient\mdare64_48.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_48.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141121.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141121.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 01:47 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:37]
.
2014-11-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1175399016-948265358-1381322279-1000Core.job
- c:\users\Shelley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-28 23:10]
.
2014-11-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1175399016-948265358-1381322279-1000UA.job
- c:\users\Shelley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-28 23:10]
.
2014-11-24 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1175399016-948265358-1381322279-1000.job
- c:\program files (x86)\Citrix\GoToMeeting\1960\g2mupdate.exe [2014-11-23 14:45]
.
2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-19 12:27]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-19 12:27]
.
2014-11-24 c:\windows\Tasks\ReclaimerResumeInstallLogin_Shelley.job
- c:\users\Shelley\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-24 00:35]
.
2014-11-24 c:\windows\Tasks\ReclaimerResumeInstall_Shelley.job
- c:\users\Shelley\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-24 00:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-07-23 376272]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-20 1796056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://dogpile.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - c:\program files (x86)\Pinterest\Pin It\FrameScript.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - (no file)
WebBrowser-{8A936F47-6B90-4537-A1BC-6F369A203D47} - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-Stamps.com - c:\programdata\{C6A6CCB8-6EAF-4F5C-98EC-350B88B73F34}\stamps.exe
AddRemove-Stamps.com support for Intuit QuickBooks 2004-2011 - c:\programdata\{1F8B8F9D-EFD1-4CB5-BCC9-683292E64B85}\QBABPstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 2000-2013 - c:\programdata\{3B9E33B4-4951-4C74-8AAD-8DF86708D34A}\MSOPIMstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2010 - c:\programdata\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2013 - c:\programdata\{8C1C591D-720A-4A62-A419-9F74C2ECCCA8}\MSOABPstmp.exe
AddRemove-Stamps.com support for Microsoft Word 2000-2013 - c:\programdata\{F3F3634B-3007-4C12-9A5E-96613A28F63B}\MSW2KPIMstmp.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-1417804745.www.blugrin.com - c:\program files (x86)\Microsoft Silverlight\5.1.20913.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1175399016-948265358-1381322279-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,35,c0,7e,e5,15,20,f3,d6,63,fa,78,b3,11,f7,3a,93,7d,42,fb,95,15,04,
   e2,8a,d1,ec,dd,b6,18,f5,6e,8f,1a,a3,0f,78,a3,18,09,33,e4,56,47,55,64,2d,77,\
"??"=hex:33,3c,65,0b,e9,52,bd,74,96,c9,17,69,f0,57,e2,ec
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe
c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2014-11-23  16:41:11 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-24 00:41
.
Pre-Run: 381,617,389,568 bytes free
Post-Run: 381,496,455,168 bytes free
.
- - End Of File - - 8799EA6C2E0F80A5706AE8BC3C94F0C1
93CAC202E4460D8C3C119C2AB0FA138D
 



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 23 November 2014 - 11:02 PM

That's good to hear!  That entry isn't misspelled, it refers to shell icons, not your name.  Please do this next:

icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above SecCenter::
 

SecCenter::
{385618A6-2256-708E-3FB9-7E98B93F91F9}
{8337F942-046C-7F00-0509-45EAC2B8DB44}
ClearJavaCache::

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Please include the following in your next post:

  • ComboFix log
  • adwCleaner log

Edited by RPMcMurphy, 23 November 2014 - 11:03 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 23 November 2014 - 11:16 PM

My Norton Security Suite won't start up since I did the last fix, and I can't find it listed in my processes. ComboFix found the Norton Antivirus, but I can't open the program to disable it. Ideas?



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 24 November 2014 - 12:24 PM

Did you do that last fix (the ComboFix script)?  If so, please post the log.  If you didn't , please boot into the Safe Mode and complete the previous instructions I gave you ignoring any warnings you get about your security software.

 

We will fix your Norton auto-start next.
 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 24 November 2014 - 02:31 PM

After rebooting my computer this morning, I was able to open Norton and disable it. Here is ComboFix log. I will run ADW now.

 

 

ComboFix 14-11-18.01 - Shelley 11/24/2014  11:15:09.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8191.4936 [GMT -8:00]
Running from: c:\users\Shelley\Desktop\ComboFix.exe
Command switches used :: c:\users\Shelley\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-24 to 2014-11-24  )))))))))))))))))))))))))))))))
.
.
2014-11-24 19:26 . 2014-11-24 19:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-11-24 19:26 . 2014-11-24 19:26 -------- d-----w- c:\users\owner\AppData\Local\temp
2014-11-24 19:26 . 2014-11-24 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-24 18:52 . 2014-11-24 18:52 -------- d-sh--w- c:\users\Shelley\AppData\Local\EmieBrowserModeList
2014-11-24 12:48 . 2014-11-24 12:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36E947D4-D8F2-41AB-A228-1E49D5BB754C}\offreg.dll
2014-11-24 00:59 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-24 00:59 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-24 00:57 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-24 00:56 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-24 00:56 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-24 00:56 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-24 00:56 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-24 00:56 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-24 00:56 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-24 00:56 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-24 00:55 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36E947D4-D8F2-41AB-A228-1E49D5BB754C}\mpengine.dll
2014-11-22 04:17 . 2014-11-23 08:44 -------- d-----w- C:\FRST
2014-11-07 21:34 . 2014-11-07 21:35 -------- d-----w- c:\programdata\iWin Games
2014-11-05 08:59 . 2014-11-05 08:59 -------- d-----w- C:\TDSSKiller_Quarantine
2014-11-05 03:57 . 2012-07-26 05:32 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-11-05 03:56 . 2012-07-26 05:32 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2014-11-05 03:56 . 2012-07-26 05:32 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2014-11-05 03:55 . 2014-11-05 03:55 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2014-11-05 03:55 . 2014-11-05 03:55 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2014-11-05 03:30 . 2014-11-05 03:30 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-11-05 03:19 . 2014-11-05 03:19 -------- d-----w- C:\NPE
2014-11-05 03:11 . 2014-11-05 03:11 -------- d-----w- c:\programdata\SMR430
2014-11-05 03:10 . 2014-11-05 09:02 -------- d-----w- c:\users\Shelley\AppData\Local\NPE
2014-11-05 03:05 . 2014-11-23 05:24 -------- d-----w- c:\users\Shelley\AppData\Local\CrashDumps
2014-11-05 02:41 . 2014-11-05 02:41 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-11-05 02:41 . 2014-11-05 02:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-11-05 02:32 . 2014-11-05 09:06 -------- d-----w- c:\windows\system32\drivers\N360x64
2014-11-05 02:32 . 2014-11-05 02:32 -------- d-----w- c:\program files (x86)\Norton Security Suite
2014-11-05 02:30 . 2014-11-05 03:55 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-11-05 02:20 . 2014-11-05 03:58 -------- d-----w- c:\programdata\Norton
2014-11-02 05:11 . 2014-11-02 05:11 -------- d-----w- c:\programdata\IsolatedStorage
2014-11-02 05:11 . 2014-11-02 05:11 -------- d-----w- c:\users\Shelley\AppData\Local\White_Sky,_Inc
2014-11-02 05:10 . 2014-11-02 05:40 -------- d-----w- c:\users\Shelley\AppData\Local\ID Vault
2014-11-02 05:09 . 2014-11-24 18:55 -------- d-----w- c:\users\Shelley\AppData\Roaming\ID Vault
2014-11-02 05:09 . 2014-11-23 23:39 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2014-11-02 05:08 . 2014-11-02 05:08 -------- d-----w- c:\programdata\White Sky, Inc
2014-10-31 20:40 . 2014-10-31 20:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-30 22:34 . 2014-10-30 22:34 0 ----a-w- c:\windows\system32\tfdqfx.dll
2014-10-30 03:25 . 2014-11-13 02:37 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 03:16 . 2014-11-13 20:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-30 03:16 . 2014-10-01 18:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-30 03:16 . 2014-10-01 18:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-24 11:01 . 2010-06-18 08:46 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-12 08:37 . 2012-04-12 17:20 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 08:37 . 2011-06-17 17:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-04 22:30 . 2010-06-19 10:02 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-18 22:19 . 2014-10-18 22:19 505416 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-10-18 22:19 . 2014-10-18 22:19 353864 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-10-15 00:04 . 2014-10-15 00:04 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-01 18:11 . 2013-08-23 23:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-10-01 04:44 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 04:44 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 10:04 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 10:04 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-19 14:14 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-19 14:14 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-16 08:54 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 08:54 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-19 14:14 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e719d8a6-cca4-41b5-b27c-ccf969280033}"= "c:\program files (x86)\Dogpile Toolbar\Helper.dll" [2010-06-18 243200]
.
[HKEY_CLASSES_ROOT\clsid\{e719d8a6-cca4-41b5-b27c-ccf969280033}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{3B225215-1853-4687-B70B-E963AC563B52}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{61AFBC1F-52F3-43F5-A5ED-AFA778C579E1}]
2010-06-18 18:41 1547776 ----a-w- c:\program files (x86)\Dogpile Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
2011-04-08 15:17 141312 ----a-w- c:\program files (x86)\iWin Games\iWinGamesHookIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8A936F47-6B90-4537-A1BC-6F369A203D47}"= "c:\program files (x86)\Dogpile Toolbar\Toolbar.dll" [2010-06-18 1547776]
.
[HKEY_CLASSES_ROOT\clsid\{8a936f47-6b90-4537-a1bc-6f369a203d47}]
[HKEY_CLASSES_ROOT\FCTB000060241.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{74D520AB-80D4-4543-8F3D-97AF340A4067}]
[HKEY_CLASSES_ROOT\FCTB000060241.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]
"TWC.Win7"="c:\program files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe" [2014-08-29 48640]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-15 720064]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2014-08-23 167936]
"ALconnect"="c:\users\Shelley\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe" [2013-06-10 715880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-20 136544]
"BlackArmorBackupMonitor.exe"="c:\program files (x86)\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe" [2009-07-23 4352960]
"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\BlackArmorBackup\TimounterMonitor.exe" [2009-07-23 963784]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"sendmng"="c:\program files (x86)\OneSuiteFax\Client\SendMng.exe" [2008-03-31 520192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-10-18 296520]
.
c:\users\Shelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Utility Application.lnk - c:\users\Shelley\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2011-1-27 487424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-6-21 221295]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2014-10-14 2532656]
Event Reminder.lnk - c:\program files (x86)\The Print Shop 23.1\Remind.exe [2010-6-21 344064]
Image Transfer Utility.lnk - c:\program files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe [2012-11-1 1952768]
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-8-30 69120]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-10-18 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19440720.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NPEService;NPEService;c:\users\Shelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51DXB29E\NPE.exe;c:\users\Shelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51DXB29E\NPE.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mdareDriver_43;mdareDriver_43;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys [x]
R3 mdareDriver_47;mdareDriver_47;c:\program files (x86)\Fortinet\FortiClient\mdare64_47.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_47.sys [x]
R3 mdareDriver_48;mdareDriver_48;c:\program files (x86)\Fortinet\FortiClient\mdare64_48.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_48.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141121.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141121.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe;c:\program files (x86)\iWin Games\iWinTrusted.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-22 01:47 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:37]
.
2014-11-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1175399016-948265358-1381322279-1000Core.job
- c:\users\Shelley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-28 23:10]
.
2014-11-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1175399016-948265358-1381322279-1000UA.job
- c:\users\Shelley\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-28 23:10]
.
2014-11-24 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1175399016-948265358-1381322279-1000.job
- c:\program files (x86)\Citrix\GoToMeeting\1960\g2mupdate.exe [2014-11-23 14:45]
.
2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-19 12:27]
.
2014-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-19 12:27]
.
2014-11-24 c:\windows\Tasks\ReclaimerUpdateFiles_Shelley.job
- c:\users\Shelley\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-24 00:35]
.
2014-11-24 c:\windows\Tasks\ReclaimerUpdateXML_Shelley.job
- c:\users\Shelley\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-24 00:35]
.
2014-11-24 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Shelley.job
- c:\users\Shelley\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-24 00:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Shelley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-22 01:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-07-23 376272]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-20 1796056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://dogpile.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - c:\program files (x86)\Pinterest\Pin It\FrameScript.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Shelley\AppData\Roaming\Mozilla\Firefox\Profiles\rtgwwyvt.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D40C654D-7C51-4EB3-95B2-1E23905C2A2D} - (no file)
WebBrowser-{8A936F47-6B90-4537-A1BC-6F369A203D47} - (no file)
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-Stamps.com - c:\programdata\{C6A6CCB8-6EAF-4F5C-98EC-350B88B73F34}\stamps.exe
AddRemove-Stamps.com support for Intuit QuickBooks 2004-2011 - c:\programdata\{1F8B8F9D-EFD1-4CB5-BCC9-683292E64B85}\QBABPstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 2000-2013 - c:\programdata\{3B9E33B4-4951-4C74-8AAD-8DF86708D34A}\MSOPIMstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2010 - c:\programdata\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}\MSOABPstmp.exe
AddRemove-Stamps.com support for Microsoft Outlook 97-2013 - c:\programdata\{8C1C591D-720A-4A62-A419-9F74C2ECCCA8}\MSOABPstmp.exe
AddRemove-Stamps.com support for Microsoft Word 2000-2013 - c:\programdata\{F3F3634B-3007-4C12-9A5E-96613A28F63B}\MSW2KPIMstmp.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1175399016-948265358-1381322279-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:02,79,32,0a,92,0d,bd,ec,3b,45,1c,c0,1b,82,42,fe,ee,bf,5d,60,cb,81,e3,
   3d,6c,9a,b4,54,33,85,70,08,4d,0f,26,89,bb,da,23,27,93,e2,46,52,b7,a3,b9,72,\
"??"=hex:2d,0b,b2,2c,de,11,92,f7,7f,6f,fb,73,24,74,50,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-24  11:28:53
ComboFix-quarantined-files.txt  2014-11-24 19:28
ComboFix2.txt  2014-11-24 00:41
.
Pre-Run: 378,718,003,200 bytes free
Post-Run: 378,422,296,576 bytes free
.
- - End Of File - - E3DA96C578769A20F1164270CBA09DCC
93CAC202E4460D8C3C119C2AB0FA138D

 



#15 Shelley6324

Shelley6324
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:35 PM

Posted 24 November 2014 - 02:52 PM

Is it normal for ADW to be stuck on "pending" for a long time?  I clicked on "scan," and it seemed to be working for a while. Now scan is grayed out, and under the ADW logo, it says, "Pending. Please uncheck elements you don't want to remove." Should I click on "clean" now, or click on "report" or wait?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users