Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Bloodhound.Exploit.33 or something else? [Solved]

Bloodhound norton

  • This topic is locked This topic is locked
13 replies to this topic

#1 sdtech

sdtech

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 03 November 2014 - 02:36 PM

A few weeks ago Symantec/Norton started popping up messages regarding Bloodhound.Explot.33 issues.  A number of files were tagged as infected and quarantined.  At first I did not think much about it, but then it happened again, the next day and the following .... around the same time, i.e. 8:00 pm - 8:30 pm.  So then i started looking into it.

 

Sytem: laptop wirn Win 7 64-bit

Quarantine Info: DWHxxxx.tmp, APQxxxx.tmp

Location: C:\Users\<urername>\AppData\Local\Temp\

 

On a daily basis a bunch of such files would show up in the directory and Norton would quarantine.

 

I use Firefox as my primary browser and hardly ever use IE or Chrome.  One day I had to use Chrome and found out that Astromenda had been installed and that it was also installed on IE!

 

I went through the Bloodhound.Exploit.33 infection [Solved] topic and followed the instructions.  The issue seems to persist.  Last night I noticed that though I had put the laptop in Hibernate mode, it had actually woken-up, Norton had quarantined a number of similar files and the laptop was now in Sleep mode!

 

Before today I run aswMBR, FRST64, ADWCleaner, JRT, Malwarebytes.

 

As far as I could tell, Astromenda and a few other items were cleaned.  But the problem is still there!  Today I run ESET, which found nothing other than the following:

 

C:\Windows\Installer\MSIF075.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

 

So I run, again, aswMBR, FRST64 and ADWCleaner (this found nothing, if I understood the log).  The logs from today's run of these tools are provided below.

 

Could someone provide some guidance as to what is going on and how I can get rid of whatever is on my system?

 

Thank you in advance.

 

 

Adding some additional information, regarding overnight behaviour.

Again the laptop was put in hibernate mode.  Apparently it "woke up" overnight, around 2:00 am and in the morning I found it in sleep mode.  Norton logged outgoing IP traffic to 224.0.0.22 and incoming ICMP from 4.69.148.14!!!  Once the laptop came up, Norton again quarantined a few files, just like before.

Attached Files


Edited by sdtech, 04 November 2014 - 01:10 PM.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 November 2014 - 09:45 PM

Hi sdtech,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. 
  • The fixes are specific to your problem and should only be used for the issues on this machine  
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.  
  • It's often worth reading through these instructions and printing them for ease of reference. 
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.  
  • Please reply to this thread. Do not start a new topic.  
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

Please locate the following AdwCleaner logs and post in your next reply:
AdwCleaner[S1].txt - [988 octets] - [01/11/2014 20:32:27]
AdwCleaner[S2].txt - [1108 octets] - [02/11/2014 20:02:00]

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
End Processes:
Toolbar: HKLM-x32 - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HomePage: Default -> chrome://blanck/
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_39_ff&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DtD0Czy0AyDtCzz0AtDtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByCtD0AyCtBtCyDtG0A0A0EyDtG0ByD0A0CtG0D0D0DyBtGyE0EtD0Ezy0A0C0AzztD0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtA0EyB0E0EyDtGyD0BtAzytGyE0CtAyEtG0ByBtCzytGtD0B0F0Bzy0EyB0CtD0C0Azy2Q&cr=1970078723&ir="
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchURL: Default -> https://startpage.com/search?q={searchTerms}
EmptyTemp:
Hosts:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.


    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

I see you have RogueKiller installed. Did you run a scan? If so, please include the log in your next reply.

In your next post please provide the following:

  • checkup.txt
  • AdwCleaner[S1].txt
  • AdwCleaner[S2].txt
  • Fixlog.txt
  • new FRST.txt

 

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 sdtech

sdtech

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 06 November 2014 - 02:27 PM

OCD, thank you for the instructions.  The logs you asked for are provided below.  Please note that I uninstalled RogueKiller couple of days ago, so I do not have any logs to provide.  If that would be helpful, I will reinstall.  Also, after I run FRST to fix, the fixlist.txt file was removed (I am assuming it was deleted).  Is that the expected behaviour?

Thanx!

 

-------------------------------------------------------------------------

checkup.txt

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
Symantec Endpoint Protection    
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Panda Cloud Cleaner   
 Java 7 Update 55  
 Java version out of Date!
 Adobe Flash Player 15.0.0.189  
 Mozilla Firefox (33.0)
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

-------------------------------------------------------------------------

AdwCleaner[S1].txt

 

# AdwCleaner v3.311 - Report created 01/11/2014 at 21:32:27
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ds - ERMIS
# Running from : C:\Users\ds\Downloads\tmp\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0 (x86 en-US)

[ File : C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [928 octets] - [01/11/2014 21:30:26]
AdwCleaner[S1].txt - [850 octets] - [01/11/2014 21:32:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [909 octets] ##########

-------------------------------------------------------------------------

AdwCleaner[S2].txt

 

# AdwCleaner v3.311 - Report created 02/11/2014 at 20:02:00
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ds - ERMIS
# Running from : C:\Users\ds\Downloads\tmp\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0 (x86 en-US)

[ File : C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\prefs.js ]


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [928 octets] - [01/11/2014 20:30:26]
AdwCleaner[R2].txt - [1046 octets] - [02/11/2014 20:00:46]
AdwCleaner[S1].txt - [988 octets] - [01/11/2014 20:32:27]
AdwCleaner[S2].txt - [969 octets] - [02/11/2014 20:02:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1028 octets] ##########

-------------------------------------------------------------------------

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by ds at 2014-11-06 15:04:28 Run:1
Running from C:\Users\ds\Desktop
Loaded Profile: ds (Available profiles: ds)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
End Processes:
Toolbar: HKLM-x32 - No Name - {A13C2648-91D4-4bf3-BC6D-0079707C4389} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR HomePage: Default -> chrome://blanck/
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_39_ff&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DtD0Czy0AyDtCzz0AtDtN0D0Tzu0StCtDtDtBtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByCtD0AyCtBtCyDtG0A0A0EyDtG0ByD0A0CtG0D0D0DyBtGyE0EtD0Ezy0A0C0AzztD0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtA0EyB0E0EyDtGyD0BtAzytGyE0CtAyEtG0ByBtCzytGtD0B0F0Bzy0EyB0CtD0C0Azy2Q&cr=1970078723&ir="
CHR DefaultSearchKeyword: Default -> startpage.com
CHR DefaultSearchURL: Default -> https://startpage.co...q={searchTerms}
EmptyTemp:
Hosts:
End
*****************

End Processes: => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A13C2648-91D4-4bf3-BC6D-0079707C4389} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{A13C2648-91D4-4bf3-BC6D-0079707C4389}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 39.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

-------------------------------------------------------------------------

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by ds (administrator) on ERMIS on 06-11-2014 15:08:55
Running from C:\Users\ds\Desktop
Loaded Profile: ds (Available profiles: ds)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\SSH Communications Security\SSH Tectia\SSH Tectia Client\ssh-broker-gui.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\SSH Communications Security\SSH Tectia\SSH Tectia Broker\ssh-broker-g3.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388160 2012-03-30] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-07-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2914558355-170091057-212511320-1000\...\Run: [Google Update] => C:\Users\ds\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-2914558355-170091057-212511320-1000\...\MountPoints2: {4592eac6-9288-11e2-9491-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Tectia Connection Broker.lnk
ShortcutTarget: Tectia Connection Broker.lnk -> C:\Program Files (x86)\SSH Communications Security\SSH Tectia\SSH Tectia Client\ssh-broker-gui.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=9&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blanck
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...ng}&rlz=1I7LENP
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.124.25

FireFox:
========
FF ProfilePath: C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default
FF DefaultSearchEngine: Startpage (SSL)
FF SelectedSearchEngine: Startpage (SSL)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\ds\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\ds\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\ds\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ds\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ds\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: vsee.com/VSeeDetection -> C:\Users\ds\AppData\Roaming\VSeeInstall\npVSeeDetection.dll (VSee Lab)
FF Plugin ProgramFiles/Appdata: C:\Users\ds\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ds\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\searchplugins\startpage-ssl.xml
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\Extensions\donottrackplus@abine.com [2014-11-01]
FF Extension: Webmail Ad Blocker - C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\Extensions\gmailnoads@mywebber.com.xpi [2014-10-28]
FF Extension: Download Status Bar - C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-10-28]
FF Extension: Adblock Plus - C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-28]
FF Extension: BetterPrivacy - C:\Users\ds\AppData\Roaming\Mozilla\Firefox\Profiles\tu8g3et3.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-22]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2014-11-02]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2013-03-21]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla\Firefox\firefox.exe

Chrome:
=======
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla\Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\ds\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\ds\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\ds\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\ds\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\ds\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Profile: C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (AdBlock Plus) - C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbihjkbifdakjlfjkpfeadmgefejcdk [2014-10-17]
CHR Extension: (Webmail Ad Blocker) - C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2014-10-17]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\ds\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-10-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-08-12] (Intel® Corporation)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2014-09-10] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Media Center 19 Service; C:\Program Files (x86)\J River\Media Center 19\JRService.exe [495176 2013-08-30] (JRiver, Inc.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
S2 NCO; C:\Program Files (x86)\Norton Safe Web Lite\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\USERS\DS\DOWNLOADS\EMSISOFT\BIN\a2ddax64.sys [26176 2014-10-23] (Emsisoft GmbH)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 cleanhlp; C:\Users\ds\Downloads\Emsisoft\bin\cleanhlp64.sys [57024 2014-10-23] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-27] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20141105.035\eng64.sys [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20141105.035\ex64.sys [2137304 2014-08-11] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2013-03-29] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-29] ()
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-09-27] (Symantec Corporation)
S0 ycsgvj; No ImagePath
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 15:08 - 2014-11-06 15:09 - 00029358 _____ () C:\Users\ds\Desktop\FRST.txt
2014-11-06 09:05 - 2014-11-06 09:05 - 00000000 ____D () C:\Users\ds\AppData\Roaming\TeamViewer
2014-11-06 06:41 - 2014-11-06 06:41 - 00854448 _____ () C:\Users\ds\Desktop\SecurityCheck.exe
2014-11-05 17:12 - 2014-11-06 15:05 - 00000671 _____ () C:\Windows\setupact.log
2014-11-05 17:12 - 2014-11-05 17:12 - 00000334 _____ () C:\Windows\PFRO.log
2014-11-05 17:12 - 2014-11-05 17:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-04 08:51 - 2014-11-04 09:31 - 00000000 ____D () C:\Users\ds\Downloads\MP3
2014-11-01 20:35 - 2014-11-01 20:35 - 00000000 ____D () C:\Windows\ERUNT
2014-11-01 20:24 - 2014-10-31 20:48 - 01706359 _____ (Thisisu) C:\Users\ds\Desktop\JRT_NEW.exe
2014-10-30 21:42 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-30 21:34 - 2014-11-03 15:06 - 00000000 ____D () C:\AdwCleaner
2014-10-30 21:24 - 2014-11-06 15:08 - 00000000 ____D () C:\FRST
2014-10-30 20:58 - 2014-11-05 17:11 - 00000000 ____D () C:\Windows\Minidump
2014-10-30 20:35 - 2014-11-03 15:00 - 02114560 _____ (Farbar) C:\Users\ds\Desktop\FRST64.exe
2014-10-30 13:46 - 2014-10-30 13:46 - 00000000 ____D () C:\Users\ds\AppData\Local\Tvsukernel
2014-10-30 09:51 - 2014-10-30 09:51 - 00001288 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-10-30 09:51 - 2014-10-30 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-10-30 08:42 - 2014-10-31 06:59 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-30 08:42 - 2014-10-31 06:40 - 00000000 ____D () C:\Users\ds\AppData\Roaming\Panda Security
2014-10-30 08:41 - 2014-10-31 06:40 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-29 22:17 - 2014-10-29 22:17 - 00000000 _____ () C:\autoexec.bat
2014-10-29 22:14 - 2014-10-30 21:12 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-29 22:14 - 2014-10-29 22:14 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-29 21:09 - 2014-10-29 21:09 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-29 20:52 - 2014-10-31 06:30 - 00000000 ____D () C:\Windows\system32\log
2014-10-29 15:51 - 2014-10-29 15:51 - 00000000 _____ () C:\Users\ds\Sti_Trace.log
2014-10-29 07:28 - 2014-10-29 07:28 - 00000000 ____D () C:\Users\ds\AppData\Local\Norman Malware Cleaner
2014-10-29 07:25 - 2014-10-29 07:26 - 00000000 ____D () C:\Users\ds\Downloads\LG
2014-10-29 07:25 - 2014-10-29 07:25 - 00000000 ____D () C:\Users\ds\Downloads\Python
2014-10-29 07:25 - 2014-10-29 07:25 - 00000000 ____D () C:\Users\ds\Downloads\Brother
2014-10-29 07:24 - 2014-10-29 07:25 - 00000000 ____D () C:\Users\ds\Downloads\Cisco
2014-10-29 07:24 - 2014-10-29 07:24 - 00000000 ____D () C:\Users\ds\Downloads\HP
2014-10-29 05:19 - 2014-10-31 13:22 - 00131328 _____ () C:\Users\ds\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-28 12:28 - 2014-11-06 14:33 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914558355-170091057-212511320-1000UA.job
2014-10-28 12:28 - 2014-11-06 13:33 - 00000844 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2914558355-170091057-212511320-1000Core.job
2014-10-28 12:28 - 2014-10-28 12:28 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2914558355-170091057-212511320-1000UA
2014-10-28 12:28 - 2014-10-28 12:28 - 00003464 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2914558355-170091057-212511320-1000Core
2014-10-28 12:19 - 2014-10-28 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-28 12:19 - 2014-10-28 12:19 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-28 12:05 - 2014-11-06 14:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 12:05 - 2014-10-28 12:19 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-28 12:05 - 2014-10-28 12:05 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-28 12:05 - 2014-10-28 12:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 12:05 - 2014-10-28 12:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-28 11:55 - 2014-11-03 17:34 - 00000000 ____D () C:\Users\ds\AppData\Roaming\Mozilla
2014-10-28 11:55 - 2014-10-28 11:55 - 00000000 ____D () C:\Users\ds\AppData\Local\Mozilla
2014-10-28 11:55 - 2014-10-28 11:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-28 11:30 - 2014-10-28 12:28 - 00000000 ____D () C:\Users\ds\Downloads\Firefox
2014-10-26 10:55 - 2014-09-05 14:22 - 00077088 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2014-10-26 10:55 - 2014-09-05 14:22 - 00072480 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2014-10-26 10:55 - 2014-09-05 14:22 - 00059128 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2014-10-26 10:55 - 2014-09-05 14:22 - 00040224 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2014-10-26 08:11 - 2014-10-26 08:12 - 00000000 ____D () C:\Users\ds\Downloads\AVG
2014-10-25 11:24 - 2014-10-25 11:29 - 00000000 ____D () C:\Users\ds\Downloads\VCF2XLS
2014-10-24 17:51 - 2014-10-24 17:51 - 00001520 _____ () C:\EamClean.log
2014-10-24 17:33 - 2014-10-24 17:33 - 00001997 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-10-24 17:13 - 2014-10-26 08:02 - 00000000 ____D () C:\Users\ds\Downloads\Emsisoft
2014-10-24 17:12 - 2014-10-29 07:28 - 00000000 ____D () C:\Users\ds\Downloads\NormanMalwareCleaner
2014-10-23 14:38 - 2014-10-23 14:38 - 00000000 ____D () C:\Users\ds\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-10-23 11:48 - 2014-10-23 11:48 - 00000000 ____D () C:\Users\ds\Downloads\Comodo
2014-10-23 06:56 - 2014-11-03 09:09 - 00000000 ____D () C:\Users\ds\Downloads\MalwareBytes
2014-10-19 20:49 - 2014-10-19 20:49 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-19 20:48 - 2014-10-19 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-19 20:48 - 2014-10-19 20:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-19 06:34 - 2014-10-19 06:34 - 00000000 ____D () C:\NPE
2014-10-19 06:16 - 2014-10-19 06:36 - 00000000 ____D () C:\Users\ds\AppData\Local\NPE
2014-10-19 06:03 - 2014-10-19 06:30 - 00000000 ____D () C:\Users\ds\Downloads\Symantec
2014-10-16 08:25 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-16 08:25 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-16 08:25 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-16 08:25 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-16 08:25 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-16 08:25 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-16 08:25 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-16 08:25 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-16 08:25 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-16 08:25 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-16 08:25 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-16 08:25 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-16 08:25 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-16 08:25 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-16 08:25 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-16 08:25 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-16 08:25 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-16 08:25 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-16 08:25 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-16 08:25 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-16 08:25 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-16 08:25 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-16 08:25 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-16 08:25 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-16 08:25 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-16 08:25 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-16 08:25 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-16 08:25 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-16 08:25 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-16 08:25 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-16 08:25 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-16 08:25 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-16 08:25 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-16 08:25 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-16 08:25 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-16 08:25 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-16 08:25 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-16 06:02 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 06:02 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 06:02 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 06:02 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 06:02 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 06:02 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 06:02 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 06:02 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 06:02 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 06:02 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 06:02 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 06:02 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 06:02 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 06:02 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 06:02 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 06:02 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 06:02 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 06:02 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 06:02 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 06:02 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 06:02 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 06:02 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 06:02 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 06:02 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 06:02 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 06:02 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 06:02 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 06:02 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 06:02 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 06:02 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:02 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 06:02 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 06:02 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:02 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 06:02 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 06:02 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 06:02 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 06:02 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 06:02 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 06:02 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 06:02 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 06:02 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 06:02 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 06:02 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 06:02 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 06:02 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 06:02 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 06:02 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 06:02 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 06:02 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 06:02 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 06:02 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 06:02 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 06:02 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 06:02 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 06:02 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 06:02 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 06:02 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 06:02 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 06:02 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 06:02 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 06:02 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 06:02 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 06:02 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 06:02 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 06:02 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 06:02 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 06:02 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 06:02 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 06:02 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 06:02 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 06:01 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:01 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:01 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 06:01 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 06:01 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 06:01 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 06:01 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 06:01 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:01 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 06:01 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 15:06 - 2013-03-21 15:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 15:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 15:04 - 2013-03-21 19:36 - 01506618 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 15:01 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 15:01 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 15:00 - 2014-04-11 11:38 - 00000000 ____D () C:\Users\ds\Downloads\tmp
2014-11-06 14:59 - 2013-03-21 15:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 14:58 - 2009-07-14 00:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 14:51 - 2013-03-22 13:43 - 00000000 ____D () C:\Users\ds\AppData\Roaming\Skype
2014-11-06 14:42 - 2014-03-31 11:55 - 00000544 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2914558355-170091057-212511320-1000.job
2014-11-06 13:00 - 2013-08-15 16:19 - 00000000 ____D () C:\Users\ds\Documents\Outlook Files
2014-11-06 08:46 - 2014-02-07 10:39 - 00000000 ____D () C:\Users\ds\AppData\Roaming\VSeeInstall
2014-11-06 08:46 - 2014-02-07 10:39 - 00000000 ____D () C:\Users\ds\AppData\Roaming\VSee
2014-11-06 06:08 - 2013-03-21 16:49 - 00000000 ____D () C:\Users\ds\AppData\Local\Adobe
2014-11-06 06:01 - 2014-02-28 09:54 - 00000000 ____D () C:\Users\ds\Downloads\CCleaner
2014-11-05 17:11 - 2013-10-24 15:15 - 00000000 ____D () C:\Users\ds\AppData\Local\CrashDumps
2014-11-03 21:30 - 2013-03-22 10:11 - 00000000 ____D () C:\Users\ds\AppData\Roaming\FileZilla
2014-11-03 09:19 - 2013-11-02 07:28 - 00000132 _____ () C:\Users\ds\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-11-01 20:33 - 2009-07-13 23:45 - 04974624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-30 13:46 - 2013-03-22 07:18 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-10-30 09:02 - 2013-12-23 15:11 - 00000000 ____D () C:\Program Files (x86)\BitLord 2
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 15:51 - 2013-03-21 16:11 - 00000000 ____D () C:\Users\ds
2014-10-29 08:02 - 2013-12-13 17:02 - 00000000 ____D () C:\Users\ds\Downloads\Acer
2014-10-29 07:23 - 2014-01-16 09:22 - 00000000 ____D () C:\Users\ds\Downloads\Coreinfo
2014-10-28 12:28 - 2013-03-21 16:22 - 00000000 ____D () C:\Users\ds\AppData\Local\Google
2014-10-28 11:55 - 2013-03-22 05:34 - 00001225 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 11:55 - 2013-03-22 05:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla
2014-10-28 11:48 - 2013-03-22 06:22 - 00000000 ____D () C:\Users\ds\AppData\Roaming\Google
2014-10-26 10:43 - 2013-03-21 19:41 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-10-26 10:43 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-10-25 16:27 - 2014-03-03 09:07 - 00000000 ____D () C:\Users\ds\AppData\Roaming\LSC
2014-10-25 10:34 - 2013-10-05 10:08 - 00000000 ____D () C:\Users\ds\Documents\LG PC Suite IV
2014-10-24 17:52 - 2009-07-14 00:08 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 17:33 - 2013-03-21 19:38 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-10-24 17:32 - 2013-03-21 19:42 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-10-24 17:32 - 2013-03-21 19:36 - 00000000 ____D () C:\Program Files\Lenovo
2014-10-19 20:52 - 2011-02-15 04:42 - 00000000 ____D () C:\Windows\Panther
2014-10-19 09:58 - 2013-05-20 16:56 - 00000000 ____D () C:\Users\ds\AppData\Roaming\.purple
2014-10-19 06:54 - 2013-03-21 17:01 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-10-19 06:16 - 2013-03-21 15:50 - 00000000 ____D () C:\ProgramData\Norton
2014-10-19 05:54 - 2013-03-21 15:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 05:54 - 2013-03-21 15:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 17:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 08:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 08:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 08:11 - 2014-04-25 08:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 06:10 - 2013-03-22 05:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 06:08 - 2013-07-15 17:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 06:02 - 2013-03-22 07:06 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 05:32 - 2014-09-28 17:15 - 00000096 _____ () C:\Users\ds\AppData\Roaming\WB.CFG
2014-10-15 11:22 - 2014-03-31 11:55 - 00003558 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2914558355-170091057-212511320-1000
2014-10-09 15:15 - 2013-09-06 15:19 - 00000132 _____ () C:\Users\ds\AppData\Roaming\Adobe GIF Format CS5 Prefs

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 02:03

==================== End Of Log ============================



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 November 2014 - 08:45 PM

Hi sdtech,

I'm not seeing much in your logs. Can you describe what symptoms you are experiencing, if any?

= = = = = = = = = = = = = = = = = = = =
 

Please note that I uninstalled RogueKiller couple of days ago, so I do not have any logs to provide. If that would be helpful, I will reinstall.

No need to reinstall at this time. We may or may not need to use the program before we are done.
 

Also, after I run FRST to fix, the fixlist.txt file was removed (I am assuming it was deleted). Is that the expected behaviour?

Quite honestly, I've never heard that before, but it shouldn't be an issue.

= = = = = = = = = = = = = = = = = = = =

Please keep in mind, that in order for these tools to be most effective they must be run from the desktop. If you haven't been running them from the desktop, please move them there now.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 

Start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blanck
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

  • Answer to my question.
  • Fixlog.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 sdtech

sdtech

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 07 November 2014 - 06:29 AM

Hello OCD,

I am including the quarantine log from Symantec.  As you can see, I get files with Bloodhound.Exploit.33 on a daily basis.  First it was OptimizerPro that was "introduced" into my system, but the daily occurrence of the Bloodhound.Exploit.33 did not start until something happened with Firefox.  Since then i had to completely remove and reinstall Firefox, because there was some odd behaviour.  Also, since I run the tools, Symantec would quarantine files 2-3 times a day.  In the last few days this has happened only once.  I know this is not much, but that is all I have to go by.

 

Regarding all the tools you asked me to run, they are on the desktop and I do run them from there and "as administrator".

For FRST I am using FRST64.exe, since I am running a 64-bit system.  Should I be running the 32-bit version?

When i run it with the new fixlist.txt, this txt file again disappeared from the desktop!  The new Fixlog.txt is provided below.

 

Let me know if I should try something else.

Thank you!

 

----------------------------------------------------------------------------------

Symantec Quarantine Log

 

Risk    Filename    Original Location    Status    Date
Bloodhound.Exploit.33    DWHC802.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    06-11-2014 18:13
Bloodhound.Exploit.33    DWH621F.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    06-11-2014 18:09
Bloodhound.Exploit.33    DWHF0C4.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    05-11-2014 17:25
Bloodhound.Exploit.33    DWHD36B.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHD187.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHBE07.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHBBF5.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHAE6E.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH96E8.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH8358.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH8117.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH6FB9.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH63D.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH5C39.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH567F.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH48A9.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH3F09.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH351A.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHE8FD.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHEAE1.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHFC8D.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH71DB.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH2783.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH1DB3.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWH100D.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    03-11-2014 02:03
Bloodhound.Exploit.33    DWHEF1C.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    02-11-2014 19:55
Bloodhound.Exploit.33    DWH9BB0.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    02-11-2014 19:54
Bloodhound.Exploit.33    APQDDC2.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQ9538.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQC4C4.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQC9C.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQCAD.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQCAF.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQCB1.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQCBF.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQDDB0.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQ59BE.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQ59A8.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQ59AA.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQ59AC.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQ40B.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    APQ59C0.tmp    C:\ProgramData\Symantec\SRTSP\Quarantine\    Infected    23-10-2014 08:37
Bloodhound.Exploit.33    DWHBB2.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:05
Bloodhound.Exploit.33    DWHD4E9.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:04
Bloodhound.Exploit.33    DWH9E40.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:04
Bloodhound.Exploit.33    DWH20E7.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:04
Bloodhound.Exploit.33    DWH961.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:03
Bloodhound.Exploit.33    DWHEDF5.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:03
Bloodhound.Exploit.33    DWHDA56.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:02
Bloodhound.Exploit.33    DWHC2D0.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:02
Bloodhound.Exploit.33    DWHAB5A.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:02
Bloodhound.Exploit.33    DWHF757.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    22-10-2014 20:01
Bloodhound.Exploit.33    DWH656E.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    28-09-2014 07:45
Bloodhound.Exploit.33    DWH4DF7.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    28-09-2014 07:44
Bloodhound.Exploit.33    DWHFF7B.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    28-09-2014 07:44
Bloodhound.Exploit.33    DWHA97F.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    28-09-2014 07:44
Bloodhound.Exploit.33    DWH8A3C.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    28-09-2014 07:43
Bloodhound.Exploit.33    DWH630D.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    28-09-2014 07:43
Bloodhound.Exploit.33    DWH1471.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    28-09-2014 07:42
Bloodhound.Exploit.33    32664    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\doomed\    Infected    27-09-2014 13:14
Bloodhound.Exploit.33    27F321B8A7C410C31B74E83D21E6FEEEEB946EF4    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\    Infected    27-09-2014 11:57
Bloodhound.Exploit.33    DWH1273.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    27-09-2014 07:48
Bloodhound.Exploit.33    DWHFAAF.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    27-09-2014 07:48
Bloodhound.Exploit.33    DWHE2EB.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    27-09-2014 07:48
Bloodhound.Exploit.33    DWHABA6.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    27-09-2014 07:47
Bloodhound.Exploit.33    0BF46087D4D25AA5FBC4B3AC5BAE2E694DF5B75A    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\    Infected    26-09-2014 12:07
Bloodhound.Exploit.33    250F9DF7F88852F976B3819A729D0AE606E2D2ED    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\    Infected    26-09-2014 11:53
Bloodhound.Exploit.33    624E9D11DE883348692D157518230208260AA99A    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\    Infected    25-09-2014 21:04
Bloodhound.Exploit.33    DBEFF11F2B5DC3120204113F0E0CDFC24D4EE8AA    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\    Infected    25-09-2014 21:02
Bloodhound.Exploit.33    DWH7F6.tmp    C:\Users\ds\AppData\Local\Temp\    Infected    25-09-2014 19:06
Bloodhound.Exploit.33    2E94CA97067FE68F20C18634B0BCC03BF9CF0FD1    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\    Infected    24-09-2014 22:07
Bloodhound.Exploit.33    09AA0368B3FE91D97651DEEF1EC6782D5599350D    C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\    Infected    24-09-2014 22:01
OptimizerPro    setup.exe    c:\Users\ds\AppData\Local\Temp\{FF15CDFC-CE31-4FEA-9496-758B506DA296}\    Infected    18-08-2014 07:19
OptimizerPro    OptimizerPro.exe    c:\Users\ds\AppData\Local\Temp\is1832903999\1076302_stp\    Infected    18-08-2014 07:19

 

----------------------------------------------------------------------------------

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by ds at 2014-11-07 07:11:38 Run:2
Running from C:\Users\ds\Desktop
Loaded Profile: ds (Available profiles: ds)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blanck
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
EmptyTemp: => Removed 54.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 November 2014 - 09:29 AM

Hi sdtech,

It does appear that Symantac is doing it's job by catching these files, which is what you want. But, if you read through the Symantac log you can see that the infection started back in September. You said you removed FF and reinstalled but it it safe to say you didn't remove all your profile files and folders?

Bloodhound.Exploit.33 09AA0368B3FE91D97651DEEF1EC6782D5599350D C:\Users\ds\AppData\Local\Mozilla\Firefox\Profiles\n8e6002c.default\cache2\entries\ Infected 24-09-2014 22:01

Based on this entry (and others similar from your log) it appears your FF profile is infected, that's why you keep getting recurring issue. The best way to address this is to completely remove FF and all it's files and folders.

bullseye_zpse9eaf36e.gif Show Hidden Files & Folders in Windows 7

  • To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
  • Click the View tab, and then you should select “Show hidden files and folders” in the list.
  • Then click OK.

=========================

Remove Mozilla Firefox Completely:

  • Exit Firefox completely
  • Go to the Control Panel > > Programs and Features
  • Select Mozilla Firefox (all versions, one at a time) and click Uninstall
    • You may be prompted with and option to "Remove my Firefox personal data and customization". This will also remove your Firefox user profile data (bookmarks, passwords, cookies, extensions, preferences, etc.)
  • Delete the Firefox installation directory located here: C:\Program Files\Mozilla Firefox
  • Delete the Firefox folder that contains temporary data located here:
    • C:\Users\<username>\AppData\Local\Mozilla\Firefox
    • C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox (if it exists)
  • Remove the Mozilla Firefox desktop icon if it still is present.

Re-Hide Files and Folders

=========================

bullseye_zpse9eaf36e.gif TFC

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
    • Vista, Windows 7 & 8 Right click and select "Run as Administrator"
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

=========================

 

Reinstall FF and check and see if the Bloodhound.Exploit.33 is still being flagged and report back on the results.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 sdtech

sdtech

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 07 November 2014 - 10:53 AM

Thank you OCD.  I thought i had removed everything firefox related when I uninstalled, but ...  I will go through all these steps and report back.  It will be this weekend before I get a chance to do this.

Cheers!



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 November 2014 - 08:23 PM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 November 2014 - 06:01 PM

Hi sdtech,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#10 sdtech

sdtech

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 10 November 2014 - 06:48 PM

Hello OCD,

 

Thank you for checking-up on me.

So I went through the reinstallation of firefox.  One item to note, apparently the "primary" profile information is kept in

 

C:\Users\<username>\AppData\Roaming\Mozilla\ where there are three directories, Extensions, Firefox, plugins.

 

Those were left behind when uninstalling.

 

I have the system running since yesterday afternoon and Norton has not complained about any viruses.  Hopefully that is it.

If you do not mind, please leave the thread open for a few more days and I will report back on Wednesday, just in case something pops-up.

 

Cheers!



#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 November 2014 - 07:03 PM

:thumbup:  Post back and give me an update on Wednesday.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 sdtech

sdtech

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 12 November 2014 - 09:59 AM

Hello OCD,

Just to give you an update on the issues.  Since the reinstallation of firefox I have not gotten any Norton notifications regarding any virus incidents/atempts.  It looks like this worked out and hopefully nothing else will pop-up regarding the same issue.

Thank you very much for your assistance.

Cheers!



#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 November 2014 - 08:54 PM

Hi sdtech,
 
I'm glad everything seems to be running fine. Your log appears to be clean.  :thumbup:  We have a few steps, and then we can do a bit of housekeeping and send you on your way.                                                                                                                                                                                                                                                                                                                                                                                                               
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • Java 7 Update 55

=========================

bullseye_zpse9eaf36e.gif Update Java

  • Get the current version of Java (Version 8 Update 25) by going to http://java.com/en/d...windows_xpi.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.

=========================

bullseye_zpse9eaf36e.gif Disk Defragmenter in Windows 7

Click on the Start button, and type in "disk defragmenter" in the search window at the bottom.
"Disk Defragmenter" should appear at the top of the search results, click to open.

(a window similar to the one below will open)

DefragMainScrn.png

Locate your primary hard drive (usually C:), and select it.

HardDriveFragmentation.png

Next select the Defragment Disk button. Monitor the progress if you choose.

DefragStatus.png

Close when the defrag process has been completed.

= = = = = = = = = =

You can also Schedule the Disk Defragmenter to run on a predetermined schedule.

From the main Disk Defragmenter window

DefragMainScrn.png

Select the Configure / Schedule button

Schedule.png

Select a date and time that best suits your needs.
Close when finished.

=========================

bullseye_zpse9eaf36e.gif Remove Disinfection Tools

  • Download Delfix
  • Tick the following boxes:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    Delfix_zpsbce6c60b.gif
  • Click Run
  • Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =


With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate windows and frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.  A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

CryptoPrevent_zps7ddc3ebd.jpg

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

  • Green should be good to go
  • Yellow for caution
  • Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

  • Windows XP:
    Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
    If you are running Windows XP, please take the time to read the information provided at these links.
  • Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
  • Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.  For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 November 2014 - 09:24 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics




Also tagged with one or more of these keywords: Bloodhound, norton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users