Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Infection - No Detection So Far [Solved]

Started by MarkT4IT , Apr 13 2013 08:29 PM

  • This topic is locked This topic is locked

#1
MarkT4IT
Posted 13 April 2013 - 08:29 PM

MarkT4IT

    Member

  • Member
  • PipPip
  • 11 posts
A family member thought an email was from a teacher / friend and clicked on a link in the email last Thu night (two evenings ago, about 48 hours). http://servisiniz.ne...bxiutalj712mxbk I found out within a few minutes (my bad for not having 'trained' them a little better about naked links). Turns out the teacher's account had been compromised.

[We have Win 7 Ultimate 64, SP1, current on all patches.] All the above screams to me we've been compromised... As of now, no Facebook compromises seen, no spurious emails sent on any accounts or any indication of 'bad actors' in action, yet.

My Norton 360 logs had no security events at that time and a complete system scan didn't find anything (Norton 360 20.3.1.22). Also ran the online BitDefender and online ESET scanners. BitDefender found nothing, ESET reported 4 worm instances (it repaired) on an old drive in the system that is rarely used (in pretty remote locations).

The site has a variety of opinions about it when searching online. Norton SafeWeb had no opinion, PhishTank same, Onlinelinkscan.com aggregates several other sites (including Google Safe Browsing... all had it not reporting or safe - but attempting to go to SpyEyeTracking, got a warning from Microsoft SmartScreen in IE 9 against even going to it - spyeyetracker.abuse.ch as a reported site of malware, itself - all kind of convoluted and somewhat confusing)

Actually went to the original problem site / link (above) to look at it myself today to see if there were any alerts or attempts to compromise the machine (thinking I might blow the drive away anyway), and it served up 10 ads related to searches or sites that had been visited (looking in history?). All the ads links were served up by www.googleadsservices.com, which is apparently not Google related, cannot be reached directly, but which Google Safe Browsing reports visiting >12K times in 90 days and finding 11 malware installs).

Apologies if all the above isn't helpful, but have been dilligently trying to see if I need to blow away the system or not (just did a month ago) - and have been reluctant to do my taxes in this machine until I know I'm not going to be giving all that info away by doing so...



OTL logfile created on: 4/13/2013 5:24:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.88 Gb Available Physical Memory | 73.50% Memory free
9.00 Gb Paging File | 6.65 Gb Available in Paging File | 73.90% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 24.86 Gb Free Space | 20.87% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.83 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
Drive E: | 685.08 Gb Total Space | 419.71 Gb Free Space | 61.27% Space Free | Partition Type: NTFS
Drive K: | 465.73 Gb Total Space | 284.75 Gb Free Space | 61.14% Space Free | Partition Type: NTFS

Computer Name: PAVILION | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 17:23:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2013/04/07 19:03:03 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/04/04 21:31:18 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/04/04 13:19:21 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/03/14 22:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/02/13 14:03:14 | 003,524,136 | ---- | M] (Hyperionics Technology LLC) -- C:\Program Files (x86)\HyperSnap 7\HprSnap7.exe
PRC - [2013/01/29 15:10:02 | 002,496,616 | ---- | M] (Ilium Software, Inc.) -- C:\Program Files (x86)\Ilium Software\eWallet\eWallet.exe
PRC - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/01 11:38:46 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PasswordGenerator\7fcb05f2f82f5126946256cc654b05e4\PasswordGenerator.ni.dll
MOD - [2013/04/01 11:38:46 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\5cf7fcba96db2ec632eda5e52fc373da\System.Data.DataSetExtensions.ni.dll
MOD - [2013/04/01 11:38:45 | 000,573,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SQLite\96fc0f1de5adcd5f84448730caf86182\System.Data.SQLite.ni.dll
MOD - [2013/04/01 11:38:45 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WltSQLiteConverter\6997d5ae6b336d84a33f6f1e538f1b88\WltSQLiteConverter.ni.dll
MOD - [2013/04/01 11:38:44 | 001,190,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sync\165e664553651f900f71fd5834ef2771\Sync.ni.dll
MOD - [2013/04/01 11:38:44 | 001,111,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DBWallet\b441d9e250a5cd0a5c726a1bbced5e94\DBWallet.ni.dll
MOD - [2013/04/01 11:38:43 | 015,083,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DevComponents.DotNe#\f596573396441b91ed21372942f7dafd\DevComponents.DotNetBar2.ni.dll
MOD - [2013/04/01 11:38:34 | 004,385,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\eWallet\4897a3fd73de662ef6b00cb1fd740d1a\eWallet.ni.exe
MOD - [2013/04/01 11:38:04 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/04/01 11:30:28 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/04/01 11:30:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/04/01 11:30:01 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/04/01 11:29:58 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/04/01 11:29:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/04/01 11:29:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/04/01 11:29:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll
MOD - [2013/04/01 11:29:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/04/01 11:29:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/04/01 11:29:34 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/02 13:30:34 | 000,014,040 | ---- | M] () -- C:\Program Files (x86)\HyperSnap 7\VistaPlus.dll
MOD - [2013/01/02 12:49:14 | 000,018,160 | ---- | M] () -- C:\Program Files (x86)\HyperSnap 7\HsSizer7.dll
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\wincfi39.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/04 13:19:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/14 22:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/07 07:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/23 20:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/24 16:30:08 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 20:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/01/30 20:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 18:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 18:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/23 15:12:20 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2013/01/21 19:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/11/15 19:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/11/15 19:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/03/24 09:01:36 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130412.024\ex64.sys -- (NAVEX15)
DRV - [2013/03/24 09:01:36 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/03/24 09:01:36 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/24 09:01:36 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130412.024\eng64.sys -- (NAVENG)
DRV - [2013/03/22 15:39:26 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130412.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/03/21 18:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 15 AD 0B 0B 29 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS530
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/03/24 16:30:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/04/13 13:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/25 20:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/25 20:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/25 20:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/03/25 20:49:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/03/07 07:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 07:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 07:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://thecore.coin...nstar.Home.aspx
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - Extension: Google Docs = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: Bit.ly Shortener for Chrome = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\negjghjbfgfmdjpolclpmmjmfeejolld\1.0.3_0\
CHR - Extension: Mail this link = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngjdhjgbagpeimgpgloofkfoipgpdgdb\1.1.1_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98CF1F53-00CE-490E-875A-5F8AAA3848A3}: DhcpNameServer = 192.168.1.1 184.16.33.54
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/12 21:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/12 21:01:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\QuickScan
[2013/04/08 21:36:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2013/04/08 21:36:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Canon
[2013/04/08 16:32:45 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys
[2013/04/08 16:32:45 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys
[2013/04/08 16:32:45 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys
[2013/04/08 16:32:45 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys
[2013/04/08 16:32:45 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys
[2013/04/08 16:32:45 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys
[2013/04/08 16:32:45 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys
[2013/04/08 16:32:45 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.sys
[2013/04/08 16:32:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403010.016
[2013/04/07 19:03:57 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp
[2013/04/07 19:03:11 | 000,000,000 | R--D | C] -- C:\Users\Mark\SkyDrive
[2013/04/07 19:03:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/04/07 19:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/04/07 16:45:02 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe
[2013/04/07 15:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/04/07 15:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/04/07 15:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/04/07 15:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/04/07 12:48:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\IsolatedStorage
[2013/04/07 12:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
[2013/04/07 12:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax
[2013/04/06 20:22:03 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Google
[2013/04/06 20:20:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Macromedia
[2013/04/06 20:20:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Adobe
[2013/04/04 13:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/04 13:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/04/04 13:19:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/04/04 13:19:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/04/04 13:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/04/02 20:31:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Diane
[2013/03/31 20:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/03/28 08:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/28 08:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/28 08:30:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Google
[2013/03/28 08:30:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Deployment
[2013/03/28 08:30:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apps
[2013/03/27 23:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/03/27 23:19:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Hyperionics
[2013/03/27 22:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperSnap 7
[2013/03/27 22:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyperSnap 7
[2013/03/27 22:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ilium Software
[2013/03/27 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2013/03/27 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2013/03/27 22:30:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Apple
[2013/03/27 22:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/03/27 22:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/03/27 22:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/03/27 22:25:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Ilium_Software,_Inc
[2013/03/27 21:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilium Software
[2013/03/27 21:44:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Ilium Software
[2013/03/27 21:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ilium Software
[2013/03/27 21:38:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/03/27 21:38:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/03/27 21:29:22 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/03/27 21:29:16 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/03/27 03:42:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\eWallet
[2013/03/27 03:42:36 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\cache
[2013/03/27 03:39:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Work
[2013/03/27 03:31:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Wedding
[2013/03/27 03:30:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\TurboTax
[2013/03/27 03:30:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Travel and Vacation
[2013/03/27 03:30:36 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Training
[2013/03/27 03:29:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Toastmasters
[2013/03/27 03:29:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Redmond Roofing
[2013/03/27 03:28:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Rachel's files
[2013/03/27 03:28:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Rachel and Steve and Wedding
[2013/03/27 03:27:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Rachel College
[2013/03/27 03:27:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\RLT Eye-Ear-Nose-Throat Doctors_files
[2013/03/27 03:12:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Project Management
[2013/03/27 03:12:03 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Palm OS Desktop
[2013/03/27 03:11:54 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\OneNote Notebooks
[2013/03/27 03:11:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\New Photo Print.el6.Data
[2013/03/27 03:11:36 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\My Games
[2013/03/27 03:11:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\My DocsToGo
[2013/03/27 03:09:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\MedicalandHealth
[2013/03/27 03:09:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Marriage and Relationships
[2013/03/27 03:08:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\ItsDeductible2006
[2013/03/27 03:08:55 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\ITIL
[2013/03/27 03:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Hutch
[2013/03/27 03:08:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Home
[2013/03/27 03:08:42 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Health and Fitness
[2013/03/27 03:08:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\HVAC
[2013/03/27 03:08:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Georgioff-Brinks
[2013/03/27 03:05:37 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Financial
[2013/03/27 03:05:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Financial-Trading
[2013/03/27 03:05:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Faith Church Small Groups
[2013/03/27 03:02:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Employment
[2013/03/27 02:59:51 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Downloads
[2013/03/27 02:59:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\David
[2013/03/27 02:59:07 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Customer Transcript_files
[2013/03/27 02:59:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Computer Related
[2013/03/27 02:59:03 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Computer HW SW
[2013/03/27 02:58:58 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Cellular
[2013/03/27 02:58:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Car Stuff
[2013/03/27 02:57:42 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\CPA-CITP-CMA-PMP
[2013/03/27 02:56:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Baccalaureate
[2013/03/27 02:10:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Mozilla
[2013/03/26 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Quicken
[2013/03/26 21:02:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/26 20:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2013/03/26 20:57:15 | 004,200,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2013/03/26 20:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2013
[2013/03/26 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2013/03/26 20:57:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Intuit
[2013/03/26 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intuit
[2013/03/26 20:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2013/03/25 21:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/03/25 21:38:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2013/03/25 21:38:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2013/03/25 21:36:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2013/03/25 21:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series User Registration
[2013/03/25 21:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013/03/25 21:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013/03/25 21:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/03/25 21:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/03/25 21:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series Manual
[2013/03/25 21:32:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/03/25 21:32:36 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013/03/25 21:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series
[2013/03/25 21:32:02 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/03/25 21:31:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2013/03/25 21:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013/03/25 21:05:04 | 000,067,808 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
[2013/03/25 21:05:04 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozyHome
[2013/03/25 21:05:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/03/25 21:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome
[2013/03/25 20:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/25 20:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/25 20:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/25 03:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2013/03/25 03:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2013/03/24 21:00:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/03/24 20:53:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Outlook Files
[2013/03/24 20:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/03/24 20:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/24 20:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/03/24 20:41:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/03/24 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/03/24 20:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/24 20:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/03/24 20:38:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft Help
[2013/03/24 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/03/24 20:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/03/24 20:38:31 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/03/24 20:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/03/24 20:06:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/03/24 20:06:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/03/24 16:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/03/24 16:45:46 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/03/24 16:41:45 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Symantec
[2013/03/24 16:30:08 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/24 16:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/24 16:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/24 16:29:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/03/24 16:29:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/03/24 16:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/03/24 16:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/03/24 16:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/03/24 16:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/03/24 16:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/03/24 16:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/03/24 16:09:42 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/03/24 16:09:42 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/03/24 16:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/03/24 16:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/03/24 16:00:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/24 16:00:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\Searches
[2013/03/24 16:00:26 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/24 16:00:26 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/03/24 16:00:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Identities
[2013/03/24 16:00:18 | 000,000,000 | R--D | C] -- C:\Users\Mark\Contacts
[2013/03/24 16:00:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VirtualStore
[2013/03/24 16:00:14 | 000,000,000 | --SD | C] -- C:\Users\Mark\AppData\Roaming\Microsoft
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Videos
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Saved Games
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Pictures
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Music
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Links
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Favorites
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Downloads
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Documents
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\Desktop
[2013/03/24 16:00:14 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Temporary Internet Files
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Templates
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Start Menu
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\SendTo
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Recent
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\PrintHood
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\NetHood
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Videos
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Pictures
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Music
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\My Documents
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Local Settings
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\History
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Cookies
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Application Data
[2013/03/24 16:00:14 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Application Data
[2013/03/24 16:00:14 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData
[2013/03/24 16:00:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
[2013/03/24 16:00:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft
[2013/03/24 16:00:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Media Center Programs
[2013/03/24 15:50:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/03/24 15:46:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

========== Files - Modified Within 30 Days ==========

[2013/04/13 17:19:53 | 000,208,384 | ---- | M] () -- C:\Users\Mark\Documents\My Wallet.wlt
[2013/04/13 17:09:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 17:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/13 16:35:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/13 14:04:28 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 14:04:28 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 14:01:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/13 14:01:24 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/13 14:01:24 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/13 13:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 13:57:02 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/13 09:40:24 | 000,008,600 | ---- | M] () -- C:\Windows\mozy.flt
[2013/04/13 09:40:24 | 000,007,090 | ---- | M] () -- C:\Windows\mozy.blk
[2013/04/10 20:21:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/04/10 14:36:10 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/10 08:46:15 | 000,424,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/10 08:45:09 | 001,762,019 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/04/08 21:36:28 | 000,002,123 | ---- | M] () -- C:\Users\Mark\Desktop\MP Navigator EX 4.1.lnk
[2013/04/08 20:33:28 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021
[2013/04/08 20:33:28 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/04/07 15:30:21 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/07 12:48:09 | 000,000,319 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/04/07 12:47:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013/04/03 01:21:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini
[2013/03/31 19:54:49 | 000,002,283 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/27 22:54:17 | 000,001,026 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HyperSnap 7.lnk
[2013/03/27 22:50:33 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\HyperSnap 7.lnk
[2013/03/27 21:44:32 | 000,001,168 | ---- | M] () -- C:\Users\Mark\Desktop\eWallet.lnk
[2013/03/26 20:57:12 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Premier 2013.lnk
[2013/03/26 20:57:06 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2013/03/26 20:50:02 | 000,001,135 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/03/25 21:05:04 | 000,000,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2013/03/25 20:49:50 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/24 20:25:04 | 000,001,441 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/24 16:59:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/24 16:59:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/24 16:30:08 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/24 16:30:08 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/24 16:30:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/24 15:49:33 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/03/24 15:49:33 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/03/24 15:47:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/14 22:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

========== Files Created - No Company Name ==========

[2013/04/10 20:21:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/04/08 21:36:28 | 000,002,123 | ---- | C] () -- C:\Users\Mark\Desktop\MP Navigator EX 4.1.lnk
[2013/04/08 20:33:28 | 001,762,019 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/04/08 20:33:28 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021
[2013/04/08 20:33:28 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/04/08 16:32:45 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam64.cat
[2013/04/08 16:32:45 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.cat
[2013/04/08 16:32:45 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet64.cat
[2013/04/08 16:32:45 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.cat
[2013/04/08 16:32:45 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.cat
[2013/04/08 16:32:45 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.cat
[2013/04/08 16:32:45 | 000,007,585 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.cat
[2013/04/08 16:32:45 | 000,007,581 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.cat
[2013/04/08 16:32:45 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa.inf
[2013/04/08 16:32:45 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds.inf
[2013/04/08 16:32:45 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet.inf
[2013/04/08 16:32:45 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.inf
[2013/04/08 16:32:45 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.inf
[2013/04/08 16:32:45 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.inf
[2013/04/08 16:32:45 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.inf
[2013/04/08 16:32:45 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.inf
[2013/04/08 16:32:37 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symvtcer.dat
[2013/04/08 16:32:37 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini
[2013/04/07 19:03:10 | 000,002,157 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/04/07 15:30:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/07 15:30:21 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/07 12:47:38 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/04/07 12:47:35 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013/04/04 13:19:22 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/28 08:30:52 | 000,002,283 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/28 08:30:52 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/28 08:30:17 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 08:30:17 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/27 22:50:33 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HyperSnap 7.lnk
[2013/03/27 22:50:33 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\HyperSnap 7.lnk
[2013/03/27 22:30:44 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/03/27 21:52:06 | 000,208,384 | ---- | C] () -- C:\Users\Mark\Documents\My Wallet.wlt
[2013/03/27 21:44:32 | 000,001,168 | ---- | C] () -- C:\Users\Mark\Desktop\eWallet.lnk
[2013/03/27 21:29:47 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2013/03/27 21:29:40 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/03/27 21:29:10 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/03/27 21:29:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/03/27 21:29:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/03/27 21:29:00 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013/03/27 21:29:00 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/03/26 20:57:12 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Premier 2013.lnk
[2013/03/26 20:56:57 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/03/25 21:32:32 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\CNC1750D.TBL
[2013/03/25 21:32:32 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\CNC1750D.TBL
[2013/03/25 21:05:04 | 000,000,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2013/03/25 20:49:50 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/25 20:49:49 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/25 03:04:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/03/25 03:02:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/24 20:53:56 | 000,001,135 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/03/24 16:59:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/24 16:59:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/24 16:30:09 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/24 16:30:08 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/24 16:06:00 | 000,001,441 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/24 16:00:29 | 000,001,447 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/24 16:00:29 | 000,001,413 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/03/24 16:00:14 | 000,000,290 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/03/24 16:00:14 | 000,000,272 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/03/24 15:49:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/03/24 15:49:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/03/24 15:47:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/24 15:46:32 | 2146,885,631 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/08 21:36:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Canon
[2013/03/27 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Hyperionics
[2013/03/27 21:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ilium Software
[2013/04/12 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\QuickScan

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 14 April 2013 - 05:53 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MarkT4IT

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
MarkT4IT
Posted 14 April 2013 - 04:15 PM

MarkT4IT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks, gringo_pr...

My system is running normally, except that when I first booted today (before running instructed programs), the mouse was 'sticky' or not responding well (kind of jerky instead of smooth), and my wireless connection died. A reboot seemed to fix whatever the problem may have been... and, yes, I am paranoid lately. :) Log files posted below, as requested.

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Mozilla Firefox 19.0.2 Firefox out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.200 - Logfile created 04/14/2013 at 14:43:40
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Mark - PAVILION
# Boot Mode : Normal
# Running from : C:\Users\Mark\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [866 octets] - [14/04/2013 14:43:40]

########## EOF - C:\AdwCleaner[S1].txt - [925 octets] ##########

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mark [Admin rights]
Mode : Scan -- Date : 04/14/2013 14:52:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Users\David\NTUSER.DAT
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\Diane\NTUSER.DAT
-> E:\Users\Mark\NTUSER.DAT
-> E:\Users\Rachel\NTUSER.DAT
-> E:\Users\Rachel.Pavilion\NTUSER.DAT
-> E:\Users\UpdatusUser\NTUSER.DAT
-> E:\Documents and Settings\David.Pavilion\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Diane\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERTEX ATA Device +++++
--- User ---
[MBR] aceebf34a442554faeef3d674dafe569
[BSP] 43a4e552b9c88ff86369fad30fd1f699 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD753LJ ATA Device +++++
--- User ---
[MBR] b01e8b07e66067fa10b5f17cd44521d4
[BSP] 9de9f47f1b33d9a7131e26cc64f19926 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 701519 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 1436710912 | Size: 13884 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04142013_02d1452.txt >>
RKreport[1]_S_04142013_02d1452.txt
  • 0

#4
gringo_pr
Posted 14 April 2013 - 07:11 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MarkT4IT

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
MarkT4IT
Posted 15 April 2013 - 11:35 PM

MarkT4IT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Gringo, Completed the ComboFix scan. Got the Norton 360 realtime scanning still running, so went in and turned off everything I could. The warning about computer damage was kind of dire, so I killed a couple process trees - or tried, most I thought might be related to Norton wouldn't let me kill. Didn't think until later that probably wasn't the best route, but at least this is full disclosure.

The computer is running normal, and no known compromises of email, Facebook, any accounts, etc. Thanks, Mark

The ComboFix Log:

ComboFix 13-04-15.01 - Mark 04/15/2013 21:57:20.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5899 [GMT -7:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\Favorites\eBay Vintage Woodstock Era Levis Bellbottoms 684 Orange tag (item 8369730286 end time Jan-10-06 061346 PST).url.54d2.part
c:\users\David\Favorites\friends.url.691d.part
c:\users\David\Favorites\frozen [bleep].url.6ae6.part
c:\users\David\Favorites\grar.url.6b4f.part
c:\users\David\Favorites\http--www.lib.utexas.edu-maps-middle_east_and_asia-southeastasia.jpg.url.6c7f.part
c:\users\David\Favorites\journal.url.6d18.part
c:\users\David\Favorites\lindsay's Journal.url.6db2.part
c:\users\David\Favorites\purevolume™ 15minuteslate.url.6e4b.part
c:\users\David\Favorites\soon concert.url.6ee1.part
c:\users\David\Favorites\the graceland.url.6f4a.part
c:\users\David\Favorites\YELLOWCARD - Music.url.539f.part
c:\users\David\Favorites\YourSpeed - Results.url.5404.part
.
.
((((((((((((((((((((((((( Files Created from 2013-03-16 to 2013-04-16 )))))))))))))))))))))))))))))))
.
.
2013-04-16 05:02 . 2013-04-16 05:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-15 05:21 . 2013-04-15 05:21 -------- d--h--w- c:\programdata\CanonIJEGV
2013-04-15 05:07 . 2013-04-15 05:07 -------- d-----w- c:\program files (x86)\TurboTax Audit Support Center
2013-04-13 04:05 . 2013-04-13 04:05 -------- d-----w- c:\program files (x86)\ESET
2013-04-10 03:35 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 04:36 . 2013-04-09 04:36 -------- d--h--w- c:\programdata\CanonIJScan
2013-04-08 02:03 . 2013-04-08 02:03 -------- d-----w- C:\SkyDriveTemp
2013-04-08 02:03 . 2013-04-08 02:03 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-04-08 02:03 . 2013-04-08 02:03 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-04-07 22:32 . 2013-04-07 22:32 -------- d-----w- c:\program files\7-Zip
2013-04-07 22:30 . 2013-04-07 22:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-07 19:46 . 2013-04-07 19:46 -------- d-----w- c:\program files (x86)\TurboTax
2013-04-04 20:19 . 2013-04-04 20:19 -------- d-----w- c:\program files\Google
2013-04-04 20:19 . 2013-04-14 20:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-04 20:19 . 2013-04-14 20:51 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-04 20:19 . 2013-04-04 20:19 -------- d-----w- c:\windows\SysWow64\Macromed
2013-04-04 20:19 . 2013-04-04 20:19 -------- d-----w- c:\windows\system32\Macromed
2013-04-03 03:55 . 2013-04-03 04:01 -------- d-----w- c:\users\Diane
2013-04-01 03:20 . 2013-04-01 03:20 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-04-01 02:59 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-28 15:35 . 2013-03-28 15:36 -------- d-----w- c:\users\David
2013-03-28 15:30 . 2013-04-04 20:19 -------- d-----w- c:\program files (x86)\Google
2013-03-28 06:19 . 2013-03-28 06:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-03-28 05:50 . 2013-03-28 05:51 -------- d-----w- c:\program files (x86)\HyperSnap 7
2013-03-28 05:32 . 2013-03-28 05:32 -------- d-----w- c:\programdata\Ilium Software
2013-03-28 05:31 . 2013-03-28 05:31 -------- d-----w- c:\program files\Bonjour Print Services
2013-03-28 05:30 . 2013-03-28 05:30 -------- d-----w- c:\programdata\Apple
2013-03-28 05:30 . 2013-03-28 05:30 -------- d-----w- c:\program files\Bonjour
2013-03-28 05:30 . 2013-03-28 05:30 -------- d-----w- c:\program files (x86)\Bonjour
2013-03-28 05:00 . 2013-04-10 04:29 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-28 04:44 . 2013-03-28 04:44 -------- d-----w- c:\program files (x86)\Ilium Software
2013-03-28 04:38 . 2013-03-28 04:38 -------- d-----w- c:\windows\system32\SPReview
2013-03-28 04:38 . 2013-03-28 04:38 -------- d-----w- c:\windows\system32\EventProviders
2013-03-28 04:28 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-03-28 04:28 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-03-28 04:28 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-03-28 04:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-03-28 04:28 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-03-28 04:28 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-03-28 04:18 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-03-28 04:18 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 04:18 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-27 03:57 . 2013-03-27 03:57 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2013-03-27 03:57 . 2012-09-20 03:18 4200304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2013-03-27 03:57 . 2013-04-07 19:47 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2013-03-27 03:57 . 2013-03-27 04:03 -------- d-----w- c:\program files (x86)\Quicken
2013-03-27 03:56 . 2013-04-07 19:47 -------- d-----w- c:\programdata\Intuit
2013-03-26 04:44 . 2013-03-26 04:44 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-26 04:38 . 2013-03-26 04:38 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2013-03-26 04:38 . 2013-03-26 04:38 -------- d--h--w- c:\programdata\CanonEPP
2013-03-26 04:37 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMXLMAN.DLL
2013-03-26 04:36 . 2013-03-26 04:36 -------- d--h--w- c:\programdata\CanonIJFAX
2013-03-26 04:36 . 2013-03-26 04:36 -------- d-----w- c:\program files\Common Files\CANON
2013-03-26 04:36 . 2013-03-26 04:36 -------- d-----w- c:\programdata\CanonIJWSpt
2013-03-26 04:33 . 2013-03-26 04:33 -------- d-----w- c:\program files\Canon
2013-03-26 04:31 . 2013-03-26 04:31 -------- d-----w- c:\windows\system32\STRING
2013-03-26 04:31 . 2010-09-08 16:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
2013-03-26 04:31 . 2010-09-08 16:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2013-03-26 04:29 . 2013-03-26 04:36 -------- d-----w- c:\program files (x86)\Canon
2013-03-26 04:05 . 2013-03-26 04:05 -------- dc----w- c:\windows\system32\DRVSTORE
2013-03-26 04:05 . 2013-01-23 22:12 67808 ----a-w- c:\windows\system32\drivers\mozy.sys
2013-03-26 04:05 . 2013-03-26 04:05 -------- d-----w- c:\program files\MozyHome
2013-03-26 03:49 . 2013-04-15 17:44 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-26 02:25 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 10:04 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-25 10:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-25 10:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-25 10:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-25 10:03 . 2013-03-25 10:03 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2013-03-25 10:03 . 2013-03-25 10:03 -------- d-----w- c:\program files\Common Files\logishrd
2013-03-25 10:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-25 10:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-25 10:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-25 10:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-25 10:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-25 10:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-25 10:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-25 10:02 . 2013-03-25 10:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-25 04:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-25 04:04 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-03-25 03:53 . 2013-03-25 03:53 -------- d-----w- c:\program files (x86)\MSECache
2013-03-25 03:41 . 2013-03-26 17:25 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-03-25 03:41 . 2013-03-25 03:41 -------- d-----w- c:\windows\PCHEALTH
2013-03-25 03:38 . 2013-03-25 03:38 -------- d-----w- c:\program files\Microsoft Office
2013-03-25 03:38 . 2013-03-25 03:38 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-03-25 03:38 . 2013-04-10 04:29 -------- d-----w- c:\programdata\Microsoft Help
2013-03-25 03:38 . 2013-04-14 02:50 -------- d-sh--w- c:\windows\Installer
2013-03-25 03:06 . 2013-03-25 03:06 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-25 03:06 . 2013-03-25 03:06 -------- d-----w- c:\windows\system32\Wat
2013-03-24 23:52 . 2013-03-24 23:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-03-24 23:50 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-24 23:50 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-24 23:50 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-24 23:50 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-24 23:50 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-03-24 23:50 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-03-24 23:47 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-24 23:47 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-24 23:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-24 23:47 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-24 23:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-24 23:45 . 2013-03-24 23:00 -------- d-----w- c:\windows\Panther
2013-03-24 23:30 . 2013-03-24 23:30 -------- d-----w- c:\program files\Symantec
2013-03-24 23:30 . 2013-03-24 23:30 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-03-24 23:30 . 2013-03-24 23:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-24 23:29 . 2013-04-09 03:33 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-03-24 23:29 . 2013-03-24 23:30 -------- d-----w- c:\programdata\Norton
2013-03-24 23:29 . 2013-03-24 23:29 -------- d-----w- c:\program files (x86)\Norton 360
2013-03-24 23:28 . 2013-03-24 23:28 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-03-24 23:22 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-03-24 23:21 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2013-03-24 23:20 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-03-24 23:19 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2013-03-24 23:18 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-03-24 23:09 . 2013-03-26 04:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-03-24 23:09 . 2013-03-26 04:44 -------- d-----w- c:\users\UpdatusUser
2013-03-24 23:09 . 2013-04-15 17:44 -------- d-----w- c:\programdata\NVIDIA
2013-03-24 23:09 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-24 23:09 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-24 23:09 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-24 23:09 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-24 23:09 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-24 23:09 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-24 23:09 . 2012-10-11 04:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-24 23:09 . 2012-10-11 04:23 60776 ----a-w- c:\windows\system32\OpenCL.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 04:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-03-28 04:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-15 05:53 . 2012-10-11 04:23 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-11 04:23 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2009-07-13 21:59 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2009-06-10 20:37 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:07 . 2013-03-15 05:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-02-12 05:45 . 2013-04-01 03:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-01 03:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-01 03:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-01 03:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-01 03:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-01 03:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-08 02:03 222808 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-08 02:03 222808 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-08 02:03 222808 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-04-08 256600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HyperSnap 7.lnk - c:\program files (x86)\HyperSnap 7\HprSnap7.exe [2013-3-27 3524136]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2013-1-23 6358856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-24 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130413.001\IDSvia64.sys [2013-03-22 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-24 138912]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-06-10 1192448]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 21:36 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04 20:51]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 15:30]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 15:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-08 02:03 261704 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-08 02:03 261704 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-08 02:03 261704 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-01-23 22:12 6376776 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-01-23 22:12 6376776 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\79zziiui.default\
FF - ExtSQL: 2013-04-12 20:14; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn
FF - ExtSQL: 2013-04-14 14:47; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn
FF - ExtSQL: 2013-04-14 15:16; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\79zziiui.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-15 22:04:37
ComboFix-quarantined-files.txt 2013-04-16 05:04
.
Pre-Run: 26,528,673,792 bytes free
Post-Run: 26,285,424,640 bytes free
.
- - End Of File - - E5DBB91D351F9CBD768E3D4FC00CF629
  • 0

#6
gringo_pr
Posted 15 April 2013 - 11:48 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Mark

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
MarkT4IT
Posted 16 April 2013 - 10:50 PM

MarkT4IT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Gringo... the system is running normally. I didn't have any issues or problems and ran the script without any issue. I did not have to restart. Have any of the log files so far given any indication we picked up a bug of any kind? Thanks, Mark

Here are the results:

ComboFix 13-04-15.01 - Mark 04/16/2013 21:38:34.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5639 [GMT -7:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diane\AppData\Local\{D9ADCAFC-63C7-4172-B284-AC44B86D19D6}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 )))))))))))))))))))))))))))))))
.
.
2013-04-17 04:43 . 2013-04-17 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-17 04:43 . 2013-04-17 04:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-15 05:21 . 2013-04-15 05:21 -------- d--h--w- c:\programdata\CanonIJEGV
2013-04-15 05:07 . 2013-04-15 05:07 -------- d-----w- c:\program files (x86)\TurboTax Audit Support Center
2013-04-13 04:05 . 2013-04-13 04:05 -------- d-----w- c:\program files (x86)\ESET
2013-04-10 03:35 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-09 04:36 . 2013-04-09 04:36 -------- d--h--w- c:\programdata\CanonIJScan
2013-04-08 02:03 . 2013-04-08 02:03 -------- d-----w- C:\SkyDriveTemp
2013-04-08 02:03 . 2013-04-08 02:03 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-04-08 02:03 . 2013-04-08 02:03 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-04-07 22:32 . 2013-04-07 22:32 -------- d-----w- c:\program files\7-Zip
2013-04-07 22:30 . 2013-04-07 22:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-04-07 19:46 . 2013-04-07 19:46 -------- d-----w- c:\program files (x86)\TurboTax
2013-04-04 20:19 . 2013-04-04 20:19 -------- d-----w- c:\program files\Google
2013-04-04 20:19 . 2013-04-14 20:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-04 20:19 . 2013-04-14 20:51 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-04 20:19 . 2013-04-04 20:19 -------- d-----w- c:\windows\SysWow64\Macromed
2013-04-04 20:19 . 2013-04-04 20:19 -------- d-----w- c:\windows\system32\Macromed
2013-04-03 03:55 . 2013-04-03 04:01 -------- d-----w- c:\users\Diane
2013-04-01 03:20 . 2013-04-01 03:20 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-04-01 02:59 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-28 15:35 . 2013-03-28 15:36 -------- d-----w- c:\users\David
2013-03-28 15:30 . 2013-04-04 20:19 -------- d-----w- c:\program files (x86)\Google
2013-03-28 06:19 . 2013-03-28 06:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-03-28 05:50 . 2013-03-28 05:51 -------- d-----w- c:\program files (x86)\HyperSnap 7
2013-03-28 05:32 . 2013-03-28 05:32 -------- d-----w- c:\programdata\Ilium Software
2013-03-28 05:31 . 2013-03-28 05:31 -------- d-----w- c:\program files\Bonjour Print Services
2013-03-28 05:30 . 2013-03-28 05:30 -------- d-----w- c:\programdata\Apple
2013-03-28 05:30 . 2013-03-28 05:30 -------- d-----w- c:\program files\Bonjour
2013-03-28 05:30 . 2013-03-28 05:30 -------- d-----w- c:\program files (x86)\Bonjour
2013-03-28 05:00 . 2013-04-10 04:29 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-28 04:44 . 2013-03-28 04:44 -------- d-----w- c:\program files (x86)\Ilium Software
2013-03-28 04:38 . 2013-03-28 04:38 -------- d-----w- c:\windows\system32\SPReview
2013-03-28 04:38 . 2013-03-28 04:38 -------- d-----w- c:\windows\system32\EventProviders
2013-03-28 04:28 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2013-03-28 04:28 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2013-03-28 04:28 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2013-03-28 04:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-03-28 04:28 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-03-28 04:28 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-03-28 04:18 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-03-28 04:18 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-03-28 04:18 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-27 03:57 . 2013-03-27 03:57 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2013-03-27 03:57 . 2012-09-20 03:18 4200304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2013-03-27 03:57 . 2013-04-07 19:47 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2013-03-27 03:57 . 2013-03-27 04:03 -------- d-----w- c:\program files (x86)\Quicken
2013-03-27 03:56 . 2013-04-07 19:47 -------- d-----w- c:\programdata\Intuit
2013-03-26 04:44 . 2013-03-26 04:44 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-26 04:38 . 2013-03-26 04:38 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2013-03-26 04:38 . 2013-03-26 04:38 -------- d--h--w- c:\programdata\CanonEPP
2013-03-26 04:37 . 2010-10-18 12:00 374784 ----a-w- c:\windows\system32\CNMXLMAN.DLL
2013-03-26 04:36 . 2013-03-26 04:36 -------- d--h--w- c:\programdata\CanonIJFAX
2013-03-26 04:36 . 2013-03-26 04:36 -------- d-----w- c:\program files\Common Files\CANON
2013-03-26 04:36 . 2013-03-26 04:36 -------- d-----w- c:\programdata\CanonIJWSpt
2013-03-26 04:33 . 2013-03-26 04:33 -------- d-----w- c:\program files\Canon
2013-03-26 04:31 . 2013-03-26 04:31 -------- d-----w- c:\windows\system32\STRING
2013-03-26 04:31 . 2010-09-08 16:27 37376 ----a-w- c:\windows\system32\CNMN6UI.DLL
2013-03-26 04:31 . 2010-09-08 16:27 328192 ----a-w- c:\windows\system32\CNMN6PPM.DLL
2013-03-26 04:29 . 2013-03-26 04:36 -------- d-----w- c:\program files (x86)\Canon
2013-03-26 04:05 . 2013-03-26 04:05 -------- dc----w- c:\windows\system32\DRVSTORE
2013-03-26 04:05 . 2013-01-23 22:12 67808 ----a-w- c:\windows\system32\drivers\mozy.sys
2013-03-26 04:05 . 2013-03-26 04:05 -------- d-----w- c:\program files\MozyHome
2013-03-26 03:49 . 2013-04-15 17:44 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-26 02:25 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 10:04 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-25 10:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-25 10:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-25 10:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-25 10:03 . 2013-03-25 10:03 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2013-03-25 10:03 . 2013-03-25 10:03 -------- d-----w- c:\program files\Common Files\logishrd
2013-03-25 10:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-25 10:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-25 10:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-25 10:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-25 10:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-25 10:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-25 10:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-25 10:02 . 2013-03-25 10:02 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-03-25 04:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-25 04:04 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-03-25 03:53 . 2013-03-25 03:53 -------- d-----w- c:\program files (x86)\MSECache
2013-03-25 03:41 . 2013-03-26 17:25 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-03-25 03:41 . 2013-03-25 03:41 -------- d-----w- c:\windows\PCHEALTH
2013-03-25 03:38 . 2013-03-25 03:38 -------- d-----w- c:\program files\Microsoft Office
2013-03-25 03:38 . 2013-03-25 03:38 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-03-25 03:38 . 2013-04-10 04:29 -------- d-----w- c:\programdata\Microsoft Help
2013-03-25 03:38 . 2013-04-14 02:50 -------- d-sh--w- c:\windows\Installer
2013-03-25 03:06 . 2013-03-25 03:06 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-25 03:06 . 2013-03-25 03:06 -------- d-----w- c:\windows\system32\Wat
2013-03-24 23:52 . 2013-03-24 23:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-03-24 23:50 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-24 23:50 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-24 23:50 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-24 23:50 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-24 23:50 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-03-24 23:50 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-03-24 23:47 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-24 23:47 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-24 23:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-24 23:47 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-24 23:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-24 23:45 . 2013-03-24 23:00 -------- d-----w- c:\windows\Panther
2013-03-24 23:30 . 2013-03-24 23:30 -------- d-----w- c:\program files\Symantec
2013-03-24 23:30 . 2013-03-24 23:30 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-03-24 23:30 . 2013-03-24 23:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-03-24 23:29 . 2013-04-09 03:33 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-03-24 23:29 . 2013-03-24 23:30 -------- d-----w- c:\programdata\Norton
2013-03-24 23:29 . 2013-03-24 23:29 -------- d-----w- c:\program files (x86)\Norton 360
2013-03-24 23:28 . 2013-03-24 23:28 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-03-24 23:22 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2013-03-24 23:21 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2013-03-24 23:20 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-03-24 23:19 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2013-03-24 23:18 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-03-24 23:09 . 2013-03-26 04:44 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-03-24 23:09 . 2013-03-26 04:44 -------- d-----w- c:\users\UpdatusUser
2013-03-24 23:09 . 2013-04-16 17:39 -------- d-----w- c:\programdata\NVIDIA
2013-03-24 23:09 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-24 23:09 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-24 23:09 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-24 23:09 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-24 23:09 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-24 23:09 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-24 23:09 . 2012-10-11 04:24 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-28 04:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-03-28 04:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-15 05:53 . 2012-10-11 04:23 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-11 04:23 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2009-07-13 21:59 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2009-06-10 20:37 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:07 . 2013-03-15 05:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-02-12 05:45 . 2013-04-01 03:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-01 03:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-01 03:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-01 03:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-01 03:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-01 03:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-08 02:03 222808 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-08 02:03 222808 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-08 02:03 222808 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-04-08 256600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HyperSnap 7.lnk - c:\program files (x86)\HyperSnap 7\HprSnap7.exe [2013-3-27 3524136]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2013-1-23 6358856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-24 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx64.sys [2013-04-12 1390680]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130416.001\IDSvia64.sys [2013-03-22 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-03-24 138912]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-06-10 1192448]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 21:36 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-04 20:51]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 15:30]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 15:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-08 02:03 261704 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-08 02:03 261704 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-08 02:03 261704 ----a-w- c:\users\Mark\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-01-23 22:12 6376776 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-01-23 22:12 6376776 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\79zziiui.default\
FF - ExtSQL: 2013-04-12 20:14; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn
FF - ExtSQL: 2013-04-14 14:47; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn
FF - ExtSQL: 2013-04-14 15:16; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\79zziiui.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-16 21:45:26
ComboFix-quarantined-files.txt 2013-04-17 04:45
ComboFix2.txt 2013-04-16 05:04
.
Pre-Run: 25,847,230,464 bytes free
Post-Run: 25,583,665,152 bytes free
.
- - End Of File - - B3ED656C6E27BC9EE6236A5E016C7210
  • 0

#8
gringo_pr
Posted 16 April 2013 - 10:53 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MarkT4IT

combofix picked up some stuff but can't tell what it was

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
MarkT4IT
Posted 19 April 2013 - 10:08 PM

MarkT4IT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Gringo- Here's the paste from C:\Qoobox\Add-Remove Programs.txt


Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Apple Software Update
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.1
Canon MX880 series User Registration
Canon My Printer
Canon Solution Menu EX
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
eWallet 7.4.2 for Windows PCs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HyperSnap 7
iSEEK AnswerWorks English Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SkyDrive
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Quicken 2013
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax Audit Support Center 3.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
  • 0

#10
gringo_pr
Posted 19 April 2013 - 10:17 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

Advertisements

#11
MarkT4IT
Posted 23 April 2013 - 12:03 AM

MarkT4IT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Been way beyond swamped... will get to this tomorrow night, sorry.
  • 0

#12
gringo_pr
Posted 23 April 2013 - 12:17 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
That is not a problem and we don't need to fix this right away - take all the time you need I only ask is to keep me updated



gringo
  • 0

#13
MarkT4IT
Posted 23 April 2013 - 11:53 PM

MarkT4IT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Gringo...

Scan results from Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mark :: PAVILION [administrator]

Protection: Enabled

4/23/2013 10:40:11 PM
mbam-log-2013-04-23 (22-40-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 310521
Time elapsed: 1 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:47:40 PM, on 4/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Mark\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKUS\S-1-5-21-3155810746-3928049404-1681684087-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3155810746-3928049404-1681684087-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: HyperSnap 7.lnk = C:\Program Files (x86)\HyperSnap 7\HprSnap7.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...rl.cab?lmi=1007
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9857 bytes


There was also a Fix Checked screen with the above items, but I just closed it assuming if you want anything removed you'll advise and I'll rerun the program.

Thanks!
Mark
  • 0

#14
gringo_pr
Posted 23 April 2013 - 11:57 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Mark\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
      O4 - HKUS\S-1-5-21-3155810746-3928049404-1681684087-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3155810746-3928049404-1681684087-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Global Startup: HyperSnap 7.lnk = C:\Program Files (x86)\HyperSnap 7\HprSnap7.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#15
MarkT4IT
Posted 24 April 2013 - 12:01 AM

MarkT4IT

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
...I didn't run into any problems. I closed all apps when running these but didn't cut off my Internet connection or shut down my Norton 360 - if I should have, please let me know.

My computer is running normally. My wife said she booted it this morning and was unable to get to the Internet, but after an orderly shutdown and waiting a while, she rebooted and was able to get to the Internet fine. We have an SSD I reimaged about six weeks ago, and we have occasionally seen where the wireless connection is lost for no known reason. I believe this happened before the 'bad email link' was clicked, not just since.

Thanks again,
Mark
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP