Jump to content

Help with svchost.exe virus; random audio files


Recommended Posts

Help!  I can't locate and remove/delete a virus on my computer.  I tried TDSSKiller and Malwarebytes, but the programs don't find the virus. 

 

TDSSKiller gives me 2 suspicious services: DcomLaunch and RpcSs, but can't doesn't seem to help when I quarantine the files.  Malwarebytes doesn't pick it up at all, but sometimes blocks the attack. I attached the DDS files in the log below.

 

Thank you,

Herbert

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 1.6.0_30
Run by H Kimble at 13:55:12 on 2014-01-02
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3935.2215 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
uRun: [Azureus Update] regsvr32.exe "C:\Users\H Kimble\AppData\Local\Azureus\llrdepgccavrbt.dll"
uRun: [Google Update] "C:\Users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}










TCP: NameServer = 10.0.0.1
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\344434D2E414340502F46666963656 : DHCPNameServer = 80.87.78.4 80.87.78.11
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\35F6E6370214365727160234573747F6D656270275966696 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\E4F4B4941402C457D6961602830303F593038353 : DHCPNameServer = 192.168.33.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\H Kimble\AppData\Roaming\Mozilla\Firefox\Profiles\4ek3i8tz.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo!


FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\H Kimble\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-1-9 98888]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140101.001\IDSviA64.sys [2014-1-1 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-24 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-4-15 1646056]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2010-6-7 11576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-24 137648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-24 25928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AirDisplay;Air Display Support;C:\Windows\System32\drivers\AVVideoCard.sys [2012-9-24 15808]
S3 AirDisplayMirror;Air Display Mirror Support;C:\Windows\System32\drivers\AVVideoCardMirror.sys [2012-9-24 15808]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-12-27 89304]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-7-6 115272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-11-29 167424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);"C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user --> C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [?]
.
=============== Created Last 30 ================
.
2013-12-31 23:05:49 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57EFC843-92A0-4270-BEB2-730B6B1F2A64}\mpengine.dll
2013-12-30 19:57:02 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-28 05:36:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-28 03:59:05 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-25 02:37:57 -------- d-----w- C:\Users\H Kimble\AppData\Roaming\Malwarebytes
2013-12-25 02:36:06 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-25 02:36:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-25 02:36:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 00:55:30 388096 ----a-r- C:\Users\H Kimble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-25 00:55:29 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-12-24 19:22:43 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-22 05:57:35 -------- d-----w- C:\Users\H Kimble\.android
2013-12-22 05:57:27 -------- d-----w- C:\Users\H Kimble\AppData\Local\cache
2013-12-22 05:57:26 -------- d-----w- C:\Users\H Kimble\AppData\Local\genienext
2013-12-22 05:57:24 -------- d-----w- C:\Users\H Kimble\AppData\Local\Mobogenie
2013-12-22 05:56:41 -------- d-----w- C:\Program Files (x86)\Mobogenie
2013-12-22 05:53:31 -------- d-----w- C:\ProgramData\Conduit
2013-12-22 05:51:25 -------- d-----w- C:\Users\H Kimble\AppData\Local\NativeMessaging
2013-12-22 05:51:15 -------- d-----w- C:\Users\H Kimble\AppData\Local\Conduit
2013-12-22 05:51:12 -------- d-----w- C:\Users\H Kimble\AppData\Local\CRE
2013-12-22 05:51:09 -------- d-----w- C:\Program Files (x86)\Conduit
2013-12-22 05:50:57 -------- d-----w- C:\Users\H Kimble\AppData\Local\SearchProtect
2013-12-12 08:07:29 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:07:29 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:07:28 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:07:28 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 06:23:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-12 06:23:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-12 06:23:42 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-12 06:23:41 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-12 06:23:40 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-12 06:19:24 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-12 06:19:23 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-12 06:19:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-12 06:19:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-12 06:19:21 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-12 06:19:20 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-12 06:18:29 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-12 06:18:28 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-12 06:18:28 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-12 06:18:28 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-12 06:18:28 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-12 06:18:28 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-12 06:18:27 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-12 06:18:27 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 00:57:36 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-10 22:55:43 -------- d-----w- C:\Program Files (x86)\AVI To MP4 Converter
2013-12-10 22:55:30 -------- d-----w- C:\Users\H Kimble\AppData\Local\Programs
2013-12-08 16:05:44 -------- d-----w- C:\Users\H Kimble\AppData\Roaming\Kodak
2013-12-07 19:52:54 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak
2013-12-07 19:52:24 -------- d-----w- C:\Program Files (x86)\Kodak
2013-12-07 19:23:09 -------- d-----w- C:\ProgramData\{C585085B-79A8-423C-B04B-77DD30E9C195}
2013-12-06 03:17:20 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA63C39A-044A-423B-B1AF-A67D07818FB6}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-12-11 00:58:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:58:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH: 14:37:29.99 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2010 10:45:51 PM
System Uptime: 1/2/2014 1:49:52 PM (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core2 Duo CPU     T5800  @ 2.00GHz | N/A | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 15.506 GiB free.
E: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP275: 12/21/2013 1:07:19 AM - Windows Update
RP276: 12/21/2013 12:39:17 PM - VAIO Care Automatic Restore Point
RP277: 12/22/2013 3:02:01 AM - Windows Update
RP278: 12/23/2013 3:00:29 AM - Windows Update
RP279: 12/24/2013 3:00:34 AM - Windows Update
RP280: 12/24/2013 4:25:09 AM - Windows Update
RP281: 12/24/2013 7:01:41 PM - Removed Vuze Remote Toolbar v8.5.
RP282: 12/24/2013 7:14:36 PM - Removed Vuze Remote Toolbar v8.5.
RP283: 12/24/2013 7:50:20 PM - Installed HiJackThis
RP284: 12/24/2013 7:52:03 PM - Installed HiJackThis
RP285: 12/25/2013 3:00:47 AM - Windows Update
RP286: 12/26/2013 3:00:33 AM - Windows Update
RP287: 12/27/2013 3:00:14 AM - Windows Update
RP288: 12/28/2013 3:00:27 AM - Windows Update
RP289: 12/29/2013 3:00:28 AM - Windows Update
RP290: 12/30/2013 3:00:30 AM - Windows Update
RP291: 12/31/2013 3:03:10 AM - Windows Update
RP292: 1/1/2014 3:01:03 AM - Windows Update
RP293: 1/2/2014 1:24:05 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
AVI To MP4 Converter 1.0
Bonjour
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CVE-2013-3893
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HiJackThis
iCloud
iTunes
Java Auto Updater
Java 6 Update 30
KODAK Share Button App
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Xbox 360 Accessories 1.2
Mission Planner
MobileMe Control Panel
Mozilla Firefox 23.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Instruments Software
NI Uninstaller
NI VC2008MSMs x64
NI VC2008MSMs x86
Norton Security Suite
Online Plug-in
Pinnacle Studio 14
Pinnacle Video Driver
QuickTime
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Self-service Plug-in
Sony Download Taxi 1.5.0.0
System Requirements Lab for Intel
TreeSize Free V2.5
TurboTax 2011
TurboTax 2011 wgaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wgaiper
TurboTax 2012 winiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
Virtual COM Port Driver
VISA Shared Components 64-Bit
Windows Driver Package - 3D Robotics (usbser) Ports  (03/28/2013 1.6.2.0)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2012 5.1.2600.0)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (04/10/2012 2.08.24)
X-CTU
YTD Video Downloader 4.5.1
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 9:05:49 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
12/31/2013 8:51:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
12/31/2013 8:50:39 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
12/31/2013 8:49:04 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007041d   Error description: The service did not respond to the start or control request in a timely fashion.    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
12/31/2013 8:49:02 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.
12/31/2013 8:49:02 PM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/31/2013 8:47:52 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
12/31/2013 8:47:52 PM, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/31/2013 8:45:45 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
12/31/2013 8:45:45 PM, Error: Service Control Manager [7000]  - The Apple Mobile Device service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/31/2013 10:55:08 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/31/2013 10:50:36 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
12/30/2013 7:55:42 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The data is invalid.
12/30/2013 7:55:41 PM, Error: Service Control Manager [7038]  - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/30/2013 7:55:41 PM, Error: Service Control Manager [7023]  - The Diagnostic System Host service terminated with the following error:  The requested control is not valid for this service.
12/30/2013 7:55:41 PM, Error: Service Control Manager [7000]  - The IPsec Policy Agent service failed to start due to the following error:  The service did not start due to a logon failure.
12/30/2013 7:55:41 PM, Error: Service Control Manager [7000]  - The Computer Browser service failed to start due to the following error:  A system shutdown is in progress.
12/30/2013 7:55:40 PM, Error: Service Control Manager [7038]  - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/30/2013 7:55:40 PM, Error: Service Control Manager [7000]  - The Remote Desktop Services service failed to start due to the following error:  The service did not start due to a logon failure.
12/30/2013 7:55:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
12/30/2013 7:16:07 PM, Error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort0.
12/29/2013 9:50:21 AM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.0.45. The computer with the IP address 10.0.0.44 did not allow the name to be claimed by this computer.
12/29/2013 9:43:26 AM, Error: BROWSER [8019]  - The browser was unable to promote itself to master browser.  The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
12/29/2013 8:23:28 AM, Error: BROWSER [8020]  - The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is unknown.
12/28/2013 2:33:28 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007a (0xfffff6fc40008710, 0xffffffffc0000185, 0x00000000b0dc7860, 0xfffff880010e293c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122813-43461-01.
12/28/2013 10:46:22 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
12/28/2013 10:46:22 AM, Error: Service Control Manager [7000]  - The Intuit Update Service v4 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/2/2014 9:51:11 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/2/2014 9:51:11 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/2/2014 9:50:37 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 ccSet_N360 cdrom CSC ctxusbm DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/2/2014 9:50:33 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/2/2014 12:56:37 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.934.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode
1/2/2014 12:56:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/2/2014 12:47:04 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 12:45:50 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 12:45:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/2/2014 12:45:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/2/2014 12:45:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/2/2014 12:45:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/2/2014 12:45:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
1/2/2014 12:45:04 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_N360 cdrom ctxusbm discache eeCtrl IDSVia64 MpFilter spldr SRTSPX SymIRON SymNetS Wanarpv6
1/2/2014 12:45:02 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/2/2014 12:44:00 PM, Error: Service Control Manager [7023]  - The IPsec Policy Agent service terminated with the following error:  The authentication service is unknown.
1/2/2014 12:42:07 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
1/2/2014 10:13:10 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.934.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode
1/2/2014 1:51:45 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/2/2014 1:50:45 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
1/2/2014 1:50:41 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
1/2/2014 1:50:31 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
1/2/2014 1:50:31 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/2/2014 1:47:53 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.165.934.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.10201.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/2/2014 1:46:11 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/2/2014 1:46:10 PM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 1:46:10 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 1:39:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
1/2/2014 1:21:34 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/2/2014 1:15:55 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello Herbert and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Link to post
Share on other sites

Good. Here's an updated DDS log.  Even with malwarebytes running, I'm still hearing the ads every time I'm on the computer.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 1.6.0_30
Run by H Kimble at 19:36:56 on 2014-01-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3935.2279 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
uRun: [Azureus Update] regsvr32.exe "C:\Users\H Kimble\AppData\Local\Azureus\llrdepgccavrbt.dll"
uRun: [Google Update] "C:\Users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\344434D2E414340502F46666963656 : DHCPNameServer = 80.87.78.4 80.87.78.11
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\35F6E6370214365727160234573747F6D656270275966696 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\E4F4B4941402C457D6961602830303F593038353 : DHCPNameServer = 192.168.33.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\H Kimble\AppData\Roaming\Mozilla\Firefox\Profiles\4ek3i8tz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\H Kimble\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [2013-12-17 1526488]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-1-9 98888]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140103.001\IDSviA64.sys [2014-1-4 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-24 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-4-15 1646056]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2010-6-7 11576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-24 137648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-24 25928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AirDisplay;Air Display Support;C:\Windows\System32\drivers\AVVideoCard.sys [2012-9-24 15808]
S3 AirDisplayMirror;Air Display Mirror Support;C:\Windows\System32\drivers\AVVideoCardMirror.sys [2012-9-24 15808]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-12-27 89304]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-7-6 115272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-11-29 167424]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);"C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user --> C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [?]
.
=============== Created Last 30 ================
.
2014-01-05 18:12:17 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CFF8939-367D-4761-BC39-EFAD3CD857C0}\mpengine.dll
2014-01-04 17:00:56 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-03 16:43:59 92672 ----a-w- C:\Windows\System32\drivers\raspppoe.sys.bak
2013-12-28 05:36:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-28 03:59:05 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-25 02:37:57 -------- d-----w- C:\Users\H Kimble\AppData\Roaming\Malwarebytes
2013-12-25 02:36:06 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-25 02:36:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-25 02:36:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 00:55:30 388096 ----a-r- C:\Users\H Kimble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-25 00:55:29 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-12-24 19:22:43 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-22 05:57:35 -------- d-----w- C:\Users\H Kimble\.android
2013-12-22 05:57:27 -------- d-----w- C:\Users\H Kimble\AppData\Local\cache
2013-12-22 05:57:26 -------- d-----w- C:\Users\H Kimble\AppData\Local\genienext
2013-12-22 05:57:24 -------- d-----w- C:\Users\H Kimble\AppData\Local\Mobogenie
2013-12-22 05:56:41 -------- d-----w- C:\Program Files (x86)\Mobogenie
2013-12-22 05:53:31 -------- d-----w- C:\ProgramData\Conduit
2013-12-22 05:51:25 -------- d-----w- C:\Users\H Kimble\AppData\Local\NativeMessaging
2013-12-22 05:51:15 -------- d-----w- C:\Users\H Kimble\AppData\Local\Conduit
2013-12-22 05:51:12 -------- d-----w- C:\Users\H Kimble\AppData\Local\CRE
2013-12-22 05:51:09 -------- d-----w- C:\Program Files (x86)\Conduit
2013-12-22 05:50:57 -------- d-----w- C:\Users\H Kimble\AppData\Local\SearchProtect
2013-12-12 08:07:29 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:07:29 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:07:28 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:07:28 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 06:23:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-12 06:23:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-12 06:23:42 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-12 06:23:41 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-12 06:23:40 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-12 06:19:24 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-12 06:19:23 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-12 06:19:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-12 06:19:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-12 06:19:21 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-12 06:19:20 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-12 06:18:29 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-12 06:18:28 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-12 06:18:28 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-12 06:18:28 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-12 06:18:28 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-12 06:18:28 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-12 06:18:27 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-12 06:18:27 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 00:57:36 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-10 22:55:43 -------- d-----w- C:\Program Files (x86)\AVI To MP4 Converter
2013-12-10 22:55:30 -------- d-----w- C:\Users\H Kimble\AppData\Local\Programs
2013-12-08 16:05:44 -------- d-----w- C:\Users\H Kimble\AppData\Roaming\Kodak
.
==================== Find3M  ====================
.
2013-12-11 00:58:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:58:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
.
============= FINISH: 20:28:10.70 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2010 10:45:51 PM
System Uptime: 1/6/2014 7:28:20 PM (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core2 Duo CPU     T5800  @ 2.00GHz | N/A | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 9.735 GiB free.
E: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
AVI To MP4 Converter 1.0
Bonjour
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CVE-2013-3893
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HiJackThis
iCloud
iTunes
Java Auto Updater
Java 6 Update 30
KODAK Share Button App
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Xbox 360 Accessories 1.2
Mission Planner
MobileMe Control Panel
Mozilla Firefox 23.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Instruments Software
NI Uninstaller
NI VC2008MSMs x64
NI VC2008MSMs x86
Norton Security Suite
Online Plug-in
Pinnacle Studio 14
Pinnacle Video Driver
QuickTime
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Self-service Plug-in
Sony Download Taxi 1.5.0.0
System Requirements Lab for Intel
TreeSize Free V2.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
Virtual COM Port Driver
VISA Shared Components 64-Bit
Windows Driver Package - 3D Robotics (usbser) Ports  (03/28/2013 1.6.2.0)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2012 5.1.2600.0)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (04/10/2012 2.08.24)
X-CTU
.
==== End Of File ===========================
 
Link to post
Share on other sites

Step 1

I notice that you are using more than one antivirus program.

  • Microsoft Security Essentials (Microsoft Security Client too)
  • Norton Security Suite
  • This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them and reboot your system.

    Step 2

    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

Ok.  I removed the Microsoft Security Programs.  Here's the results of the scan.  Thank you.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.08.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
H Kimble :: HKIMBLE-PC [administrator]
 
1/8/2014 2:34:01 PM
mbam-log-2014-01-08 (14-34-01).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 239173
Time elapsed: 11 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

In addition, here are the new DDS and Attach logs.  Thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 1.6.0_30
Run by H Kimble at 14:57:30 on 2014-01-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3935.1506 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\H Kimble\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
uRun: [Azureus Update] regsvr32.exe "C:\Users\H Kimble\AppData\Local\Azureus\llrdepgccavrbt.dll"
uRun: [Google Update] "C:\Users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\344434D2E414340502F46666963656 : DHCPNameServer = 80.87.78.4 80.87.78.11
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\35F6E6370214365727160234573747F6D656270275966696 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{65B0F63F-CE8B-45CC-8B5F-E6D5C69E7DC9}\E4F4B4941402C457D6961602830303F593038353 : DHCPNameServer = 192.168.33.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [intelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\H Kimble\AppData\Roaming\Mozilla\Firefox\Profiles\4ek3i8tz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\H Kimble\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\H Kimble\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [2013-12-17 1526488]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-1-9 98888]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140107.001\IDSviA64.sys [2014-1-8 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-24 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2010-6-7 11576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-24 137648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-24 25928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AirDisplay;Air Display Support;C:\Windows\System32\drivers\AVVideoCard.sys [2012-9-24 15808]
S3 AirDisplayMirror;Air Display Mirror Support;C:\Windows\System32\drivers\AVVideoCardMirror.sys [2012-9-24 15808]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-12-27 89304]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-7-6 115272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\System32\drivers\S3XXx64.sys [2011-9-7 70016]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);"C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user --> C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [?]
.
=============== Created Last 30 ================
.
2014-01-03 16:43:59 92672 ----a-w- C:\Windows\System32\drivers\raspppoe.sys.bak
2013-12-28 05:36:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-28 03:59:05 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-25 02:37:57 -------- d-----w- C:\Users\H Kimble\AppData\Roaming\Malwarebytes
2013-12-25 02:36:06 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-25 02:36:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-25 02:36:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 00:55:30 388096 ----a-r- C:\Users\H Kimble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-25 00:55:29 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-12-24 19:22:43 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-22 05:57:35 -------- d-----w- C:\Users\H Kimble\.android
2013-12-22 05:57:27 -------- d-----w- C:\Users\H Kimble\AppData\Local\cache
2013-12-22 05:57:26 -------- d-----w- C:\Users\H Kimble\AppData\Local\genienext
2013-12-22 05:57:24 -------- d-----w- C:\Users\H Kimble\AppData\Local\Mobogenie
2013-12-22 05:56:41 -------- d-----w- C:\Program Files (x86)\Mobogenie
2013-12-22 05:53:31 -------- d-----w- C:\ProgramData\Conduit
2013-12-22 05:51:25 -------- d-----w- C:\Users\H Kimble\AppData\Local\NativeMessaging
2013-12-22 05:51:15 -------- d-----w- C:\Users\H Kimble\AppData\Local\Conduit
2013-12-22 05:51:12 -------- d-----w- C:\Users\H Kimble\AppData\Local\CRE
2013-12-22 05:51:09 -------- d-----w- C:\Program Files (x86)\Conduit
2013-12-22 05:50:57 -------- d-----w- C:\Users\H Kimble\AppData\Local\SearchProtect
2013-12-12 08:07:29 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:07:29 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:07:28 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:07:28 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 06:23:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-12 06:23:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-12 06:23:42 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-12 06:23:41 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-12 06:23:40 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-12 06:19:24 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-12 06:19:23 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-12 06:19:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-12 06:19:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-12 06:19:21 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-12 06:19:20 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-12 06:18:29 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-12 06:18:28 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-12 06:18:28 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-12 06:18:28 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-12 06:18:28 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-12 06:18:28 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-12 06:18:27 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-12 06:18:27 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-11 00:57:36 9293192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-10 22:55:43 -------- d-----w- C:\Program Files (x86)\AVI To MP4 Converter
2013-12-10 22:55:30 -------- d-----w- C:\Users\H Kimble\AppData\Local\Programs
.
==================== Find3M  ====================
.
2013-12-11 00:58:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:58:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
.
============= FINISH: 15:46:09.69 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2010 10:45:51 PM
System Uptime: 1/8/2014 2:07:29 PM (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core2 Duo CPU     T5800  @ 2.00GHz | N/A | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 10.244 GiB free.
E: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP286: 12/26/2013 3:00:33 AM - Windows Update
RP287: 12/27/2013 3:00:14 AM - Windows Update
RP288: 12/28/2013 3:00:27 AM - Windows Update
RP289: 12/29/2013 3:00:28 AM - Windows Update
RP290: 12/30/2013 3:00:30 AM - Windows Update
RP291: 12/31/2013 3:03:10 AM - Windows Update
RP292: 1/1/2014 3:01:03 AM - Windows Update
RP293: 1/2/2014 1:24:05 PM - Windows Update
RP294: 1/3/2014 10:25:05 AM - Windows Update
RP295: 1/4/2014 2:29:46 AM - Windows Update
RP296: 1/5/2014 12:22:24 PM - Windows Update
RP297: 1/6/2014 8:11:09 AM - Windows Update
RP298: 1/7/2014 3:01:25 AM - Windows Update
RP299: 1/8/2014 12:27:21 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
AVI To MP4 Converter 1.0
Bonjour
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CVE-2013-3893
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HiJackThis
iCloud
iTunes
Java Auto Updater
Java 6 Update 30
KODAK Share Button App
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Xbox 360 Accessories 1.2
Mission Planner
MobileMe Control Panel
Mozilla Firefox 23.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Instruments Software
NI Uninstaller
NI VC2008MSMs x64
NI VC2008MSMs x86
Norton Security Suite
Online Plug-in
Pinnacle Studio 14
Pinnacle Video Driver
QuickTime
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Self-service Plug-in
Sony Download Taxi 1.5.0.0
System Requirements Lab for Intel
TreeSize Free V2.5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
Virtual COM Port Driver
VISA Shared Components 64-Bit
Windows Driver Package - 3D Robotics (usbser) Ports  (03/28/2013 1.6.2.0)
Windows Driver Package - Arduino LLC (www.arduino.cc) (usbser) Ports  (11/15/2012 5.1.2600.0)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (04/10/2012 2.08.24)
X-CTU
.
==== Event Viewer Messages From Past Week ========
.
1/8/2014 2:15:45 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
1/8/2014 2:13:14 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
1/8/2014 2:09:22 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/8/2014 2:08:22 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
1/8/2014 2:08:21 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
1/8/2014 2:06:06 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
1/8/2014 2:04:24 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/8/2014 2:04:23 PM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/8/2014 2:04:23 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/8/2014 12:36:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
1/8/2014 1:59:07 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
1/8/2014 1:59:07 PM, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/8/2014 1:58:37 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/7/2014 9:33:45 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
.
==== End Of File ===========================
 
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

I ended up running the program twice.  The first time combofix stated that Norton was still running, but I continued since I didn't know how to stop the program in safe mode.

 

Here's the log for the first run:

ComboFix 14-01-08.03 - H Kimble 01/11/2014  16:52:58.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3935.2468 [GMT -5:00]
Running from: c:\users\H Kimble\Downloads\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-11 to 2014-01-11  )))))))))))))))))))))))))))))))
.
.
2014-01-11 22:08 . 2014-01-11 22:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-01-11 22:08 . 2014-01-11 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-10 15:14 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FD5D2BD-D014-4A00-8397-C0A3C63E4862}\mpengine.dll
2014-01-03 16:43 . 2014-01-03 16:43 92672 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-28 05:36 . 2014-01-02 15:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-28 03:59 . 2013-12-28 03:59 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-25 02:37 . 2013-12-25 02:37 -------- d-----w- c:\users\H Kimble\AppData\Roaming\Malwarebytes
2013-12-25 02:36 . 2013-12-25 02:36 -------- d-----w- c:\programdata\Malwarebytes
2013-12-25 02:36 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-25 02:36 . 2013-12-25 02:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-25 00:55 . 2013-12-25 00:55 388096 ----a-r- c:\users\H Kimble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-25 00:55 . 2013-12-25 00:55 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-24 19:22 . 2014-01-02 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-22 05:57 . 2013-12-22 05:57 -------- d-----w- c:\users\H Kimble\.android
2013-12-22 05:57 . 2013-12-22 06:01 -------- d-----w- c:\users\H Kimble\AppData\Local\cache
2013-12-22 05:57 . 2013-12-22 05:57 -------- d-----w- c:\users\H Kimble\AppData\Local\genienext
2013-12-22 05:57 . 2013-12-22 22:01 -------- d-----w- c:\users\H Kimble\AppData\Local\Mobogenie
2013-12-22 05:56 . 2013-12-22 22:01 -------- d-----w- c:\program files (x86)\Mobogenie
2013-12-22 05:53 . 2013-12-28 15:30 -------- d-----w- c:\programdata\Conduit
2013-12-22 05:51 . 2013-12-22 05:51 -------- d-----w- c:\users\H Kimble\AppData\Local\NativeMessaging
2013-12-22 05:51 . 2013-12-22 21:50 -------- d-----w- c:\users\H Kimble\AppData\Local\Conduit
2013-12-22 05:51 . 2013-12-22 05:51 -------- d-----w- c:\users\H Kimble\AppData\Local\CRE
2013-12-22 05:51 . 2013-12-22 05:53 -------- d-----w- c:\program files (x86)\Conduit
2013-12-22 05:50 . 2013-12-22 05:50 -------- d-----w- c:\users\H Kimble\AppData\Local\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 08:01 . 2011-03-30 02:54 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 00:58 . 2012-03-29 03:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 00:58 . 2011-07-01 18:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:57 . 2013-12-11 00:57 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 17:25 . 2010-11-27 06:35 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-12 06:19 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 06:19 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 06:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 06:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-12 06:23 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 06:23 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-12 06:23 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-25 06:19 . 2013-12-12 08:04 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-12 08:04 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-12 08:04 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-12 08:04 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-12 08:04 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-12 08:04 855552 ----a-w- c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-12 08:04 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-12 08:04 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-25 06:17 . 2013-12-12 08:04 526336 ----a-w- c:\windows\system32\ieui.dll
2013-10-25 06:17 . 2013-12-12 08:04 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-10-25 06:17 . 2013-12-12 08:04 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-10-25 06:17 . 2013-12-12 08:04 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-25 06:17 . 2013-12-12 08:04 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-12 08:04 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-12 08:04 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-12 08:04 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-10-25 04:43 . 2013-12-12 08:04 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-10-25 04:43 . 2013-12-12 08:04 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-10-25 04:07 . 2013-12-12 08:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-25 03:41 . 2013-12-12 08:04 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-25 03:17 . 2013-12-12 08:04 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-25 02:49 . 2013-12-12 08:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18 . 2013-12-12 06:19 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-12 06:19 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . C6ADBA7AB4146D91873D3A5D4B198954 . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-10-11 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-03-13 383392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 acppolol;acppolol;c:\windows\system32\drivers\acppolol.sys;c:\windows\SYSNATIVE\drivers\acppolol.sys [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [x]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
R1 cunhmgwm;cunhmgwm;c:\windows\system32\drivers\cunhmgwm.sys;c:\windows\SYSNATIVE\drivers\cunhmgwm.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140110.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140110.001\IDSvia64.sys [x]
R1 lbbihpfx;lbbihpfx;c:\windows\system32\drivers\lbbihpfx.sys;c:\windows\SYSNATIVE\drivers\lbbihpfx.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [x]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:58]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 00:35]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 00:35]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628016711-363777342-277748030-1000Core.job
- c:\users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07 04:36]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628016711-363777342-277748030-1000UA.job
- c:\users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\H Kimble\AppData\Roaming\Mozilla\Firefox\Profiles\4ek3i8tz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Azureus Update - c:\users\H Kimble\AppData\Local\Azureus\llrdepgccavrbt.dll
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
SafeBoot-44774430.sys
SafeBoot-53879292.sys
SafeBoot-63076889.sys
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:01,a7,b3,76,b0,03,cf,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-11  17:13:13
ComboFix-quarantined-files.txt  2014-01-11 22:13
.
Pre-Run: 35,788,972,032 bytes free
Post-Run: 35,463,213,056 bytes free
.
- - End Of File - - B4E1FE2C40AC8722C61D8D2D579AD264
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Here's the 2nd run with Norton turned off:

 

ComboFix 14-01-08.03 - H Kimble 01/11/2014  21:15:41.2.2 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3935.2370 [GMT -5:00]
Running from: c:\users\H Kimble\Downloads\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))
.
.
2014-01-12 02:32 . 2014-01-12 02:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-01-12 02:32 . 2014-01-12 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-10 15:14 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FD5D2BD-D014-4A00-8397-C0A3C63E4862}\mpengine.dll
2014-01-03 16:43 . 2014-01-03 16:43 92672 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-28 05:36 . 2014-01-02 15:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-28 03:59 . 2013-12-28 03:59 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-25 02:37 . 2013-12-25 02:37 -------- d-----w- c:\users\H Kimble\AppData\Roaming\Malwarebytes
2013-12-25 02:36 . 2013-12-25 02:36 -------- d-----w- c:\programdata\Malwarebytes
2013-12-25 02:36 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-25 02:36 . 2013-12-25 02:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-25 00:55 . 2013-12-25 00:55 388096 ----a-r- c:\users\H Kimble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-25 00:55 . 2013-12-25 00:55 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-24 19:22 . 2014-01-02 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-22 05:57 . 2013-12-22 05:57 -------- d-----w- c:\users\H Kimble\.android
2013-12-22 05:57 . 2013-12-22 06:01 -------- d-----w- c:\users\H Kimble\AppData\Local\cache
2013-12-22 05:57 . 2013-12-22 05:57 -------- d-----w- c:\users\H Kimble\AppData\Local\genienext
2013-12-22 05:57 . 2013-12-22 22:01 -------- d-----w- c:\users\H Kimble\AppData\Local\Mobogenie
2013-12-22 05:56 . 2013-12-22 22:01 -------- d-----w- c:\program files (x86)\Mobogenie
2013-12-22 05:53 . 2013-12-28 15:30 -------- d-----w- c:\programdata\Conduit
2013-12-22 05:51 . 2013-12-22 05:51 -------- d-----w- c:\users\H Kimble\AppData\Local\NativeMessaging
2013-12-22 05:51 . 2013-12-22 21:50 -------- d-----w- c:\users\H Kimble\AppData\Local\Conduit
2013-12-22 05:51 . 2013-12-22 05:51 -------- d-----w- c:\users\H Kimble\AppData\Local\CRE
2013-12-22 05:51 . 2013-12-22 05:53 -------- d-----w- c:\program files (x86)\Conduit
2013-12-22 05:50 . 2013-12-22 05:50 -------- d-----w- c:\users\H Kimble\AppData\Local\SearchProtect
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 08:01 . 2011-03-30 02:54 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 00:58 . 2012-03-29 03:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 00:58 . 2011-07-01 18:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:57 . 2013-12-11 00:57 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 17:25 . 2010-11-27 06:35 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-12 06:19 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 06:19 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 06:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 06:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-12 06:23 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 06:23 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-12 06:23 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-25 06:19 . 2013-12-12 08:04 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-12 08:04 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-12 08:04 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-12 08:04 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-12 08:04 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-12 08:04 855552 ----a-w- c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-12 08:04 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-12 08:04 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-25 06:17 . 2013-12-12 08:04 526336 ----a-w- c:\windows\system32\ieui.dll
2013-10-25 06:17 . 2013-12-12 08:04 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-10-25 06:17 . 2013-12-12 08:04 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-10-25 06:17 . 2013-12-12 08:04 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-25 06:17 . 2013-12-12 08:04 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-12 08:04 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-12 08:04 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-12 08:04 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-10-25 04:43 . 2013-12-12 08:04 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-10-25 04:43 . 2013-12-12 08:04 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-10-25 04:07 . 2013-12-12 08:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-25 03:41 . 2013-12-12 08:04 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-25 03:17 . 2013-12-12 08:04 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-25 02:49 . 2013-12-12 08:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18 . 2013-12-12 06:19 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-12 06:19 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . C6ADBA7AB4146D91873D3A5D4B198954 . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-10-11 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-03-13 383392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 acppolol;acppolol;c:\windows\system32\drivers\acppolol.sys;c:\windows\SYSNATIVE\drivers\acppolol.sys [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131218.001\BHDrvx64.sys [x]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
R1 cunhmgwm;cunhmgwm;c:\windows\system32\drivers\cunhmgwm.sys;c:\windows\SYSNATIVE\drivers\cunhmgwm.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140110.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140110.001\IDSvia64.sys [x]
R1 lbbihpfx;lbbihpfx;c:\windows\system32\drivers\lbbihpfx.sys;c:\windows\SYSNATIVE\drivers\lbbihpfx.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [x]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:58]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 00:35]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 00:35]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628016711-363777342-277748030-1000Core.job
- c:\users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07 04:36]
.
2014-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628016711-363777342-277748030-1000UA.job
- c:\users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\H Kimble\AppData\Roaming\Mozilla\Firefox\Profiles\4ek3i8tz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:01,a7,b3,76,b0,03,cf,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-11  21:36:55
ComboFix-quarantined-files.txt  2014-01-12 02:36
.
Pre-Run: 34,765,574,144 bytes free
Post-Run: 34,714,140,672 bytes free
.
- - End Of File - - A036FB796306674CA20F765FC72E4A01
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

I'm having issues uploading that file.  When I go to the website, find the correct path, then I can't find the file name in the folder.  When I go to "Search" in my "Start" button menu, I can find it and open the folder location.  However, I cannot find the file when I go to the System32 folder.  Is this file normally hidden? 

Link to post
Share on other sites

Please manually delete ComboFix.exe .

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\users\H Kimble\AppData\Local\Mobogenie

c:\program files (x86)\Mobogenie

c:\programdata\Conduit

c:\users\H Kimble\AppData\Local\Conduit

c:\users\H Kimble\AppData\Local\CRE

c:\program files (x86)\Conduit

c:\users\H Kimble\AppData\Local\SearchProtect

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Step 1: JRT.txt

 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by H Kimble on Sat 01/18/2014 at 10:23:29.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3306061
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\H Kimble\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\H Kimble\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\H Kimble\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\H Kimble\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\H Kimble\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\H Kimble\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\H Kimble\appdata\locallow\thebflix"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\H Kimble\AppData\Roaming\mozilla\firefox\profiles\4ek3i8tz.default\user.js
Successfully deleted: [File] C:\Users\H Kimble\AppData\Roaming\mozilla\firefox\profiles\4ek3i8tz.default\extensions\anacgtlxpz@anacgtlxpz.org.xpi [Tracur]
Successfully deleted: [File] C:\Users\H Kimble\AppData\Roaming\mozilla\firefox\profiles\4ek3i8tz.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\H Kimble\AppData\Roaming\mozilla\firefox\profiles\4ek3i8tz.default\extensions\staged
Successfully deleted the following from C:\Users\H Kimble\AppData\Roaming\mozilla\firefox\profiles\4ek3i8tz.default\prefs.js
 
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.machineId", "ENKXYGTY4PIGFOR23CJUFSAZP0SGZWBFJH3V6IV/FULVLJRLILG26B+84GT8F2GBY9EWQFTDXQC2TJ4N36OKLA");
Emptied folder: C:\Users\H Kimble\AppData\Roaming\mozilla\firefox\profiles\4ek3i8tz.default\minidumps [2 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/18/2014 at 10:34:58.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Step 2: AdwCleaner[s0].txt:

 

# AdwCleaner v3.017 - Report created 18/01/2014 at 18:37:03
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : H Kimble - HKIMBLE-PC
# Running from : C:\Users\H Kimble\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\H Kimble\AppData\Local\genienext
Folder Deleted : C:\Users\H Kimble\AppData\Local\Mobogenie
Folder Deleted : C:\Users\H Kimble\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\H Kimble\Documents\Mobogenie
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ppjemjejnnojomfekgbpbbnecicblllf
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\H Kimble\AppData\Roaming\Mozilla\Firefox\Profiles\4ek3i8tz.default\prefs.js ]
 
Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387695014018,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
 
-\\ Google Chrome v
 
[ File : C:\Users\H Kimble\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1990 octets] - [18/01/2014 10:54:22]
AdwCleaner[R1].txt - [2050 octets] - [18/01/2014 14:41:41]
AdwCleaner[s0].txt - [2007 octets] - [18/01/2014 18:37:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2067 octets] ##########
Link to post
Share on other sites

Step 3: Combofix Script

 

ComboFix 14-01-16.03 - H Kimble 01/19/2014  16:01:04.6.2 - x64 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3935.2472 [GMT -5:00]
Running from: c:\users\H Kimble\Downloads\Desktop\ComboFix.exe
Command switches used :: c:\users\H Kimble\Downloads\Desktop\CFScript.txt
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-19 to 2014-01-19  )))))))))))))))))))))))))))))))
.
.
2014-01-19 21:22 . 2014-01-19 21:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-01-19 21:22 . 2014-01-19 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-18 15:53 . 2014-01-18 23:37 -------- d-----w- C:\AdwCleaner
2014-01-18 15:23 . 2014-01-18 15:23 -------- d-----w- c:\windows\ERUNT
2014-01-10 15:14 . 2013-12-16 06:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FD5D2BD-D014-4A00-8397-C0A3C63E4862}\mpengine.dll
2014-01-03 16:43 . 2014-01-03 16:43 92672 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-28 05:36 . 2014-01-02 15:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-28 03:59 . 2013-12-28 03:59 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-25 02:37 . 2013-12-25 02:37 -------- d-----w- c:\users\H Kimble\AppData\Roaming\Malwarebytes
2013-12-25 02:36 . 2013-12-25 02:36 -------- d-----w- c:\programdata\Malwarebytes
2013-12-25 02:36 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-25 02:36 . 2013-12-25 02:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-25 00:55 . 2013-12-25 00:55 388096 ----a-r- c:\users\H Kimble\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-25 00:55 . 2013-12-25 00:55 -------- d-----w- c:\program files (x86)\Trend Micro
2013-12-24 19:22 . 2014-01-02 18:06 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-22 05:57 . 2013-12-22 05:57 -------- d-----w- c:\users\H Kimble\.android
2013-12-22 05:57 . 2013-12-22 06:01 -------- d-----w- c:\users\H Kimble\AppData\Local\cache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 08:02 . 2011-03-30 02:54 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 00:58 . 2012-03-29 03:15 692616 ---ha-r- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 00:58 . 2011-07-01 18:13 71048 ---ha-r- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:57 . 2013-12-11 00:57 9293192 ---ha-r- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 17:25 . 2010-11-27 06:35 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26 . 2013-12-12 06:19 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 06:19 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 06:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 06:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-12 06:23 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 06:23 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-12 06:23 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-25 06:19 . 2013-12-12 08:04 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-12 08:04 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-12 08:04 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-12 08:04 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-12 08:04 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-12 08:04 855552 ----a-w- c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-12 08:04 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-12 08:04 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-10-25 06:17 . 2013-12-12 08:04 526336 ----a-w- c:\windows\system32\ieui.dll
2013-10-25 06:17 . 2013-12-12 08:04 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-10-25 06:17 . 2013-12-12 08:04 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-10-25 06:17 . 2013-12-12 08:04 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-25 06:17 . 2013-12-12 08:04 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-12 08:04 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-12 08:04 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-12 08:04 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-10-25 04:43 . 2013-12-12 08:04 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-10-25 04:43 . 2013-12-12 08:04 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-10-25 04:07 . 2013-12-12 08:04 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-25 03:41 . 2013-12-12 08:04 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-10-25 03:17 . 2013-12-12 08:04 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-25 02:49 . 2013-12-12 08:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . C6ADBA7AB4146D91873D3A5D4B198954 . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-10-11 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-03-13 383392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 acppolol;acppolol;c:\windows\system32\drivers\acppolol.sys;c:\windows\SYSNATIVE\drivers\acppolol.sys [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140110.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [x]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
R1 cunhmgwm;cunhmgwm;c:\windows\system32\drivers\cunhmgwm.sys;c:\windows\SYSNATIVE\drivers\cunhmgwm.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140117.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20140117.001\IDSvia64.sys [x]
R1 lbbihpfx;lbbihpfx;c:\windows\system32\drivers\lbbihpfx.sys;c:\windows\SYSNATIVE\drivers\lbbihpfx.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [x]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:58]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 00:35]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-10 00:35]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628016711-363777342-277748030-1000Core.job
- c:\users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07 04:36]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628016711-363777342-277748030-1000UA.job
- c:\users\H Kimble\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-07 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\H Kimble\AppData\Roaming\Mozilla\Firefox\Profiles\4ek3i8tz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:01,a7,b3,76,b0,03,cf,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-19  16:27:39
ComboFix-quarantined-files.txt  2014-01-19 21:27
ComboFix2.txt  2014-01-12 02:36
.
Pre-Run: 25,087,995,904 bytes free
Post-Run: 24,658,014,208 bytes free
.
- - End Of File - - 3E32685CFA1694F0190D0983EA647F8F
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind*rpcss.dll*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.