Bloodhound malPE


Recommended Posts

Symantec Endpoint Protection keeps blocking this but I can't remove it. I have run ADW removal tool; JRT; CC Cleaner: Hitman; SuperAntiSpyware & Malwarebytes.

 

I had a major infestation about a month ago and had to get an expert to get things running. I think this is something that might have been missed

 

Any suggestions would be appreciated.

 

Thanks 

Link to post
Share on other sites

Howdy Lupo and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

 

 

=============================

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

Thanks

Chuck
 

Link to post
Share on other sites

Lupo, did you try 3 or 4 times to mouse click in the box ! Some times that's what i have to do to post !

Are you getting the option to paste ?

 

Chuck

Link to post
Share on other sites

Here's another go at pasting.

 

I copied the report into a Word doc and then copied it from there.

 

Doing this changed the formatting. I've tried to reduce the sizes.

 

 

OTL Extras logfile created on: 6/23/2014 2:43:49 PM - Run 1

 

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caruso\Downloads

 

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

 

Internet Explorer (Version = 9.11.9600.17126)

 

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

 

 

 

3.73 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 34.15% Memory free

 

7.47 Gb Paging File | 5.11 Gb Available in Paging File | 68.41% Paging File free

 

Paging file location(s): ?:\pagefile.sys [binary data]

 

 

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

 

Drive C: | 107.85 Gb Total Space | 17.44 Gb Free Space | 16.17% Space Free | Partition Type: NTFS

 

 

 

Computer Name: ORPHEUS | User Name: Caruso | Logged in as Administrator.

 

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

 

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 

 

 

========== Extra Registry (SafeList) ==========

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

 

 

========== Shell Spawning ==========

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

 

batfile [open] -- "%1" %*

 

cmdfile [open] -- "%1" %*

 

comfile [open] -- "%1" %*

 

exefile [open] -- "%1" %*

 

helpfile [open] -- Reg Error: Key error.

 

htafile [open] -- "%1" %*

 

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

http [open] -- Reg Error: Key error.

 

https [open] -- Reg Error: Key error.

 

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

 

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

 

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

 

piffile [open] -- "%1" %*

 

regfile [merge] -- Reg Error: Key error.

 

scrfile [config] -- "%1"

 

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

 

scrfile [open] -- "%1" /S

 

txtfile [edit] -- Reg Error: Key error.

 

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

 

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

 

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [explore] -- Reg Error: Value error.

 

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

 

batfile [open] -- "%1" %*

 

cmdfile [open] -- "%1" %*

 

comfile [open] -- "%1" %*

 

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

 

exefile [open] -- "%1" %*

 

helpfile [open] -- Reg Error: Key error.

 

htafile [open] -- "%1" %*

 

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

http [open] -- Reg Error: Key error.

 

https [open] -- Reg Error: Key error.

 

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

 

piffile [open] -- "%1" %*

 

regfile [merge] -- Reg Error: Key error.

 

scrfile [config] -- "%1"

 

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

 

scrfile [open] -- "%1" /S

 

txtfile [edit] -- Reg Error: Key error.

 

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

 

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

 

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Folder [explore] -- Reg Error: Value error.

 

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

 

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

 

 

========== Security Center Settings ==========

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

"cval" = 1

 

"UpdatesDisableNotify" = 0

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

 

"AntiVirusOverride" = 0

 

"AntiSpywareOverride" = 0

 

"FirewallOverride" = 0

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

"DisableMonitoring" = 1

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

 

 

========== System Restore Settings ==========

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

 

"DisableSR" = 0

 

 

 

========== Firewall Settings ==========

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

"DisableNotifications" = 0

 

"EnableFirewall" = 1

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

"DisableNotifications" = 0

 

"EnableFirewall" = 1

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

 

"DisableNotifications" = 0

 

"EnableFirewall" = 1

 

 

 

========== Authorized Applications List ==========

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

 

 

 

========== Vista Active Open Ports Exception List ==========

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

"{062675CF-085B-490A-837D-E3D94F620A21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{12F5BE92-DCCD-4301-B1F7-A5B80EC89258}" = rport=445 | protocol=6 | dir=out | app=system |

 

"{3A401C01-2D56-41C1-95D3-F75A11142E46}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

 

"{516AF3FE-5027-44A0-A3ED-804C915EDA07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

 

"{5AB109F5-6850-4AFE-99CB-343F6FD58B1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

 

"{6B9E3F41-1D7D-461F-BABD-325498412BD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{7A49483B-D610-44B0-B8C7-F92887681374}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

 

"{7E39EF1B-1C08-4BA8-B8C9-F7189690350E}" = lport=445 | protocol=6 | dir=in | app=system |

 

"{7F91A958-36FC-49F3-A4CB-31D3C04F2749}" = lport=139 | protocol=6 | dir=in | app=system |

 

"{8DB65447-F1B3-4F8A-AA55-34BDFD4AA143}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{9391BD9C-86D2-4FFC-A0AF-321B4D2AE91E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{950FB70B-4304-4D46-B147-77E47A110608}" = lport=138 | protocol=17 | dir=in | app=system |

 

"{A3D1D90A-CBCB-44C8-9FE9-22DB5DB2405E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

 

"{AFA09CFE-01C1-4F38-93C5-EDC164568A62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

 

"{B787E2EA-367E-4F4F-8CEE-ABD4F8ED3A8F}" = rport=137 | protocol=17 | dir=out | app=system |

 

"{B86A4DFC-130A-4781-9A9A-CDB88CB316CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{B87B28D0-20A1-42ED-AA54-E5FF9E234E52}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

 

"{B9FA2448-19DC-474F-AB19-A5C8664B5E2F}" = lport=137 | protocol=17 | dir=in | app=system |

 

"{D102A167-2FFD-42D6-8C99-8BD28E38086D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

"{D42EF378-092C-426F-AC87-B13CD6372164}" = rport=138 | protocol=17 | dir=out | app=system |

 

"{F6D531B8-40E7-4F6A-84A8-B89C61634C43}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

 

"{FE2A6C8F-B4EF-41D8-AADD-64FC0BA7A250}" = rport=139 | protocol=6 | dir=out | app=system |

 

 

 

========== Vista Active Application Exception List ==========

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

"{01DE2A93-456A-4824-88AE-7A1C321D5245}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

 

"{2944AC78-926C-4858-A130-1DD5F925CDF4}" = protocol=58 | dir=out | [email protected],-28546 |

 

"{3CC09083-A9E9-4697-9F15-6B1F5218A4C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

 

"{86814F03-F8E5-4F93-8C27-C7989280363A}" = protocol=1 | dir=out | [email protected],-28544 |

 

"{9B4365B0-E79A-4150-97E2-FA5D9D98BD5E}" = protocol=1 | dir=in | [email protected],-28543 |

 

"{F6F8C8E0-5C76-43AA-BDB5-40C05D87D5E9}" = protocol=58 | dir=in | [email protected],-28545 |

 

"TCP Query User{74481855-80F9-491C-B4E2-5D14193348B5}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

 

"TCP Query User{8E8336BC-8D91-479E-9308-4D4C00DE592D}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

 

"TCP Query User{BC0DD820-D471-4DF8-AA0F-E566DC564566}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

 

"UDP Query User{4925E46A-3878-4D66-AAC5-A62D71488370}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

 

"UDP Query User{D8271450-13B8-4986-889D-4A2E5E8D0532}C:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |

 

"UDP Query User{F4B38A04-652E-43E1-AE41-EB3BAD18F10E}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

 

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

 

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

"{05BB6835-DD46-462A-B6BE-70949D2FB3AB}" = TOSHIBA Mobile Broadband Device

 

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

 

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

 

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers

 

"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel® PROSet/Wireless WiFi Software

 

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

 

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

 

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

 

"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012

 

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

 

"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection

 

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

 

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

 

"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software

 

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

 

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

 

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

 

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

 

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

 

"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables

 

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

 

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

 

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

 

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

 

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

 

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

 

"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

 

"{A2E00B38-848D-4898-9109-BFA37C074DDC}" = Google Advertising Cookie Opt-out

 

"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU

 

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

 

"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit

 

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

 

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

 

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

 

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

 

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

 

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

 

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

 

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

 

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

 

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

 

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

 

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

 

"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net  (02/15/2007 2.0.0.0)

 

"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (12/01/2006 6.1258.1201.2006)

 

"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net  (09/25/2008 3.1.0.101)

 

"CCleaner" = CCleaner

 

"HitmanPro37" = HitmanPro 3.7

 

"ProInst" = Intel PROSet Wireless

 

"PROSet" = Intel® Network Connections Drivers

 

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility

 

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.11.03.02

 

"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media

 

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

 

"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)

 

"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-795CW

 

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

 

"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)

 

"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode

 

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

 

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

 

"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic

 

"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist

 

"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)

 

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

 

"{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}" = Adobe Flash Player 14 ActiveX

 

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

 

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

 

"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs

 

"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55

 

"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)

 

"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic

 

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

 

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

 

"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer

 

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

 

"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL

 

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

 

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11

 

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

 

"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM

 

"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)

 

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

 

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

 

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

 

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

 

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

 

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

 

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

 

"{6A631D31-1FD6-46B5-9337-3485C3CBB002}" = TOSHIBA Wireless Manager

 

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

 

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

 

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

 

"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync

 

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

 

"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR

 

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

 

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

 

"{82410B99-F69F-4AA0-B290-3DB5350B81D4}" = Panasonic elite Panaboard Ink Note Software

 

"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)

 

"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video

 

"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express

 

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

 

"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)

 

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

 

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

 

"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup

 

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

 

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

 

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

 

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

 

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

 

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

 

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

 

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

 

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

 

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

 

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

 

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

 

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

 

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

 

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

 

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

 

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

 

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

 

"{95E152CF-0EB5-4BFA-B6EE-8FC7F9601BA5}" = Nero 12

 

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

 

"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables

 

"{996945A3-2D3B-478C-81CB-FFBDEE766DA2}" = Panasonic elite Panaboard USB Driver

 

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

 

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

 

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

 

"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player

 

"{A6D95AEF-138A-4805-8AD4-84325CCD1914}" = Panasonic elite Panaboard

 

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

 

"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1

 

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

 

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

 

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

 

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

 

"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter

 

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

 

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)

 

"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic

 

"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)

 

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

 

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

 

"{B73A66DB-7804-46EC-9A2F-BD534FDB6AD5}" = TOSHIBA ConfigFree

 

"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent

 

"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components

 

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

 

"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard

 

"{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}" = Adobe Flash Player 14 Plugin

 

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

 

"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)

 

"{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility

 

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

 

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

 

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

 

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

 

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

 

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

 

"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp

 

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

 

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

 

"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic

 

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

 

"{EC8B1F0F-BF1B-461C-8155-50CD0FE574AF}" = DocuPrint M205 f_fw

 

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

 

"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)

 

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

 

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

 

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

 

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

 

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

 

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

 

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

 

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

 

"Adobe AIR" = Adobe AIR

 

"Adobe Shockwave Player" = Adobe Shockwave Player 12.1

 

"AnyDVD" = AnyDVD

 

"AVS Update Manager_is1" = AVS Update Manager 1.0

 

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

 

"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8

 

"Belarc Advisor" = Belarc Advisor 8.4

 

"CanonMyPrinter" = Canon Utilities My Printer

 

"CanonSolutionMenu" = Canon Utilities Solution Menu

 

"CloneDVD2" = CloneDVD2

 

"DVD Shrink_is1" = DVD Shrink 3.2

 

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

 

"HandBrake" = HandBrake 0.9.5

 

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

 

"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

 

"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

 

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

 

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

 

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

 

"InstallShield_{EC8B1F0F-BF1B-461C-8155-50CD0FE574AF}" = DocuPrint M205 f_fw

 

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

 

"Kobo" = Kobo

 

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

 

"Magic DVD Copier_is1" = Magic DVD Copier V6.1.0

 

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012

 

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

 

"Nero Multimedia Suite" = Nero Multimedia Suite 10

 

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

 

"Opera 22.0.1471.50" = Opera Stable 22.0.1471.50

 

"Secunia PSI" = Secunia PSI (3.0.0.9016)

 

"TOSHIBA Game Console" = WildTangent ORB Game Console

 

"WildTangent toshiba Master Uninstall" = WildTangent Games

 

"WinLiveSuite" = Windows Live Essentials

 

"WT083877" = Chuzzle Deluxe

 

"WT083885" = Zuma's Revenge

 

"WT083898" = Virtual Villagers - The Secret City

 

"WT083903" = Escape Rosecliff Island

 

"WT083929" = Bejeweled 2 Deluxe

 

"WT083947" = Final Drive Nitro

 

"WT083957" = Jewel Quest 3

 

"WT083958" = Penguins!

 

"WT083959" = Polar Bowler

 

"WT084018" = FATE - The Traitor Soul

 

 

 

========== HKEY_USERS Uninstall List ==========

 

 

 

[HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

"{ca022202-9ba3-4112-a1c9-6a988bbf74ce}" = Snap.Do Engine

 

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

 

"Adobe Connect Add-in" = Adobe Connect Add-in

 

 

 

========== Last 20 Event Log Errors ==========

 

 

 

[ Application Events ]

 

Error - 6/16/2014 6:28:58 AM | Computer Name = Orpheus | Source = Symantec AntiVirus | ID = 16711731

 

Description =       Security Risk Found!Bloodhound.MalPE in File: C:\Users\Caruso\AppData\Local\Temp\DWHA42B.tmp

 

 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:

 

 The file was quarantined successfully.   

 

 

 

Error - 6/18/2014 7:49:02 AM | Computer Name = Orpheus | Source = SideBySide | ID = 16842827

 

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

 

 Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

 

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

 

Multiple

 

 requestedPrivileges elements are not allowed in manifest.

 

 

 

Error - 6/22/2014 6:02:12 AM | Computer Name = Orpheus | Source = Windows Backup | ID = 4103

 

Description =

 

 

 

Error - 6/22/2014 6:16:03 AM | Computer Name = Orpheus | Source = Symantec AntiVirus | ID = 16711731

 

Description =       Security Risk Found!Bloodhound.MalPE in File: C:\Users\Caruso\AppData\Local\Temp\DWHBF77.tmp

 

 by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description:

 

 The file was quarantined successfully.   

 

 

 

Error - 6/22/2014 6:24:46 AM | Computer Name = Orpheus | Source = Symantec AntiVirus | ID = 16711731

 

Description =       Security Risk Found!Tracking Cookies in File: Unavailable by: Manual

 

 scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: The

 

 file was deleted successfully.   

 

 

 

Error - 6/22/2014 7:38:34 AM | Computer Name = Orpheus | Source = SideBySide | ID = 16842827

 

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

 

 Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

 

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

 

Multiple

 

 requestedPrivileges elements are not allowed in manifest.

 

 

 

[ System Events ]

 

Error - 6/22/2014 9:21:35 PM | Computer Name = Orpheus | Source = volmgr | ID = 262189

 

Description = The system could not sucessfully load the crash dump driver.

 

 

 

Error - 6/22/2014 9:21:43 PM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000

 

Description = The sbapifs service failed to start due to the following error:   %%2

 

 

 

Error - 6/22/2014 10:58:33 PM | Computer Name = Orpheus | Source = volmgr | ID = 262189

 

Description = The system could not sucessfully load the crash dump driver.

 

 

 

Error - 6/22/2014 10:58:33 PM | Computer Name = Orpheus | Source = volmgr | ID = 262190

 

Description = Crash dump initialization failed!

 

 

 

Error - 6/22/2014 10:58:42 PM | Computer Name = Orpheus | Source = volmgr | ID = 262189

 

Description = The system could not sucessfully load the crash dump driver.

 

 

 

Error - 6/22/2014 10:58:49 PM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000

 

Description = The sbapifs service failed to start due to the following error:   %%2

 

 

 

Error - 6/23/2014 12:26:16 AM | Computer Name = Orpheus | Source = volmgr | ID = 262189

 

Description = The system could not sucessfully load the crash dump driver.

 

 

 

Error - 6/23/2014 12:26:16 AM | Computer Name = Orpheus | Source = volmgr | ID = 262190

 

Description = Crash dump initialization failed!

 

 

 

Error - 6/23/2014 12:26:22 AM | Computer Name = Orpheus | Source = volmgr | ID = 262189

 

Description = The system could not sucessfully load the crash dump driver.

 

 

 

Error - 6/23/2014 12:26:25 AM | Computer Name = Orpheus | Source = Service Control Manager | ID = 7000

 

Description = The sbapifs service failed to start due to the following error:   %%2

 

 

 

 

 

< End of report >

 

Link to post
Share on other sites

Hi Again Chuck

 

Here is the second file. Sorry about the length.

 

Lupo

 

 

OTL logfile created on: 6/23/2014 2:43:49 PM - Run 1

 

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Caruso\Downloads

 

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

 

Internet Explorer (Version = 9.11.9600.17126)

 

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

 

 

 

3.73 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 34.15% Memory free

 

7.47 Gb Paging File | 5.11 Gb Available in Paging File | 68.41% Paging File free

 

Paging file location(s): ?:\pagefile.sys [binary data]

 

 

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

 

Drive C: | 107.85 Gb Total Space | 17.44 Gb Free Space | 16.17% Space Free | Partition Type: NTFS

 

 

 

Computer Name: ORPHEUS | User Name: Caruso | Logged in as Administrator.

 

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

 

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

 

 

 

========== Processes (SafeList) ==========

 

 

 

PRC - [2014/06/23 14:40:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caruso\Downloads\OTL (2).scr

 

PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

 

PRC - [2014/03/21 18:24:55 | 000,118,056 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe

 

PRC - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

PRC - [2013/12/07 00:47:20 | 001,229,528 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

 

PRC - [2013/12/07 00:47:20 | 000,662,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe

 

PRC - [2013/12/07 00:47:18 | 000,565,464 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

 

PRC - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

 

PRC - [2012/04/28 02:12:45 | 006,065,784 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

 

PRC - [2011/06/02 09:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

 

PRC - [2011/04/12 13:09:00 | 002,571,264 | ---- | M] (Fuji Xerox Co., Ltd.) -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe

 

PRC - [2010/06/17 19:49:14 | 000,405,504 | ---- | M] (Panasonic System Networks Co., Ltd.) -- C:\Program Files (x86)\Panasonic\elite Panaboard\EPBCONCT.exe

 

PRC - [2010/05/08 22:22:59 | 000,348,160 | ---- | M] (Panasonic System Networks Co., Ltd.) -- C:\Program Files (x86)\Panasonic\elite Panaboard\EPBPenC.exe

 

PRC - [2010/05/07 04:33:08 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

 

PRC - [2010/05/02 11:02:52 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

 

PRC - [2010/04/09 10:58:04 | 000,462,888 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe

 

PRC - [2010/03/19 07:00:30 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

PRC - [2010/03/19 07:00:26 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

PRC - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

 

PRC - [2009/09/17 17:55:12 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

 

PRC - [2009/07/29 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

 

PRC - [2009/07/08 19:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

 

PRC - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

 

PRC - [2009/03/11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

 

PRC - [2001/08/23 22:00:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Users\Caruso\My Documents\Solitaire\sol.exe

 

 

 

 

 

========== Modules (No Company Name) ==========

 

 

 

MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

 

 

 

 

 

========== Services (SafeList) ==========

 

 

 

SRV:64bit: - [2014/06/16 13:45:24 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)

 

SRV:64bit: - [2014/05/30 19:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

 

SRV:64bit: - [2013/05/27 15:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

SRV:64bit: - [2012/07/12 04:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

 

SRV:64bit: - [2010/06/18 12:11:42 | 002,734,912 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)

 

SRV:64bit: - [2010/05/26 14:08:30 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

 

SRV:64bit: - [2010/05/11 12:57:30 | 000,836,016 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

 

SRV:64bit: - [2010/04/24 12:08:32 | 000,259,440 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

 

SRV:64bit: - [2010/03/06 04:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

 

SRV:64bit: - [2010/03/06 04:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

 

SRV:64bit: - [2010/03/06 04:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

 

SRV:64bit: - [2010/02/06 11:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

 

SRV:64bit: - [2009/07/29 09:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

 

SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

 

SRV - [2014/06/12 17:31:07 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

 

SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

 

SRV - [2014/03/21 18:24:55 | 000,118,056 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)

 

SRV - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

 

SRV - [2013/12/07 00:47:20 | 001,229,528 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

 

SRV - [2013/12/07 00:47:20 | 000,662,232 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

 

SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

 

SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

 

SRV - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

 

SRV - [2011/12/06 12:28:00 | 000,095,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe -- (FXNADB)

 

SRV - [2011/06/02 09:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)

 

SRV - [2011/05/13 09:44:44 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)

 

SRV - [2010/04/13 04:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

 

SRV - [2010/04/09 10:58:04 | 000,462,888 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe -- (WMCoreService)

 

SRV - [2010/03/19 07:00:30 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

 

SRV - [2010/03/19 07:00:26 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

 

SRV - [2010/01/29 10:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)

 

SRV - [2009/12/04 12:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

 

SRV - [2009/10/07 03:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

 

SRV - [2009/09/17 17:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

 

SRV - [2009/09/17 17:37:56 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

 

SRV - [2009/09/17 16:22:16 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)

 

SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

 

SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

 

SRV - [2009/07/08 19:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

 

SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

SRV - [2009/03/11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

 

 

 

 

 

========== Driver Services (SafeList) ==========

 

 

 

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

 

DRV:64bit: - [2014/05/02 08:50:46 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

 

DRV:64bit: - [2013/12/20 18:12:04 | 000,497,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

 

DRV:64bit: - [2013/12/07 00:47:12 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)

 

DRV:64bit: - [2013/11/22 14:22:06 | 000,284,912 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)

 

DRV:64bit: - [2013/10/02 12:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

 

DRV:64bit: - [2013/08/29 11:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

 

DRV:64bit: - [2013/04/02 14:10:12 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

 

DRV:64bit: - [2012/09/27 23:55:40 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)

 

DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

 

DRV:64bit: - [2012/03/27 09:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)

 

DRV:64bit: - [2012/03/02 14:13:58 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)

 

DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

 

DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

 

DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

 

DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

 

DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

 

DRV:64bit: - [2011/07/23 02:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

 

DRV:64bit: - [2011/07/13 07:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

 

DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

 

DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

 

DRV:64bit: - [2010/12/17 08:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

 

DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

 

DRV:64bit: - [2010/11/20 19:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

 

DRV:64bit: - [2010/09/14 08:57:08 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)

 

DRV:64bit: - [2010/07/28 20:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

 

DRV:64bit: - [2010/06/18 12:30:04 | 000,770,152 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)

 

DRV:64bit: - [2010/05/09 12:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

 

DRV:64bit: - [2010/05/09 09:27:26 | 000,086,696 | ---- | M] (Panasonic System Networks Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\epbmtusb.sys -- (epbmtusb)

 

DRV:64bit: - [2010/04/22 03:37:34 | 007,686,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

 

DRV:64bit: - [2010/03/25 07:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

 

DRV:64bit: - [2010/03/12 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

 

DRV:64bit: - [2010/03/04 05:30:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)

 

DRV:64bit: - [2010/03/04 05:30:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)

 

DRV:64bit: - [2010/02/27 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

 

DRV:64bit: - [2010/02/25 04:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

 

DRV:64bit: - [2010/02/25 04:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

 

DRV:64bit: - [2010/02/04 00:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

 

DRV:64bit: - [2009/09/28 19:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\StarOpen.sys -- (StarOpen)

 

DRV:64bit: - [2009/09/18 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

 

DRV:64bit: - [2009/09/17 17:37:52 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)

 

DRV:64bit: - [2009/08/25 19:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)

 

DRV:64bit: - [2009/08/25 19:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)

 

DRV:64bit: - [2009/08/25 19:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)

 

DRV:64bit: - [2009/07/31 14:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

 

DRV:64bit: - [2009/07/15 06:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)

 

DRV:64bit: - [2009/07/14 16:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)

 

DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

 

DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

 

DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

 

DRV:64bit: - [2009/07/14 11:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)

 

DRV:64bit: - [2009/07/14 10:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

 

DRV:64bit: - [2009/07/14 10:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

 

DRV:64bit: - [2009/07/14 09:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

 

DRV:64bit: - [2009/07/11 09:53:22 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36wgps64.sys -- (t36wgps)

 

DRV:64bit: - [2009/06/27 06:51:58 | 000,432,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmdm.sys -- (t36gmdm)

 

DRV:64bit: - [2009/06/27 06:51:58 | 000,376,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmgmt.sys -- (t36gmgmt)

 

DRV:64bit: - [2009/06/27 06:51:56 | 000,329,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gbus.sys -- (t36gbus)

 

DRV:64bit: - [2009/06/27 06:51:56 | 000,019,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t36gmdfl.sys -- (t36gmdfl)

 

DRV:64bit: - [2009/06/23 11:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

 

DRV:64bit: - [2009/06/20 13:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

 

DRV:64bit: - [2009/06/11 06:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)

 

DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

 

DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

 

DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

 

DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

 

DRV:64bit: - [2009/05/27 13:31:34 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)

 

DRV:64bit: - [2008/02/01 02:24:32 | 000,093,184 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)

 

DRV - [2014/06/16 00:15:02 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)

 

DRV - [2014/06/10 18:00:00 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

 

DRV - [2014/06/10 18:00:00 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

 

DRV - [2013/09/16 18:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140621.001\ex64.sys -- (NAVEX15)

 

DRV - [2013/09/16 18:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140621.001\eng64.sys -- (NAVENG)

 

DRV - [2012/03/27 09:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

 

DRV - [2012/03/02 14:13:58 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

 

DRV - [2009/09/28 19:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

 

DRV - [2009/08/25 19:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)

 

DRV - [2009/08/25 19:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)

 

DRV - [2009/08/25 19:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)

 

DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

 

 

 

========== Standard Registry (SafeList) ==========

 

 

 

 

 

========== Internet Explorer ==========

 

 

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKLM\..\SearchScopes,DefaultScope =

 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

 

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

 

 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

 

 

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.au/ [binary data]

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.collingwoodfc.com.au/

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 D6 74 B6 C6 6A CF 01  [binary data]

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enAU587

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

 

 

 

 

 

========== FireFox ==========

 

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

 

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

 

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

 

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:

 

 

 

 

 

O1 HOSTS File: ([2014/05/07 16:18:32 | 000,000,042 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

 

O1 - Hosts: ::1 localhost

 

O1 - Hosts: 127.0.0.1       localhost

 

O2:64bit: - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)

 

O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)

 

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

 

O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)

 

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

 

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

 

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

 

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

 

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

 

O3 - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

 

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

 

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

 

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

 

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

 

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

 

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

 

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

 

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)

 

O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)

 

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

 

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

 

O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

 

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

 

O4 - HKLM..\Run: [EPBConnect] C:\Program Files (x86)\Panasonic\elite Panaboard\EPBCONCT.exe (Panasonic System Networks Co., Ltd.)

 

O4 - HKLM..\Run: [EPBPenC] C:\Program Files (x86)\Panasonic\elite Panaboard\EPBPenC.exe (Panasonic System Networks Co., Ltd.)

 

O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()

 

O4 - HKLM..\Run: [Launcher205f] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M205 f/fw File not found

 

O4 - HKLM..\Run: [M205f RUN] C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe ()

 

O4 - HKLM..\Run: [statusAutoRunm205f] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint M205 f,hide,\S File not found

 

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

 

O4 - HKU\S-1-5-21-2453220590-1116701832-226220176-1001..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

 

O4 - HKU\S-1-5-21-2453220590-1116701832-226220176-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)

 

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

 

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

 

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

 

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

 

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

 

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

 

O7 - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O7 - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present

 

O7 - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

 

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

 

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

 

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

 

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

 

O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Caruso\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)

 

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://portalsrvs.det.nsw.edu.au/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update)

 

O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue-enterprise.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)

 

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 10.55.2)

 

O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 1.7.0_55)

 

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab (Java Plug-in 10.55.2)

 

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://symantec.webex.com/client/WBXclient-T29L10NSP4EP2-2/support/ieatgpc1.cab (GpcContainer Class)

 

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Caruso\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)

 

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{161D60FB-76D4-4088-8428-54658292C472}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51F31661-D08B-497C-AACB-1FB29D2C0D5C}: DhcpNameServer = 192.168.1.1

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67EB52BF-5DE2-4317-96C1-762BE335DE59}: NameServer = 0.0.0.0

 

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

 

O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found

 

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

 

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

 

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

 

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

 

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

 

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

 

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

 

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

 

O18 - Protocol\Handler\linkscanner - No CLSID value found

 

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

 

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

 

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

 

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

 

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

 

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

 

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

 

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

 

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

 

O32 - HKLM CDRom: AutoRun - 1

 

O32 - AutoRun File - [2014/05/06 22:29:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

 

O34 - HKLM BootExecute: (autocheck autochk *)

 

O34 - HKLM BootExecute: (bootdelete)

 

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

 

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

 

O35 - HKLM\..comfile [open] -- "%1" %*

 

O35 - HKLM\..exefile [open] -- "%1" %*

 

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

 

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

 

O37 - HKLM\...com [@ = comfile] -- "%1" %*

 

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

 

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

========== Files/Folders - Created Within 60 Days ==========

 

 

 

[2014/06/16 13:57:01 | 000,000,000 | ---D | C] -- C:\EEK

 

[2014/06/16 13:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

 

[2014/06/16 13:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

 

[2014/06/16 13:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

 

[2014/06/11 22:29:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll

 

[2014/06/11 22:29:11 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS

 

[2014/06/11 22:29:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll

 

[2014/06/11 22:29:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll

 

[2014/06/11 22:29:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll

 

[2014/06/11 22:29:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll

 

[2014/06/11 22:29:07 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll

 

[2014/06/11 22:29:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll

 

[2014/06/11 22:29:06 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

 

[2014/06/11 22:29:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

 

[2014/06/11 22:29:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

 

[2014/06/11 22:29:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

 

[2014/06/11 22:29:05 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll

 

[2014/06/11 22:29:05 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll

 

[2014/06/11 22:29:04 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

 

[2014/06/11 22:29:04 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

 

[2014/06/11 22:29:04 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll

 

[2014/06/11 22:29:04 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

 

[2014/06/11 22:29:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

 

[2014/06/11 22:29:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

 

[2014/06/11 22:29:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

 

[2014/06/11 22:29:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

 

[2014/06/11 22:29:03 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

 

[2014/06/11 22:29:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

 

[2014/06/11 22:29:02 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

 

[2014/06/11 22:29:02 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll

 

[2014/06/11 22:29:02 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

 

[2014/06/11 22:29:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

 

[2014/06/11 22:29:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

 

[2014/06/11 22:29:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

 

[2014/06/11 22:29:01 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll

 

[2014/06/11 22:29:01 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

 

[2014/06/11 22:29:00 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

 

[2014/06/11 22:29:00 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll

 

[2014/06/11 22:29:00 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

 

[2014/06/11 22:29:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

 

[2014/06/11 22:29:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

 

[2014/06/11 22:28:59 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

 

[2014/06/11 22:28:59 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

 

[2014/06/11 22:28:59 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

 

[2014/06/11 22:28:58 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

 

[2014/06/11 22:26:38 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll

 

[2014/06/11 22:26:38 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll

 

[2014/06/10 20:00:22 | 000,000,000 | ---D | C] -- C:\Users\Caruso\Desktop\Annual Conference

 

[2014/06/05 21:02:11 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll

 

[2014/06/05 21:02:11 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll

 

[2014/06/05 20:57:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll

 

[2014/06/05 20:57:54 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe

 

[2014/06/05 20:57:54 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe

 

[2014/06/05 20:57:54 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll

 

[2014/06/05 20:57:54 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys

 

[2014/06/05 20:57:54 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll

 

[2014/06/05 20:57:54 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll

 

[2014/06/05 20:57:54 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll

 

[2014/06/05 20:57:54 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll

 

[2014/06/05 20:57:54 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll

 

[2014/06/05 20:57:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

 

[2014/06/05 20:57:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

 

[2014/06/05 20:57:53 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe

 

[2014/06/05 20:57:53 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe

 

[2014/06/05 20:57:53 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdvidcrl.dll

 

[2014/06/05 20:57:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdvidcrl.dll

 

[2014/06/05 20:54:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

 

[2014/06/05 20:53:49 | 000,000,000 | ---D | C] -- C:\Avenger

 

[2014/06/05 20:33:08 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe

 

[2014/06/05 20:33:03 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

 

[2014/06/05 20:33:03 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

 

[2014/06/05 20:33:03 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll

 

[2014/06/05 20:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

 

[2014/06/05 20:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

 

[2014/06/05 20:28:24 | 000,000,000 | ---D | C] -- C:\Users\Caruso\AppData\Local\Secunia PSI

 

[2014/06/05 20:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia

 

[2014/06/05 20:16:44 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

 

[2014/05/28 00:05:24 | 000,000,000 | ---D | C] -- C:\Users\Caruso\Doctor Web

 

[2014/05/26 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Caruso\Desktop\Regency

 

[2014/05/22 18:57:02 | 000,000,000 | ---D | C] -- C:\Users\Caruso\Desktop\Newsletter March 2014_files

 

[2014/05/20 19:45:05 | 000,000,000 | ---D | C] -- C:\Users\Caruso\Desktop\Budget

 

[2014/05/16 09:38:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

 

[2014/05/15 15:29:37 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll

 

[2014/05/15 15:29:36 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

 

[2014/05/15 15:29:36 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

 

[2014/05/15 15:29:36 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

 

[2014/05/15 15:29:36 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll

 

[2014/05/15 15:29:36 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe

 

[2014/05/15 15:29:35 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll

 

[2014/05/15 15:29:35 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

 

[2014/05/15 15:29:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll

 

[2014/05/15 15:29:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll

 

[2014/05/15 15:29:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll

 

[2014/05/15 15:29:35 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll

 

[2014/05/15 15:29:35 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll

 

[2014/05/15 15:29:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll

 

[2014/05/15 15:29:35 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll

 

[2014/05/15 15:29:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll

 

[2014/05/15 15:29:35 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll

 

[2014/05/15 15:29:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll

 

[2014/05/15 15:29:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll

 

[2014/05/15 15:29:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll

 

[2014/05/15 15:29:35 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll

 

[2014/05/15 15:29:34 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll

 

[2014/05/15 15:29:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll

 

[2014/05/09 10:51:27 | 000,000,000 | ---D | C] -- C:\windows\ERUNT

 

[2014/05/09 10:34:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner

 

[2014/05/09 00:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

 

[2014/05/09 00:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

 

[2014/05/09 00:20:20 | 000,000,000 | ---D | C] -- C:\Users\Caruso\AppData\Roaming\Opera Software

 

[2014/05/09 00:20:20 | 000,000,000 | ---D | C] -- C:\Users\Caruso\AppData\Local\Opera Software

 

[2014/05/09 00:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

 

[2014/05/07 00:00:09 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel

 

[2014/05/06 22:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

 

[2014/05/06 22:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

 

[2014/04/30 19:36:42 | 000,000,000 | -HSD | C] -- C:\Users\Caruso\AppData\Local\EmieUserList

 

[2014/04/30 19:36:42 | 000,000,000 | -HSD | C] -- C:\Users\Caruso\AppData\Local\EmieSiteList

 

[2013/04/09 09:31:36 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Caruso\install_flash_player.exe

 

[2011/12/15 07:20:26 | 001,190,568 | ---- | C] (Driver Manager                                               ) -- C:\Users\Caruso\DriverManager.exe

 

[2011/01/27 17:58:05 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Caruso\SkypeSetup.exe

 

[2011/01/27 17:35:38 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Users\Caruso\avg_free_stb_en_2011_1204_free.exe

 

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

 

 

========== Files - Modified Within 60 Days ==========

 

 

 

[2014/06/23 14:42:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

 

[2014/06/23 14:33:34 | 000,022,208 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

 

[2014/06/23 14:33:34 | 000,022,208 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

 

[2014/06/23 14:32:51 | 000,786,662 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

 

[2014/06/23 14:32:51 | 000,670,054 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

 

[2014/06/23 14:32:51 | 000,127,638 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

 

[2014/06/23 14:26:44 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

 

[2014/06/23 14:26:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

 

[2014/06/23 14:26:21 | 3007,647,744 | -HS- | M] () -- C:\hiberfil.sys

 

[2014/06/23 11:53:22 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

 

[2014/06/23 11:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

 

[2014/06/16 13:49:44 | 000,040,626 | ---- | M] () -- C:\windows\SysNative\.crusader

 

[2014/06/13 00:02:29 | 004,114,363 | ---- | M] () -- C:\Users\Caruso\Desktop\2011-2012IntermediateSpecifications_000.pdf

 

[2014/06/12 17:31:07 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

 

[2014/06/12 17:31:07 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

 

[2014/06/08 19:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll

 

[2014/06/08 19:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll

 

[2014/06/05 20:32:59 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll

 

[2014/06/05 20:32:58 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe

 

[2014/06/05 20:32:58 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

 

[2014/06/05 20:32:58 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

 

[2014/06/05 20:28:19 | 000,001,117 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

 

[2014/06/05 20:23:35 | 000,000,764 | ---- | M] () -- C:\Users\Caruso\Desktop\SecurityCheck - Shortcut.lnk

 

[2014/05/30 20:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

 

[2014/05/30 19:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

 

[2014/05/30 19:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

 

[2014/05/30 19:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

 

[2014/05/30 19:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

 

[2014/05/30 19:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

 

[2014/05/30 19:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

 

[2014/05/30 19:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

 

[2014/05/30 19:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

 

[2014/05/30 19:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

 

[2014/05/30 19:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

 

[2014/05/30 19:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll

 

[2014/05/30 18:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll

 

[2014/05/30 18:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

 

[2014/05/30 18:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

 

[2014/05/30 18:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll

 

[2014/05/30 18:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

 

[2014/05/30 18:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

 

[2014/05/30 18:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

 

[2014/05/30 18:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

 

[2014/05/30 18:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

 

[2014/05/30 18:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

 

[2014/05/30 18:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

 

[2014/05/30 18:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

 

[2014/05/30 18:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll

 

[2014/05/30 18:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

 

[2014/05/30 18:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll

 

[2014/05/30 18:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

 

[2014/05/30 18:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

 

[2014/05/30 17:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll

 

[2014/05/30 17:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

 

[2014/05/30 17:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

 

[2014/05/30 17:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

 

[2014/05/27 22:46:29 | 000,307,465 | ---- | M] () -- C:\Users\Caruso\AppData\Local\census.cache

 

[2014/05/27 22:46:22 | 000,133,111 | ---- | M] () -- C:\Users\Caruso\AppData\Local\ars.cache

 

[2014/05/27 22:30:04 | 000,000,036 | ---- | M] () -- C:\Users\Caruso\AppData\Local\housecall.guid.cache

 

[2014/05/22 18:57:04 | 000,035,535 | ---- | M] () -- C:\Users\Caruso\Desktop\Newsletter March 2014.htm

 

[2014/05/18 23:12:13 | 000,291,157 | ---- | M] () -- C:\Users\Caruso\Desktop\VodaBill May.pdf

 

[2014/05/16 22:03:17 | 000,179,002 | ---- | M] () -- C:\Users\Caruso\Desktop\Visitor_e-PASS_Statement April 2014.pdf

 

[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

 

[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

 

[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

 

[2014/05/09 10:57:36 | 000,000,768 | ---- | M] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg

 

[2014/05/09 10:50:12 | 000,000,656 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg

 

[2014/05/08 19:32:11 | 003,178,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll

 

[2014/05/08 19:32:11 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RdpGroupPolicyExtension.dll

 

[2014/05/07 16:18:32 | 000,000,042 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

 

[2014/05/06 22:29:01 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

 

[2014/05/02 08:50:46 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys

 

[2014/04/25 12:34:59 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll

 

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 

 

 

========== Files Created - No Company Name ==========

 

 

 

[2014/06/16 13:49:44 | 000,040,626 | ---- | C] () -- C:\windows\SysNative\.crusader

 

[2014/06/13 00:02:29 | 004,114,363 | ---- | C] () -- C:\Users\Caruso\Desktop\2011-2012IntermediateSpecifications_000.pdf

 

[2014/06/05 20:30:59 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

 

[2014/06/05 20:28:19 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

 

[2014/06/05 20:28:19 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

 

[2014/06/05 20:23:35 | 000,000,764 | ---- | C] () -- C:\Users\Caruso\Desktop\SecurityCheck - Shortcut.lnk

 

[2014/05/27 22:46:29 | 000,307,465 | ---- | C] () -- C:\Users\Caruso\AppData\Local\census.cache

 

[2014/05/27 22:46:22 | 000,133,111 | ---- | C] () -- C:\Users\Caruso\AppData\Local\ars.cache

 

[2014/05/27 22:30:04 | 000,000,036 | ---- | C] () -- C:\Users\Caruso\AppData\Local\housecall.guid.cache

 

[2014/05/22 18:57:01 | 000,035,535 | ---- | C] () -- C:\Users\Caruso\Desktop\Newsletter March 2014.htm

 

[2014/05/18 23:12:13 | 000,291,157 | ---- | C] () -- C:\Users\Caruso\Desktop\VodaBill May.pdf

 

[2014/05/16 22:03:17 | 000,179,002 | ---- | C] () -- C:\Users\Caruso\Desktop\Visitor_e-PASS_Statement April 2014.pdf

 

[2014/05/09 10:48:06 | 000,000,656 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg

 

[2014/05/09 00:20:19 | 000,001,140 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

 

[2014/05/07 16:19:08 | 000,000,768 | ---- | C] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg

 

[2014/05/06 22:29:01 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

 

[2014/05/06 21:49:12 | 000,001,111 | ---- | C] () -- C:\Users\Caruso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

 

[2014/01/10 12:28:59 | 000,004,096 | -H-- | C] () -- C:\Users\Caruso\AppData\Local\keyfile3.drm

 

[2013/07/03 10:43:47 | 000,000,017 | ---- | C] () -- C:\Users\Caruso\AppData\Local\resmon.resmoncfg

 

[2013/01/24 14:46:00 | 000,130,048 | ---- | C] () -- C:\windows\SysWow64\fxfr8aJBF.DLL

 

[2013/01/24 14:46:00 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\fxhr8aLM.DLL

 

[2012/05/24 15:28:45 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib

 

[2011/01/27 18:43:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

 

 

 

========== ZeroAccess Check ==========

 

 

 

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

 

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

 

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

 

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

 

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

 

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 12:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)

 

"ThreadingModel" = Apartment

 

 

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 12:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

 

"ThreadingModel" = Apartment

 

 

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

 

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

 

"ThreadingModel" = Free

 

 

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

 

"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

 

"ThreadingModel" = Free

 

 

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

 

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

 

"ThreadingModel" = Both

 

 

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

 

 

========== Purity Check ==========

 

 

 

 

 

 

 

< End of report >

Link to post
Share on other sites

Hey Lupo, no problem on posting logs !

 

This fix is wrote for this machine only, if run on a different computer it may cause problems !

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLDRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit:'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =E - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enAU587FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-2453220590-1116701832-226220176-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4 - HKLM..\Run: [Launcher205f] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M205 f/fw File not foundO4 - HKLM..\Run: [StatusAutoRunm205f] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint M205 f,hide,\S File not foundO18:64bit: - Protocol\Handler\belarc - No CLSID value foundO18:64bit: - Protocol\Handler\linkscanner - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\linkscanner - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log when complete !!

 

Thanks

Chuck

Link to post
Share on other sites

Hi again Chuck

 

I have run the 'Fix'. Here's the log:

 

Lupo

 

All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Launcher205f deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StatusAutoRunm205f deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
File Protocol\Handler\belarc - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File Protocol\Handler\linkscanner - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Caruso
->Java cache emptied: 262510 bytes
 
User: Default
 
User: Default User
 
User: Public
 
User: TEMP
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Caruso
->Flash cache emptied: 5380287 bytes
 
User: Default
->Flash cache emptied: 57311 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
->Flash cache emptied: 2870 bytes
 
Total Flash Files Cleaned = 5.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Caruso
->Temp folder emptied: 119888364 bytes
->Temporary Internet Files folder emptied: 303062642 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1524659 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 218591352 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 205879 bytes
RecycleBin emptied: 234358 bytes
 
Total Files Cleaned = 614.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 06242014_144314

Files\Folders moved on Reboot...
C:\Users\Caruso\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Caruso\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z0IR0RED\34649-bloodhound-malpe[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z0IR0RED\index.33ab8a45ba58b68fc0874bc7bf44ee6f[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOTDW8AW\jot[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOTDW8AW\storageframe[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOTDW8AW\zrt_lookup[2].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6W3VVC2\pts55f-webfont[1].eot moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6W3VVC2\SPORT.AFL_MAGPIESFC_HOME.HOME;sz=1x1;AREA_AFL_CLUBS_ONL=SPORT.AFL_MAGPIESFC_HOME[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6W3VVC2\SPORT.AFL_MAGPIESFC_HOME.HOME;sz=300x250;AREA_AFL_CLUBS_ONL=SPORT.AFL_MAGPIESFC_HOME[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6W3VVC2\SPORT.AFL_MAGPIESFC_HOME.HOME;sz=4x1;AREA_AFL_CLUBS_ONL=SPORT.AFL_MAGPIESFC_HOME[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y6W3VVC2\SPORT.AFL_MAGPIESFC_HOME.HOME;sz=728x90;AREA_AFL_CLUBS_ONL=SPORT.AFL_MAGPIESFC_HOME[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OUVE9ME2\afl[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OUVE9ME2\SPORT.AFL_MAGPIESFC_HOME.HOME;sz=300x250;AREA_AFL_CLUBS_ONL=SPORT.AFL_MAGPIESFC_HOME[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCSWGTM0\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCSWGTM0\70f9f392-5efe-4938-b6f3-76beb2ca9de7-2[1].eot moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LCSWGTM0\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KE13D7FA\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KE13D7FA\postmessageRelay[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IDV2CXLO\hub[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I8IQ18OO\7L2ULU32.htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I8IQ18OO\AQ3HYQAW.htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HRFSJIFE\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HRFSJIFE\interim[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GT6UIV7R\getSegment[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BGBWNPMY\ads[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BGBWNPMY\CFCfixture[2].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BGBWNPMY\fastbutton[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BGBWNPMY\hub[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BGBWNPMY\like[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZO4EMWJ\handshake[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YJ3SCGE\ads[3].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8YJ3SCGE\follow_button.1403226798[1].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6CPKTIXU\provider[2].htm moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\TimeInfo.txt scheduled to be moved on reboot.
File move failed. C:\windows\temp\TrcInfo.txt scheduled to be moved on reboot.
C:\windows\temp\wbxtra_06242014_131230.wbt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Hi Chuck

 

I just did an update of Symantec and had another bloodhound detection.

 

Here's the entry from the Symantec Risk Log.

 

Is the problem within the Symantec program. Just speculating?

 

Lupo

 

 

LDVPResultsTable Filename Risk Action Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date and Time DWHFA84.tmp Bloodhound.MalPE Quarantined Heuristics C:\Users\Caruso\AppData\Local\Temp\ ORPHEUS Caruso Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 24/06/2014 3:07:51 PM

Edited by Lupo
Link to post
Share on other sites

Lupo, that is in Quarantine, see here >>> C:\Users\Caruso\AppData\Local\Temp\ ORPHEUS Caruso Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully. 24/06/2014 3:07:51 PM

If Symantec kept a folder you should be able to find the log (end point) it saved to put quarantined stuff in & just delete it !!!!

 

Is Symantec your paid Antivirus !

 

Chuck

Link to post
Share on other sites

Hi Chuck

 

Yes, I am using Symantec endpoint protection.

 

It picks up the virus, but quarantines it. I was never sure whether it was safe, and whether I could just ignore it. That's why I jumped on here

 

It 'acts' randomly. Sometimes nothing will happen for days, and then suddenly it will activate repeatedly. Symantec always picks it up. But I can't stop it. 

 

It seemed that it was better to try and get rid of it permanently. What do you think?

Link to post
Share on other sites

Lupo. yes you can if Symantec endpoint protection should of saved it somewhere  all that it quarantined, find it & remove it if you want. Like i said it can do no harm where it's at !

Look and see if there is a Risk log in the Symantec Endpoint Protection console.

 

Found this info on Symantec endpoint protection:

By default, the Quarantine stores backup, repaired, and quarantined files in a default folder. It automatically deletes files after 30 days.

You can manage the storage of quarantined items in the following ways:

·         Specify a local folder to store quarantined files.

You can use the default folder or a folder that you choose.

.

·         Specify when files are automatically deleted.

The Quarantine automatically deletes files after a specified number of days. You can also configure the Quarantine to delete files when the folder where the files are stored reaches a specified size. You can configure the settings individually for repaired files, backup files, and quarantined files.

 

If it was me & couldn't find & delete it right away i wouldn't worry about it ! It's quarantined !!

 

Hope this info helps !

 

Chuck

Link to post
Share on other sites

 Ok, lets see if we can find any trace of it other than in quarantine !

 

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from this location:

Link 1
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Link 2
http://www.infospyware.net/antimalware/combofix


* IMPORTANT !!! Save ComboFix.exe to your Desktop



  * Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    *  See this Link >>> http://www.bleepingcomputer.com/forums/topic114351.html <<<  for programs that need to be disabled and instruction on how to disable them.
   
    *  Remember to re-enable them when we're done.

    *  Double click on ComboFix.exe & follow the prompts.

    *  As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    *  Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

 Notes:   

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of  ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4.  CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.   

Give it atleast 20-30 minutes to finish if needed.

 Please do not attach the scan results from Combofix. Use copy/paste.   

 

 

================================
 

 

 

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.

 

 

Post those logs so i can see if it's in one of them !!

 

Thanks

Chuck
 

Link to post
Share on other sites

Hi Chuck

 

Sorry for the delay.

 

Here is the log from the combofix scan.

 

Lupo

 

ComboFix 14-06-27.01 - Caruso 27/06/2014  15:34:15.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.3824.1995 [GMT 10:00]
Running from: c:\users\Caruso\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI1186.txt
c:\windows\tmp\dd_vcredistMSI1C3A.txt
c:\windows\tmp\dd_vcredistMSI4BF4.txt
c:\windows\tmp\dd_vcredistMSI5528.txt
c:\windows\tmp\dd_vcredistMSI7DF6.txt
c:\windows\tmp\dd_vcredistUI1186.txt
c:\windows\tmp\dd_vcredistUI1C3A.txt
c:\windows\tmp\dd_vcredistUI4BF4.txt
c:\windows\tmp\dd_vcredistUI5528.txt
c:\windows\tmp\dd_vcredistUI7DF6.txt
c:\windows\tmp\fonts\fontdb
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-27 to 2014-06-27  )))))))))))))))))))))))))))))))
.
.
2014-06-24 23:27 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A8E78D6-5BB2-4327-8363-A57D6F70D63A}\mpengine.dll
2014-06-24 04:43 . 2014-06-24 04:43 -------- d-----w- C:\_OTL
2014-06-16 03:57 . 2014-06-16 03:57 -------- d-----w- C:\EEK
2014-06-16 03:45 . 2014-06-16 03:45 -------- d-----w- c:\program files\HitmanPro
2014-06-16 03:44 . 2014-06-16 03:49 -------- d-----w- c:\programdata\HitmanPro
2014-06-11 12:28 . 2014-06-02 06:03 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-06-11 12:28 . 2014-05-30 10:22 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-06-11 12:28 . 2014-05-30 09:39 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-06-11 12:28 . 2014-05-30 08:49 195584 ----a-w- c:\windows\system32\msrating.dll
2014-06-11 12:28 . 2014-05-30 08:46 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-11 12:28 . 2014-05-30 07:56 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-06-11 12:28 . 2014-05-30 07:20 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-06-11 12:28 . 2014-05-30 07:13 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-06-11 12:28 . 2014-05-30 10:21 23414784 ----a-w- c:\windows\system32\mshtml.dll
2014-06-11 12:28 . 2014-05-30 09:11 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 12:26 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 12:26 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-05 11:02 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-06-05 11:02 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-06-05 10:33 . 2014-06-05 10:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-05 10:32 . 2014-06-05 10:32 -------- d-----w- c:\program files (x86)\Java
2014-06-05 10:28 . 2014-06-05 10:28 -------- d-----w- c:\users\Caruso\AppData\Local\Secunia PSI
2014-06-05 10:28 . 2014-06-05 10:28 -------- d-----w- c:\program files (x86)\Secunia
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-27 04:48 . 2014-04-02 12:31 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-12 07:31 . 2012-04-10 06:22 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-12 07:31 . 2011-05-20 09:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-11 13:51 . 2011-01-28 23:02 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-11 21:26 . 2014-04-02 12:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-11 21:26 . 2014-04-02 12:31 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 21:25 . 2013-04-05 10:08 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-01 22:50 . 2012-12-19 21:47 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-04-14 16:34 . 2014-04-14 16:34 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22 . 2014-05-15 05:29 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-15 05:29 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-15 05:29 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-15 05:29 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-15 05:29 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-15 05:29 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-15 05:29 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-15 05:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-15 05:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-30 23:35 . 2011-01-27 07:46 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-11 6564120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-18 111640]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"EPBConnect"="c:\program files (x86)\Panasonic\elite Panaboard\EPBCONCT.exe" [2010-06-17 405504]
"EPBPenC"="c:\program files (x86)\Panasonic\elite Panaboard\EPBPenC.exe" [2010-05-08 348160]
"M205f RUN"="c:\program files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe" [2011-12-06 355840]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-7 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 epbmtusb;HID Minidriver for Panaboard;c:\windows\system32\DRIVERS\epbmtusb.sys;c:\windows\SYSNATIVE\DRIVERS\epbmtusb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 FXNADB;FXcnStatutsDatabase;c:\program files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe;c:\program files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode [x]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 t36gbus;Ericsson F3607gw for TOSHIBA Mobile Broadband Device (Win7);c:\windows\system32\DRIVERS\t36gbus.sys;c:\windows\SYSNATIVE\DRIVERS\t36gbus.sys [x]
S3 t36gmdfl;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem Filter (Win7);c:\windows\system32\DRIVERS\t36gmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\t36gmdfl.sys [x]
S3 t36gmdm;Ericsson F3607gw for TOSHIBA Mobile Broadband Modem (Win7);c:\windows\system32\DRIVERS\t36gmdm.sys;c:\windows\SYSNATIVE\DRIVERS\t36gmdm.sys [x]
S3 t36gmgmt;Ericsson F3607gw for TOSHIBA Mobile Broadband Device Mgmt (Win7);c:\windows\system32\DRIVERS\t36gmgmt.sys;c:\windows\SYSNATIVE\DRIVERS\t36gmgmt.sys [x]
S3 t36wgps;TOSHIBA Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\t36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\t36wgps64.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:31]
.
2014-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 03:21]
.
2014-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-23 03:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2010-03-02 18:24 153520 ----a-w- c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2010-03-02 925104]
"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2010-03-02 793008]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 2114376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer =

TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{161D60FB-76D4-4088-8428-54658292C472}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{67EB52BF-5DE2-4317-96C1-762BE335DE59}: NameServer = 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-28880597.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Connect Add-in - c:\users\Caruso\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2453220590-1116701832-226220176-1001)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2453220590-1116701832-226220176-1001)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\TOSHIBA\F3607gw Mobile Broadband Device\WMCore\mini_WMCore.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2014-06-27  15:58:41 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-27 05:58
ComboFix2.txt  2013-08-30 10:03
.
Pre-Run: 20,992,069,632 bytes free
Post-Run: 20,302,655,488 bytes free
.
- - End Of File - - 6A8C7397F8CA4B1189084603570F34C1
 

Link to post
Share on other sites

Hi Again

 

Here's the RKill log

 

Lupo

 

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Caruso [Admin rights]
Mode : Scan -- Date : 06/27/2014  16:13:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{161D60FB-76D4-4088-8428-54658292C472} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67EB52BF-5DE2-4317-96C1-762BE335DE59} | NameServer : 0.0.0.0  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{161D60FB-76D4-4088-8428-54658292C472} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67EB52BF-5DE2-4317-96C1-762BE335DE59} | NameServer : 0.0.0.0  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{161D60FB-76D4-4088-8428-54658292C472} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{67EB52BF-5DE2-4317-96C1-762BE335DE59} | NameServer : 0.0.0.0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2453220590-1116701832-226220176-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] \\{D6F3A19B-82B7-41BB-AD6C-64E100C5E5A3} -- C:\windows\system32\pcalua.exe (-a "C:\Users\Caruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U0KP3N7P\ljP2035-xps-pnp-win32-en.exe" -d C:\Users\Caruso\Desktop) -> FOUND

¤¤¤ Files : 1 ¤¤¤
[ZeroAccess][Folder] Install -- C:\Users\Caruso\AppData\Local\Google\Desktop\Install -> FOUND

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA THNSNC128GMLJ +++++
--- User ---
[MBR] c0e20bbe0f45fd93c5a0038ec8526af1
[bSP] 3b709ccb4e6dc28f2cd049e1d2afc944 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 110437 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 229249024 | Size: 10166 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Hi Chuck

 

Sorry, I've posted the Rkill log 3 times.

 

Couldn't figure out how to get rid of it..

 

Seems like a silly question, but do I delete what RKill detected?

 

Thanks for you patience.

 

Lupo

Edited by Lupo
Link to post
Share on other sites

Dear Chuck

 

I just need to let you know that I will be attending a conference for the next four days and may not have internet access. Sounds odd, I know.

It seems this site has a policy of closing threads if people don't respond, so I just wanted to let you know I'd be back.

 

One small problem has cropped up: the scans have stripped google from my start up homepage in ie. I have added it so that it should open as an extra tab, but it won't open when I start a new web session???

 

Thanks for your help and patience.

 

Lupo

Link to post
Share on other sites

Lupo, all forums have a time limit, most are 3 days but ours is 5. We do this so there is no "drive by's" (people who don't have any business posting in your topic) !!

 

Ok let's clean what Rkiller found & remove Combofix also !

 

1. Remove Combofix: Time for some housekeeping
[*] Click START then RUN [*] Now type Combofix /Uninstall in the runbox and click OK( please note the space between Combofix and the /, it is needed.)

CF-Uninstall.png


The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix.
Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.
When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.
You can now delete the ComboFix.exe program from your computer.
ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

 

 

2. Remove what Rkiller found : Open RogueKiller :     
* Quit all programs that you may have started.
* Please disconnect any USB or external drives from the computer before you run this scan!
* For Vista or Windows 7, right-click and select "Run as Administrator to start"
* For Windows XP, double-click to start.
* Wait until Prescan has finished ...
* Then Click on "Scan" button
* Wait until the Status box shows "Scan Finished"
* click on "delete"
* Wait until the Status box shows "Deleting Finished"
* Click on "Report" and copy/paste the content of the Notepad into your next reply.
* The log should be found in RKreport[1].txt on your Desktop
* Exit/Close RogueKiller+

After you post the "clean log" from Rkiller run it 1 more time & post it for me !!

 

Thanks & have fun at that conference (classes on first aid & MSHA & OSHA) I use to hate those, now i'm retired & enjoying it !
 

Run Symantec and see if there is any trace of bloodhound !!!

Chuck

Link to post
Share on other sites

Hi Chuck I have returned.

 

Tried pasting the RKill scan results, but I'm having trouble getting it to paste.

 

I have copied it into Word from Notepad. I can cut or copy, but I can't paste????

 

Lupo

Link to post
Share on other sites

Lupo, try again today to post it ! Seems as tho we may be experiencing troubles with the paste ! If you still can't post it, click the more "More reply options" below & try the attach files in the bottom left !

 

Thanks

Chuck

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.