Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU at work had a Trojan was told by IT to run combofix at home.


  • This topic is locked This topic is locked
5 replies to this topic

#1 krerra

krerra

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 10 April 2015 - 02:56 AM

ComboFix 15-04-09.01 - Grady 04/10/2015   1:43.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2244 [GMT -5:00]
Running from: c:\users\Grady\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Internet Security *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Internet Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Grady\AppData\Local\Temp\_MEI48602\_ctypes.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\_elementtree.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\_hashlib.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\_multiprocessing.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\_socket.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\_ssl.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\_yappi.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\hashobjs_ext.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\pyexpat.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\pysqlite2._sqlite.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\python27.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\pythoncom27.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\PyWinTypes27.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\select.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\unicodedata.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32api.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32com.shell.shell.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32crypt.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32event.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32file.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32gui.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32inet.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32pdh.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32pipe.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32process.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32profile.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32security.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\win32ts.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\windows._lib_cacheinvalidation.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._animate.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._controls_.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._core_.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._gdi_.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._html2.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._misc_.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._windows_.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wx._wizard.pyd
c:\users\Grady\AppData\Local\Temp\_MEI48602\wxbase294u_net_vc90.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\wxbase294u_vc90.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\wxmsw294u_adv_vc90.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\wxmsw294u_core_vc90.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\wxmsw294u_html_vc90.dll
c:\users\Grady\AppData\Local\Temp\_MEI48602\wxmsw294u_webview_vc90.dll
c:\users\Grady\Documents\~WRL0001.tmp
c:\users\Grady\Documents\~WRL0005.tmp
c:\users\Grady\Documents\~WRL3728.tmp
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-10 to 2015-04-10  )))))))))))))))))))))))))))))))
.
.
2015-04-04 08:00 . 2015-04-04 08:00    --------    d-s---w-    c:\windows\SysWow64\GWX
2015-04-04 08:00 . 2015-04-04 08:00    --------    d-s---w-    c:\windows\system32\GWX
2015-03-25 03:22 . 2013-05-15 23:30    216832    ------w-    c:\windows\system32\CPLNUMARKUSB2.CPL
2015-03-25 03:22 . 2015-03-25 03:22    --------    d-----w-    c:\windows\usb-audio.deNumark
2015-03-25 03:22 . 2013-05-15 23:30    55552    ----a-w-    c:\windows\system32\drivers\nmrkusba.sys
2015-03-25 03:22 . 2013-05-15 23:30    466176    ----a-w-    c:\windows\system32\drivers\nmrkusbu.sys
2015-03-25 02:14 . 2015-03-11 04:06    677888    ----a-w-    c:\windows\system32\generaltel.dll
2015-03-25 02:14 . 2015-03-11 04:06    760832    ----a-w-    c:\windows\system32\invagent.dll
2015-03-25 02:14 . 2015-03-11 04:06    414720    ----a-w-    c:\windows\system32\devinv.dll
2015-03-25 02:14 . 2015-03-11 04:06    943616    ----a-w-    c:\windows\system32\appraiser.dll
2015-03-25 02:14 . 2015-03-11 04:05    30720    ----a-w-    c:\windows\system32\acmigration.dll
2015-03-25 02:14 . 2015-03-11 04:05    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-03-25 02:14 . 2015-03-11 04:05    192000    ----a-w-    c:\windows\system32\aepic.dll
2015-03-25 02:14 . 2015-03-11 04:02    1107456    ----a-w-    c:\windows\system32\aeinv.dll
2015-03-24 02:14 . 2015-04-09 00:43    --------    d-----w-    c:\windows\system32\drivers\NISx64\1507000.00B
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-07 05:03 . 2012-06-21 09:42    778928    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-07 05:03 . 2011-11-03 06:12    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-11 05:14 . 2012-11-16 03:43    122905848    ----a-w-    c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-11 04:25    155576    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:56 . 2015-03-11 04:25    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:42 . 2015-03-11 04:25    210944    ----a-w-    c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 04:25    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 04:25    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 04:25    136192    ----a-w-    c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 04:25    341504    ----a-w-    c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 04:25    28160    ----a-w-    c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 04:25    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 04:25    309760    ----a-w-    c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 04:25    1461760    ----a-w-    c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 04:25    728064    ----a-w-    c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 04:25    22016    ----a-w-    c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 04:25    31232    ----a-w-    c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 04:25    64000    ----a-w-    c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 04:25    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 04:25    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 04:25    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 04:25    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 04:25    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 04:25    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 04:25    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 04:25    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 04:25    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 04:25    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 04:25    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 04:25    50176    ----a-w-    c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 04:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 04:25    60416    ----a-w-    c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 04:25    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 04:25    686080    ----a-w-    c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-11 04:25    3204096    ----a-w-    c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-11 04:25    389800    ----a-w-    c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 04:25    25021440    ----a-w-    c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 04:25    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 04:27    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 04:27    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 04:27    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 04:27    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 04:27    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 04:27    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 04:27    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 04:27    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 04:27    372224    ----a-w-    c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 04:27    299008    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 04:25    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 04:25    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 04:25    66560    ----a-w-    c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 04:25    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 04:25    584192    ----a-w-    c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 04:25    2886144    ----a-w-    c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 04:25    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 04:25    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 04:25    34304    ----a-w-    c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 04:25    633856    ----a-w-    c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 04:25    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 04:25    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 04:25    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 04:25    6035456    ----a-w-    c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 04:25    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 04:25    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 04:25    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 04:25    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 04:25    503296    ----a-w-    c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 04:25    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 04:25    199680    ----a-w-    c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 04:25    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 04:25    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 04:25    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 04:25    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 04:25    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 04:25    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 04:25    801280    ----a-w-    c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 04:25    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 04:25    2125824    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 04:25    14398976    ----a-w-    c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 04:25    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 04:25    4300288    ----a-w-    c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 04:25    2358784    ----a-w-    c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 04:25    2052608    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 04:25    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 04:25    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 04:25    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 04:25    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2015-02-17 20:26 . 2015-02-17 20:26    1217184    ----a-w-    c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 04:25    14177280    ----a-w-    c:\windows\system32\shell32.dll
2015-02-04 03:16 . 2015-03-11 04:24    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 04:24    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 04:27    693176    ----a-w-    c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 04:27    5554104    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-02-03 03:34 . 2015-03-11 04:27    94656    ----a-w-    c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 04:27    616360    ----a-w-    c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 04:27    14632960    ----a-w-    c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 04:27    782848    ----a-w-    c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 04:27    229376    ----a-w-    c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 04:25    1424896    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 04:25    215552    ----a-w-    c:\windows\system32\ubpm.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-20 39408]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-03-03 380416]
.
c:\users\Grady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2013-4-19 1054320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 NMRKUSBA;Numark USB2 WDM;c:\windows\system32\drivers\nmrkusba.sys;c:\windows\SYSNATIVE\drivers\nmrkusba.sys [x]
R3 NMRKUSBU;Numark USB2 driver;c:\windows\system32\Drivers\nmrkusbu.sys;c:\windows\SYSNATIVE\Drivers\nmrkusbu.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1507000.00B\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1507000.00B\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1507000.00B\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1507000.00B\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1507000.00B\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150408.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150408.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1507000.00B\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1507000.00B\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 23:46    1061704    ----a-w-    c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 05:03]
.
2015-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497190755-2180394438-1566758516-1001Core.job
- c:\users\Grady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-15 06:02]
.
2015-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497190755-2180394438-1566758516-1001UA.job
- c:\users\Grady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-15 06:02]
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 00:26]
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 19:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 19:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 19:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 19:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 19:24    774472    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2009-07-10 766632]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=c001b2y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Grady\AppData\Roaming\Mozilla\Firefox\Profiles\x4xa0q0d.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.toshiba.com/?cid=c001b2y
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-The Weather Channel App - c:\program files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-Virtual DJ 6 With Skins samples and Sound Effects_is1 - c:\program files (x86)\Virtual DJ\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11;c:\program files (x86)\Norton Internet Security\Engine64\21.7.0.11"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-04-10  02:19:31 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-10 07:19
.
Pre-Run: 322,182,463,488 bytes free
Post-Run: 325,264,269,312 bytes free
.
- - End Of File - - 8684D10351040C9ECAFFEFE0369C2238



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:04 AM

Posted 11 April 2015 - 09:24 AM

hi krerra,

 

I will try to help you. Is this a machine you use in the workplace and at home?  Running Combofix is jumping ahead alittle bit. If you still need help lets get a FRST log as a starting point and we can go from there:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

    Right-click FRST then click "Run as administrator"

    When the tool opens

    click Yes to disclaimer.

    Press the Scan button.

    When finished, it will produce a log called FRST.txt in the same directory the tool was run from. (Your desktop)

    Please copy and paste the log in your next reply.

 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 krerra

krerra
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 13 April 2015 - 08:56 PM

My IT person told me the system at work was infected by Win32/Ursnif.f trojan.  That is the reason they told me to run Combofix.



#4 krerra

krerra
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 13 April 2015 - 08:57 PM

Ran FRST.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Grady at 2015-04-13 20:45:44
Running from C:\Users\Grady\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
Numark USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deNumark) (Version:  - )
PdaNet+ for Android 4.12 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Philips Songbird (HKLM-x32\...\Philips Songbird) (Version: 5.4.1980 (1980) - Koninklijke Philips Electronics N.V.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.7 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual DJ 6 Plus By DR.Ahmed Saker (HKLM-x32\...\Virtual DJ 6 With Skins samples and Sound Effects_is1) (Version:  - F.A.S ®)
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-03-2015 21:43:52 Scheduled Checkpoint
24-03-2015 22:23:33 Device Driver Package Install: usb-audio.de Universal Serial Bus controllers
24-03-2015 22:25:22 Device Driver Package Install: Ploytec GmbH Sound, video and game controllers
25-03-2015 03:00:15 Windows Update
02-04-2015 00:20:18 Scheduled Checkpoint
04-04-2015 03:00:14 Windows Update
10-04-2015 01:41:21 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-04-10 02:13 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01FDDC37-6A6A-4FAA-B6E0-35CB3E5ECCE4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {0E5F9E71-7D10-482E-9ECA-86136E53D28D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3497190755-2180394438-1566758516-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {102EEA7E-BAE1-43FB-9A66-2A7464646491} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3497190755-2180394438-1566758516-1001UA => C:\Users\Grady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {13486BB0-D68A-4E85-A674-2F1049FC9ACD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3497190755-2180394438-1566758516-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {1EA36369-295C-4029-B1C9-E246CC0006F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1F58C72C-C90D-431B-8927-195C16AD196D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3FCAF6A5-1E21-4BDE-B3DC-F950A4CBEDDE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {4CB2E2AC-F779-413D-B116-10661556A35F} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {51A427C5-14DE-4448-BEF6-C37562E1E27F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3497190755-2180394438-1566758516-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5CEF0BF3-348C-41D7-B31F-240A25F3F8C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {5D34AD44-9D16-46D7-9F2E-70C2011AC4B7} - System32\Tasks\trxihdsfjn => C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe [2009-07-13] (Microsoft Corporation)
Task: {6751CA11-CBA5-4589-8D0B-2FF85BB3443C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-07] (Adobe Systems Incorporated)
Task: {74DEE62B-8A4F-4204-9107-C491BBB62DB4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3497190755-2180394438-1566758516-1001Core => C:\Users\Grady\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7CE5F166-E2FE-4CF9-B3D3-5CA98968A49A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {7EA75157-4406-447C-AE9A-9176A91BC1B8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3497190755-2180394438-1566758516-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {83CF73DD-632A-4AB8-AA95-597F77C9F4D7} - System32\Tasks\{DB26C8AB-28D5-4D1E-A9A3-CD07646DE158} => C:\Users\Grady\Downloads\ProjectProfessional.exe [2013-01-26] (Microsoft Corporation)
Task: {8B93895F-6048-46D3-8D0F-B8BBD3AA3486} - System32\Tasks\{FDBAA1F8-C69B-4741-8F08-3AC36CD929A4} => Iexplore.exe http://ui.skype.com/ui/0/5.9.0.123.259/en/eula?source=lightinstaller
Task: {97BBEB84-B478-42AB-A6B3-FB0BBE1212E7} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-09-15] (Symantec Corporation)
Task: {AB5C9229-E115-4955-8308-7C808E639094} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {B60A8A6E-FFEB-4101-885C-AC340DFD0ABD} - System32\Tasks\{00695573-2044-403B-B26B-4C68EE5C41EE} => pcalua.exe -a E:\download\PdaNetA245x64.exe -d E:\download
Task: {B9015E4A-886A-44A2-84E9-E2367BB61621} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C0F57E29-E5CC-4E6D-8C8F-C3E65802C715} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C34F1B88-4CFB-42C4-BA1F-161DEB2F0469} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3497190755-2180394438-1566758516-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D84F2ECB-FBD1-4176-9476-673DB89307C1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3497190755-2180394438-1566758516-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DAB9A08A-41C2-439B-837B-142EB990B7D5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3497190755-2180394438-1566758516-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497190755-2180394438-1566758516-1001Core.job => C:\Users\Grady\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497190755-2180394438-1566758516-1001UA.job => C:\Users\Grady\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-03 22:24 - 2009-06-19 06:01 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2011-08-31 14:13 - 2011-08-31 14:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2015-02-03 22:22 - 2009-07-10 11:06 - 00766632 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
2015-02-03 22:22 - 2009-07-10 11:06 - 00139944 _____ () C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
2013-04-19 21:40 - 2013-04-14 11:28 - 01054320 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2011-03-03 03:38 - 2011-03-03 03:38 - 00380416 _____ () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-02-03 22:21 - 2009-05-26 17:17 - 00086118 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacfg.dll
2015-02-03 22:22 - 2009-05-29 11:08 - 00389120 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll
2015-02-03 22:22 - 2009-05-27 09:16 - 00192512 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll
2015-02-03 22:22 - 2009-05-29 11:09 - 01159168 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaDRS.dll
2015-02-03 22:22 - 2009-03-10 02:43 - 00155648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll
2015-02-03 22:22 - 2009-03-05 14:55 - 00059904 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll
2015-02-03 22:22 - 2009-06-22 10:08 - 00708608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epwizard.DLL
2015-02-03 22:22 - 2009-06-22 10:06 - 00159744 _____ () C:\Program Files (x86)\Dell V310-V510 Series\customui.dll
2015-02-03 22:22 - 2009-06-22 10:06 - 00114688 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Eputil.DLL
2015-02-03 22:22 - 2009-06-22 10:05 - 00139264 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Imagutil.DLL
2015-02-03 22:22 - 2009-06-22 10:06 - 00061440 _____ () C:\Program Files (x86)\Dell V310-V510 Series\Epfunct.DLL
2015-02-03 22:22 - 2009-06-22 10:08 - 02203648 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPWizRes.dll
2015-02-03 22:22 - 2009-06-22 10:08 - 00045056 _____ () C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll
2015-02-03 22:22 - 2009-06-22 10:08 - 00196608 _____ () C:\Program Files (x86)\Dell V310-V510 Series\EPOEMDll.dll
2015-02-03 22:22 - 2009-04-07 16:25 - 00409600 _____ () C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll
2015-02-03 22:22 - 2009-03-02 11:25 - 00151552 _____ () C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll
2015-04-13 18:43 - 2015-04-13 18:43 - 00098816 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32api.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00110080 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\pywintypes27.dll
2015-04-13 18:43 - 2015-04-13 18:43 - 00364544 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\pythoncom27.dll
2015-04-13 18:43 - 2015-04-13 18:43 - 00045568 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\_socket.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 01161216 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\_ssl.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00320512 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32com.shell.shell.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00713216 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\_hashlib.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 01175040 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._core_.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00805888 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._gdi_.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00811008 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._windows_.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 01062400 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._controls_.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00735232 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._misc_.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00682496 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\pysqlite2._sqlite.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00128512 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\_elementtree.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00127488 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\pyexpat.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00087552 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\_ctypes.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00119808 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32file.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00108544 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32security.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00007168 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\hashobjs_ext.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00167936 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32gui.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00018432 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32event.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00038912 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32inet.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00011264 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32crypt.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00070656 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._html2.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00027136 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\_multiprocessing.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00020480 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\_yappi.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00035840 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32process.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00686080 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\unicodedata.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00122368 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._wizard.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00024064 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32pipe.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00010240 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\select.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00025600 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32pdh.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00525640 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\windows._lib_cacheinvalidation.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00017408 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32profile.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00022528 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\win32ts.pyd
2015-04-13 18:43 - 2015-04-13 18:43 - 00078336 _____ () C:\Users\Grady\AppData\Local\Temp\_MEI45562\wx._animate.pyd
2015-04-07 00:03 - 2015-04-07 00:03 - 16858288 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3497190755-2180394438-1566758516-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Grady\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3497190755-2180394438-1566758516-500 - Administrator - Disabled)
Grady (S-1-5-21-3497190755-2180394438-1566758516-1001 - Administrator - Enabled) => C:\Users\Grady
Guest (S-1-5-21-3497190755-2180394438-1566758516-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3497190755-2180394438-1566758516-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 06:45:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 06:44:16 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/13/2015 02:11:36 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/13/2015 02:06:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 08:05:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1480
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/12/2015 04:49:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:49:12 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/11/2015 09:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 09:45:53 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/11/2015 01:32:00 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)


System errors:
=============
Error: (04/13/2015 06:44:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/13/2015 06:43:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dleaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/13/2015 06:43:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.

Error: (04/13/2015 06:43:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/13/2015 02:04:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dleaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/13/2015 02:04:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.

Error: (04/13/2015 02:04:38 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (04/12/2015 04:49:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/12/2015 04:48:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The dleaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/12/2015 04:48:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.


Microsoft Office Sessions:
=========================
Error: (04/13/2015 06:45:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/13/2015 06:44:16 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/13/2015 02:11:36 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/13/2015 02:06:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 08:05:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1148001d07581f5c913a1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3b29ca23-e179-11e4-bc02-047d7b8cf4d8

Error: (04/12/2015 04:49:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2015 04:49:12 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/11/2015 09:46:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2015 09:45:53 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (04/11/2015 01:32:00 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)


CodeIntegrity Errors:
===================================
  Date: 2015-04-10 02:10:15.483
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-10 02:10:15.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 50%
Total physical RAM: 4043.86 MB
Available physical RAM: 2008.15 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5669.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI106320W0D) (Fixed) (Total:449.62 GB) (Free:300.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 7FE1B5BF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=449.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=17)

==================== End Of Log ============================



#5 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:04 AM

Posted 14 April 2015 - 08:27 PM

Thanks for the info. I dont see anything that looks out of place. You could do a one time online scan as another opinon:

 

This scan may take a long time to complete. Please do not browse the Internet while your Anti-Virus is disabled.

 

Please run a free online scan with the ESET Online Scanner

 

US Link: http://www.eset.com/us/online-scanner/


 

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

 

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Or just use Internet Explorer for the scan

 

    Turn off the real time scanner of any existing antivirus program while performing the online scan.

    Click the blue Run ESET Online Scanner button

    Tick the box next to YES, I accept the Terms of Use.

    Click Start

    When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button

    Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications

    Click on Advanced Settings

    Make sure that the option Remove found threats is unticked.

    Ensure these options are ticked

        Scan archives

        Scan for potentially unsafe applications

        Enable Anti-Stealth technology

 

    Under "Current Scan Targets" > click "change" and ensure all your drives are selected

    Click Start

    Wait for the scan to finish

    When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."

    Save that text file on your desktop. Attach the log as a reply to your next reply..

    Close the ESET online scan.


How Can I Reduce My Risk to Malware?


#6 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:04 AM

Posted 04 May 2015 - 05:11 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users