Jump to content

Help! Tojan Win32 Startpage or (fs)


Bound4Glory
 Share

Recommended Posts

Hi,

 

This is my 1st time to post so I really appreciate any help.

 

I've ran PC Matic several times, and each time it shows I have a high security threat called Win32 Startpage or (fs).

 

I've have allowed PC Matic to clean it but after each re-scan it shows it's still there. I've tried to search for the file and cannot find it.

 

I also use Webroot Secure Anywhere and it has not found this trojan. I have Windows 7 and also use Defender.

 

Not sure how to execute a log file for troubleshooting purposes. Really need advice! Thanks.

Link to comment
Share on other sites

Download DDS from one of these links:

DDS.com

DDS.pif

  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.

The scan will instruct you to post Attach.txt as an attachment.

No need for that though ..... just post it's contents as you would any other log.

Link to comment
Share on other sites

Thank you for the help Jacee!

 

I also have the exact same problem on my laptop, hopefully I'll be able to correct both issues.

 

I have followed your instructions, shut down real time protection with webroot and defender and generated the following logfiles from my desktop.

 

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Jacobs at 8:56:16 on 2012-10-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3042 [GMT -5:00]

.

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Program FilesWebrootWRSA.exe

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:WindowsSysWOW64svchost.exe -k hpdevmgmt

C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe

C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe

C:Program Files (x86)SecuniaPSIPSIA.exe

C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32svchost.exe -k HPService

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32WUDFHost.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:Program Files (x86)SecuniaPSIsua.exe

C:Windowssystem32DllHost.exe

C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

C:WindowsSystem32svchost.exe -k secsvcs

C:Program FilesiPodbiniPodService.exe

C:Windowssystem32taskhost.exe

C:Program FilesWebrootWRSA.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesRealtekAudioHDARAVCpl64.exe

C:WindowsSystem32igfxtray.exe

C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

C:Program Files (x86)SecuniaPSIpsi_tray.exe

C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe

C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe

C:Windowssystem32conhost.exe

C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe

C:PROGRA~2HPDIGITA~1binhpqbam08.exe

C:PROGRA~2HPDIGITA~1binhpqgpc01.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportSyncServer.exe

C:Windowssystem32conhost.exe

C:Windowssystem32taskeng.exe

C:ProgramDataHP Photo CreationsCommunicator.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe

C:Program FilesWindows DefenderMSASCui.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32DllHost.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.blueletterbible.org/

mWinlogon: Userinit = userinit.exe

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Home Premium

Boot Device: DeviceHarddiskVolume2

Install Date: 9/21/2011 3:07:51 PM

System Uptime: 10/24/2012 1:07:07 AM (7 hours ago)

.

Motherboard: Dell Inc. | | 018D1Y

Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz | CPU 1 | 1601/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 918 GiB total, 848.756 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4) MUI

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 2 Deluxe

Blackhawk Striker 2

Bonjour

Bounce Symphony

BufferChm

Build-a-lot 2

Cake Mania

Chuzzle Deluxe

D110

D3DX10

Dell Edoc Viewer

Dell MusicStage

Dell PhotoStage

Dell Stage

Destinations

DeviceDiscovery

Diner Dash 2 Restaurant Rescue

DirectX 9 Runtime

Dora's World Adventure

Escape Whisper Valley

Farm Frenzy

FATE

Final Drive Fury

Final Drive Nitro

GPBaseService2

HP Customer Participation Program 14.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

Info Center 1.0.0.7

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

Internet Explorer

iTunes

Java Auto Updater

Java 6 Update 33

Java 6 Update 33 (64-bit)

Java 6 Update 37

Java 6 Update 37 (64-bit)

Jewel Quest

Jewel Quest Solitaire 2

Junk Mail filter update

Luxor

MarketResearch

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 365 Home Premium Preview - en-us

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Namco All-Stars PAC-MAN

Network64

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

PC Matic 1.1.0.48

PC Pitstop Info Center 1.0.0.13

PC Pitstop SuperShield 1.0.0.33

Penguins!

PhotoShowExpress

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

PS_AIO_07_D110_SW_Min

Quicken 2011

QuickTime

QuickTransfer

RBVirtualFolder64Inst

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio File Backup

Samantha Swift

Scan

Secunia PSI (2.0.0.4003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

SmartWebPrinting

SolutionCenter

Sonic CinePlayer Decoder Pack

Status

TaxACT 2011 - 1040 Edition

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

WebReg

Webroot SecureAnywhere

Wedding Dash - Ready, Aim, Love!

WildTangent Games

WildTangent Games App (Dell Games)

WinDirStat 1.1.2

Windows Driver Package - Realtek (RTL8167) Net (08/23/2011 7.048.0823.2011)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (08/30/2011 6.0.1.6449)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/18/2011 6.0.1.6482)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/13/2011 6.0.1.6526)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

10/23/2012 7:27:23 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Link to comment
Share on other sites

I'd like you to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Link to comment
Share on other sites

I hope this is correct...thanks for the help

 

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Jacobs at 18:01:18 on 2012-10-24

#Option Extended Search is enabled.

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2297 [GMT -5:00]

.

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Program FilesWebrootWRSA.exe

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:WindowsSysWOW64svchost.exe -k hpdevmgmt

C:WindowsSystem32svchost.exe -k HPZ12

C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe

C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe

C:WindowsSystem32svchost.exe -k HPZ12

C:Program Files (x86)SecuniaPSIPSIA.exe

C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32svchost.exe -k HPService

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32WUDFHost.exe

C:Windowssystem32taskhost.exe

C:Program FilesWebrootWRSA.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesRealtekAudioHDARAVCpl64.exe

C:Program Files (x86)SecuniaPSIsua.exe

C:WindowsSystem32igfxtray.exe

C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

C:Program Files (x86)SecuniaPSIpsi_tray.exe

C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe

C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe

C:PROGRA~2HPDIGITA~1binhpqbam08.exe

C:PROGRA~2HPDIGITA~1binhpqgpc01.exe

C:Windowssystem32DllHost.exe

C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

C:WindowsSystem32svchost.exe -k secsvcs

C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe

C:Program FilesWindows DefenderMSASCui.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32DllHost.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.blueletterbible.org/

mWinlogon: Userinit = userinit.exe

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft Office 15rootoffice15urlredir.dll

BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:Program FilesMicrosoft Office 15rootoffice15grooveex.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll

mRun: [RoxWatchTray] "C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe"

mRun: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [Desktop Disc Tool] "C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe"

mRun: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

mRun: [PC MaticRT] C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe

mRun: [WRSVC] "C:Program FilesWebrootWRSA.exe" -ul

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSECUNI~1.LNK - C:Program Files (x86)SecuniaPSIpsi_tray.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:Program FilesMicrosoft Office 15RootOffice15EXCEL.EXE/3000

IE: Se&nd to OneNote - C:Program FilesMicrosoft Office 15RootOffice15ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program FilesMicrosoft Office 15rootoffice15onbttnie.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program FilesMicrosoft Office 15rootoffice15ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces{D3348727-DE9F-4C04-B233-3BD4DB851D2C} : DHCPNameServer = 192.168.1.1

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:Program FilesMicrosoft Office 15rootoffice15msosb.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15OCHelper.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15URLREDIR.DLL

x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

x64-Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s

x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe

x64-Run: [DellStage] "C:Program Files (x86)Dell StageDell Stagestage_primary.exe" "C:Program Files (x86)Dell StageDell Stagestart.umj" --startup

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: PFW - <no file>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2011-7-5 55856]

R0 WRkrn;WRkrn;C:WindowsSystem32driversWRkrn.sys [2012-9-3 110672]

R2 cvhsvc;Client Virtualization Handler;C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-7-5 13336]

R2 OfficeSvc;Microsoft Office Service;C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe [2012-7-30 1494144]

R2 PCPitstop Realtime;PCPitstop Realtime;C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe [2012-10-16 3828736]

R2 sbapifs;sbapifs;C:WindowsSystem32driverssbapifs.sys [2012-10-16 72280]

R2 Secunia PSI Agent;Secunia PSI Agent;C:Program Files (x86)SecuniaPSIpsia.exe [2011-10-14 994360]

R2 sftlist;Application Virtualization Client;C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-1 508776]

R2 WRSVC;WRSVC;C:Program FilesWebrootWRSA.exe [2012-9-3 726536]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:WindowsSystem32driversIntcHdmi.sys [2011-7-5 138752]

R3 PSI;PSI;C:WindowsSystem32driverspsi_mf.sys [2010-9-1 17976]

R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-11-7 565352]

R3 Secunia Update Agent;Secunia Update Agent;C:Program Files (x86)SecuniaPSIsua.exe [2011-10-14 399416]

R3 Sftfs;Sftfs;C:WindowsSystem32driversSftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:WindowsSystem32driversSftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:WindowsSystem32driversSftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:WindowsSystem32driversSftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S3 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-7-27 63960]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-16 250808]

S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]

S3 osppsvc;Office Software Protection Platform;C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2012-7-22 5132888]

S3 PCPitstop Scheduling;PCPitstop Scheduling;C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe [2012-6-16 91848]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2012-10-24 19456]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RoxWatch12;Roxio Hard Drive Watcher 12;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632]

S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2012-10-24 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2012-10-24 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:WindowsSystem32driversusbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-9-21 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 60 ================

.

2012-10-24 16:54:43 -------- d-----w- C:Program Files (x86)ESET

2012-10-24 15:10:41 340992 ----a-w- C:WindowsSystem32schannel.dll

2012-10-24 15:10:41 247808 ----a-w- C:WindowsSysWow64schannel.dll

2012-10-24 15:10:40 458712 ----a-w- C:WindowsSystem32driverscng.sys

2012-10-24 15:10:40 307200 ----a-w- C:WindowsSystem32ncrypt.dll

2012-10-24 15:10:40 220160 ----a-w- C:WindowsSysWow64ncrypt.dll

2012-10-24 15:10:40 154480 ----a-w- C:WindowsSystem32driversksecpkg.sys

2012-10-24 15:10:39 96768 ----a-w- C:WindowsSysWow64sspicli.dll

2012-10-24 15:10:39 22016 ----a-w- C:WindowsSysWow64secur32.dll

2012-10-24 15:10:39 1448448 ----a-w- C:WindowsSystem32lsasrv.dll

2012-10-23 23:55:04 -------- d-----w- C:ProgramData34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-23 20:18:28 69000 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{FEDEEB66-BB44-41E3-B69E-06FF74C630DA}offreg.dll

2012-10-23 12:45:49 9291768 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{FEDEEB66-BB44-41E3-B69E-06FF74C630DA}mpengine.dll

2012-10-16 22:34:02 4065296 ----a-w- C:WindowsSystem32driversRTKVHD64.sys

2012-10-16 22:33:59 869520 ----a-w- C:WindowsSystem32RtkApi64.dll

2012-10-16 22:33:59 83072 ----a-w- C:WindowsSystem32MBWrp64.dll

2012-10-16 22:33:59 626304 ----a-w- C:WindowsSystem32MBTHX64.dll

2012-10-16 22:33:59 561792 ----a-w- C:WindowsSysWow64MBTHX32.dll

2012-10-16 22:33:59 3615888 ----a-w- C:WindowsSystem32RtkAPO64.dll

2012-10-16 22:33:59 2674320 ----a-w- C:WindowsSystem32RtPgEx64.dll

2012-10-16 22:33:59 1262696 ----a-w- C:WindowsSystem32RTCOM64.dll

2012-10-16 22:33:59 105616 ----a-w- C:WindowsSystem32RCoInstII64.dll

2012-10-16 22:33:58 897152 ----a-w- C:WindowsSystem32MBAPO64.dll

2012-10-16 22:33:58 753280 ----a-w- C:WindowsSysWow64MBAPO32.dll

2012-10-16 22:33:58 2533952 ----a-w- C:WindowsSystem32FMAPO64.dll

2012-10-16 22:33:58 1015640 ----a-w- C:WindowsSystem32MaxxAudioAPOShell64.dll

2012-10-16 19:52:11 72280 ----a-w- C:WindowsSystem32driverssbapifs.sys

2012-10-10 13:02:31 2048 ----a-w- C:WindowsSysWow64tzres.dll

2012-10-10 13:02:31 2048 ----a-w- C:WindowsSystem32tzres.dll

2012-10-10 13:01:52 715776 ----a-w- C:WindowsSystem32kerberos.dll

2012-10-10 13:01:52 542208 ----a-w- C:WindowsSysWow64kerberos.dll

2012-09-26 14:20:18 245760 ----a-w- C:WindowsSystem32OxpsConverter.exe

2012-09-18 15:40:38 33240 ----a-w- C:WindowsSystem32driversGEARAspiWDM.sys

2012-09-18 15:30:22 950128 ----a-w- C:WindowsSystem32driversndis.sys

2012-09-18 15:30:22 41472 ----a-w- C:WindowsSystem32driversRNDISMP.sys

2012-09-18 15:30:22 376688 ----a-w- C:WindowsSystem32driversnetio.sys

2012-09-18 15:30:22 288624 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS

2012-09-18 15:30:22 1913200 ----a-w- C:WindowsSystem32driverstcpip.sys

2012-09-18 15:30:21 574464 ----a-w- C:WindowsSystem32d3d10level9.dll

2012-09-18 15:30:21 490496 ----a-w- C:WindowsSysWow64d3d10level9.dll

2012-09-12 01:07:50 150648 ----a-w- C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE

2012-09-03 20:25:20 150776 ----a-w- C:WindowsSysWow64WRusr.dll

2012-09-03 20:25:20 110672 ----a-w- C:WindowsSystem32driversWRkrn.sys

2012-09-03 20:25:20 103408 ----a-w- C:WindowsSystem32WRusr.dll

2012-09-03 20:25:19 -------- d-----w- C:Program FilesWebroot

2012-09-03 20:25:15 -------- d-----w- C:ProgramDataWRData

2012-09-03 17:06:18 2990096 ----a-w- C:WindowsSysWow64winsflte.dl1

2012-09-03 17:06:18 -------- d-----w- C:WindowsSysWow64winsflt.dl1

2012-09-03 17:02:38 -------- d-----w- C:ProgramDataCA-SupportBridge

2012-09-03 16:56:33 -------- d-----w- C:Program Files (x86)iYogi Support Dock

.

==================== Find6M ====================

.

2012-10-23 12:51:55 544240 ----a-w- C:WindowsSystem32npdeployJava1.dll

2012-10-23 12:51:55 525808 ----a-w- C:WindowsSystem32deployJava1.dll

2012-10-23 12:48:24 477168 ----a-w- C:WindowsSysWow64npdeployJava1.dll

2012-10-23 12:48:24 473072 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-10-10 12:59:26 73656 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-10-10 12:59:26 696760 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-08-31 18:19:35 1659760 ----a-w- C:WindowsSystem32driversntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:WindowsSystem32ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:WindowsSysWow64ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:WindowsSysWow64ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:WindowsSystem32wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:WindowsSysWow64wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:WindowsSystem32vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:WindowsSysWow64vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-08-23 14:13:11 243200 ----a-w- C:WindowsSystem32rdpudd.dll

2012-08-23 14:10:20 19456 ----a-w- C:WindowsSystem32driversrdpvideominiport.sys

2012-08-23 14:08:26 30208 ----a-w- C:WindowsSystem32driversTsUsbGD.sys

2012-08-23 14:07:35 57856 ----a-w- C:WindowsSystem32driversTsUsbFlt.sys

2012-08-23 13:47:20 46592 ----a-w- C:WindowsSysWow64MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- C:WindowsSysWow64wksprtPS.dll

2012-08-23 13:41:52 13312 ----a-w- C:WindowsSystem32TsUsbRedirectionGroupPolicyControl.exe

2012-08-23 13:40:56 13312 ----a-w- C:WindowsSystem32TsUsbRedirectionGroupPolicyExtension.dll

2012-08-23 13:24:57 15360 ----a-w- C:WindowsSystem32RdpGroupPolicyExtension.dll

2012-08-23 13:20:40 54272 ----a-w- C:WindowsSystem32MsRdpWebAccess.dll

2012-08-23 13:18:14 37376 ----a-w- C:WindowsSysWow64tsgqec.dll

2012-08-23 13:17:54 18432 ----a-w- C:WindowsSystem32wksprtPS.dll

2012-08-23 13:06:58 43520 ----a-w- C:WindowsSystem32TsUsbGDCoInstaller.dll

2012-08-23 12:52:53 44032 ----a-w- C:WindowsSystem32tsgqec.dll

2012-08-23 11:20:06 62976 ----a-w- C:WindowsSystem32TSWbPrxy.exe

2012-08-23 11:15:57 269312 ----a-w- C:WindowsSysWow64aaclient.dll

2012-08-23 11:14:09 384000 ----a-w- C:WindowsSystem32wksprt.exe

2012-08-23 11:12:17 192000 ----a-w- C:WindowsSysWow64rdpendp_winip.dll

2012-08-23 10:54:24 322560 ----a-w- C:WindowsSystem32aaclient.dll

2012-08-23 10:51:14 228864 ----a-w- C:WindowsSystem32rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- C:WindowsSysWow64mstsc.exe

2012-08-23 10:22:22 1123840 ----a-w- C:WindowsSystem32mstsc.exe

2012-08-23 09:51:57 3174912 ----a-w- C:WindowsSystem32rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- C:WindowsSysWow64mstscax.dll

2012-08-23 08:13:07 5773824 ----a-w- C:WindowsSystem32mstscax.dll

2012-08-21 18:01:20 125872 ----a-w- C:WindowsSystem32GEARAspi64.dll

2012-08-21 18:01:20 106928 ----a-w- C:WindowsSysWow64GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:WindowsSystem32wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:WindowsSystem32wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:WindowsSystem32wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:WindowsSystem32winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:WindowsSystem32ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:WindowsSystem32KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:WindowsSystem32conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:Windowsapppatchacwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:WindowsSysWow64setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:WindowsSysWow64wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:WindowsSysWow64KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:WindowsSysWow64instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:WindowsSysWow64user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

2012-07-22 05:37:48 829264 ----a-w- C:WindowsSystem32msvcr100.dll

2012-07-22 05:37:48 608080 ----a-w- C:WindowsSystem32msvcp100.dll

2012-07-22 01:55:14 773968 ----a-w- C:WindowsSysWow64msvcr100.dll

2012-07-22 01:55:14 421200 ----a-w- C:WindowsSysWow64msvcp100.dll

2012-07-18 18:15:06 3148800 ----a-w- C:WindowsSystem32win32k.sys

2012-07-09 18:42:56 4547984 ----a-w- C:WindowsSystem32usbaaplrc.dll

2012-07-09 18:42:54 52736 ----a-w- C:WindowsSystem32driversusbaapl64.sys

2012-07-04 22:13:27 59392 ----a-w- C:WindowsSystem32browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:WindowsSystem32browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:WindowsSysWow64browcli.dll

2012-06-06 06:06:16 2004480 ----a-w- C:WindowsSystem32msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:WindowsSystem32msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:WindowsSystem32cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:WindowsSysWow64msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:WindowsSysWow64msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:WindowsSysWow64cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:WindowsSystem32wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:WindowsSystem32wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:WindowsSystem32wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:WindowsSystem32wuapp.exe

2012-06-02 05:48:16 95600 ----a-w- C:WindowsSystem32driversksecdd.sys

2012-06-02 05:41:28 184320 ----a-w- C:WindowsSystem32cryptsvc.dll

2012-06-02 05:41:28 140288 ----a-w- C:WindowsSystem32cryptnet.dll

2012-06-02 05:41:27 1464320 ----a-w- C:WindowsSystem32crypt32.dll

2012-06-02 04:36:29 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll

2012-06-02 04:36:29 1159680 ----a-w- C:WindowsSysWow64crypt32.dll

2012-06-02 04:36:29 103936 ----a-w- C:WindowsSysWow64cryptnet.dll

2012-05-31 17:25:12 279656 ------w- C:WindowsSystem32MpSigStub.exe

2012-05-14 05:26:34 956928 ----a-w- C:WindowsSystem32localspl.dll

2012-05-05 08:36:55 503808 ----a-w- C:WindowsSystem32srcore.dll

2012-05-05 07:46:52 43008 ----a-w- C:WindowsSysWow64srclient.dll

.

============= FINISH: 18:01:28.26 ===============

Link to comment
Share on other sites

Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

 

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

After rebooting download the latest Java ... yours is outdated.

 

Update Java:

  • Download the latest version of Java Runtime Environment (JRE) 7u9.

    http://www.oracle.com/technetwork/java/javase/downloads/index.html

  • Scroll over to the right (JRE)

  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586-p.exe to install the newest version.

Now, would you run the program that is reporting Win32 Startpage or (fs) and see if it still says the same thing?

If you can save the report and post it, it sure would help! You could also take a snapshot and attach it to the post for me to see.

Link to comment
Share on other sites

I have completed all you have requested. Prcessed another scan via PC MAtic and I'm still getting the same results. I could not generate a report from the scan results and didn't want to copy the screen because it reveals my key and email.

 

Thank for helping and I appreciate anymore ideas, will be working on this issue during the eveing due to work for now, thanks

Link to comment
Share on other sites

I wonder if it's pointing to C:Program Files (x86)Dell StageDell Stagestage_primary.exe" "C:Program Files (x86)Dell StageDell Stagestart.umj" --startup :huh2:

 

Let's see if MBam picks anything up:

 

Please download (free version) Malwarebytes' Anti-Malware to your desktop

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.

* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform full scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

Link to comment
Share on other sites

Jacee,

 

I downloaded and ran the app you requested and it found nothing and is posted below. I don't believe Dell Stage is causing the problem because I have the same issue on my Sony Vaio laptop. I've been trying to cleanup my pc and uninstall Dell Stage but I've ran into a few problems but still working on that. I don't understand why my Webroot Secure Anywhere has not found anything and I've scanned my entire hard drive several times with it. Only PC Matic finds this and thinks it's a high prioity threat. Thanks again you for your help with this!

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.10.28.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jacobs :: JACOBS-PC [administrator]

10/28/2012 7:54:58 AM

mbam-log-2012-10-28 (07-54-58).txt

Scan type: Full scan (C:|Q:|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 337378

Time elapsed: 59 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to comment
Share on other sites

I also have found these files which may be of some use? I found 6 files in "C:ProgramDataPCPitstopDatQuarantine" and 3 of them are XML files which I could open. Here's the data in 1 of the 3 latest XML files.

 

<SBCSQuarantineRecordXML threatId="4761035" name="Trojan.Win32.Startpage.or (fs)" level="2" category="Trojan" type="Malware" adviseType="3" canQuarantine="true" author="" optionalScan="0" quarantineId="{FA6C34B0-C69F-4E51-A9AE-945157F65DDD}" dateTimeStampUTC="2012-10-23T20:35:02" scanGUID="{41C7DEC8-D8AC-480B-87E8-38CE2D6FD626}" quarantineLocation="C:ProgramDataPCPitstopDatQuarantine" Source="0" BufferOnly="false" threatDefinitionVersion="13658"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><fixes><fix traceType="3" actionType="4" isTransient="false" dispValue="HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONRUNWRSVC 1"><originalAttributes><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONRUN"/><attr n="valueName" v="WRSVC"/><attr n="valueType" v="1"/><attr n="valueData" v="220043003A005C00500072006F006700720061006D002000460069006C00650073005C0057006500620072006F006F0074005C0057005200530041002E00650078006500220020002D0075006C000000"/></originalAttributes><quarantineAttributes><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONRUN"/><attr n="valueName" v="WRSVC"/><attr n="valueType" v="0"/><attr n="valueData" v=""/></quarantineAttributes></fix><fix traceType="2" actionType="1" isTransient="false" dispValue="c:program filesWebrootWRSA.exe"><originalAttributes><attr n="path" v="c:program filesWebrootWRSA.exe"/><attr n="md5" v="F6717BACF4CBB45B4BAE206729AD3101"/></originalAttributes><quarantineAttributes><attr n="quarantineName" v="{41B2DC59-D8A1-495A-BE93-2C7CB862C86C}"/><attr n="isEncrypted" v="true"/></quarantineAttributes></fix></fixes></SBCSQuarantineRecordXML>

Link to comment
Share on other sites

Download Combofix from any of the links below, and save it to your desktop.<--Important

Link 1

Link 2

Link 3

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.

Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply

After rebooting ensure your Security applications have been re-enabled.

 

In your next reply post:

ComboFix.txt

***A guide and tutorial on "How to use Combofix" can be found here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

IF CF won't run:

During the download, rename Combofix.exe to sVchost.exe

Link to comment
Share on other sites

ComboFix.txt

 

ComboFix 12-10-30.03 - Jacobs 10/30/2012 17:24:24.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2685 [GMT -5:00]

Running from: c:usersJacobsDesktopComboFix.exe

AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-30 )))))))))))))))))))))))))))))))

.

.

2012-10-30 22:27 . 2012-10-30 22:27 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-10-29 21:42 . 2012-06-13 08:00 74344 ----a-w- c:windowssystem32RtNicProp64.dll

2012-10-29 21:42 . 2012-06-13 08:00 726160 ----a-w- c:windowssystem32driversRt64win7.sys

2012-10-29 16:30 . 2012-10-29 16:30 -------- d-----w- c:program files (x86)Common FilesJava

2012-10-29 16:30 . 2012-10-29 16:30 95208 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll

2012-10-28 14:03 . 2012-10-29 16:16 -------- d-----w- c:usersJacobsAppDataLocalDeployment

2012-10-28 12:54 . 2012-10-28 12:54 -------- d-----w- c:usersJacobsAppDataRoamingMalwarebytes

2012-10-28 12:52 . 2012-10-28 12:52 -------- d-----w- c:programdataMalwarebytes

2012-10-27 00:36 . 2012-10-12 07:19 9291768 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{4517B689-3E81-434D-BE0F-050E5FE33147}mpengine.dll

2012-10-24 15:10 . 2012-08-24 18:05 340992 ----a-w- c:windowssystem32schannel.dll

2012-10-24 15:10 . 2012-08-24 16:57 247808 ----a-w- c:windowsSysWow64schannel.dll

2012-10-24 15:10 . 2012-08-24 18:13 154480 ----a-w- c:windowssystem32driversksecpkg.sys

2012-10-24 15:10 . 2012-08-24 18:09 458712 ----a-w- c:windowssystem32driverscng.sys

2012-10-24 15:10 . 2012-08-24 18:04 307200 ----a-w- c:windowssystem32ncrypt.dll

2012-10-24 15:10 . 2012-08-24 16:57 220160 ----a-w- c:windowsSysWow64ncrypt.dll

2012-10-24 15:10 . 2012-08-24 18:03 1448448 ----a-w- c:windowssystem32lsasrv.dll

2012-10-24 15:10 . 2012-08-24 16:57 22016 ----a-w- c:windowsSysWow64secur32.dll

2012-10-24 15:10 . 2012-08-24 16:53 96768 ----a-w- c:windowsSysWow64sspicli.dll

2012-10-23 23:55 . 2012-10-23 23:55 -------- d-----w- c:programdata34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-16 22:34 . 2012-06-21 18:13 4065296 ----a-w- c:windowssystem32driversRTKVHD64.sys

2012-10-16 22:33 . 2012-06-21 18:13 626304 ----a-w- c:windowssystem32MBTHX64.dll

2012-10-16 22:33 . 2012-06-21 18:13 2674320 ----a-w- c:windowssystem32RtPgEx64.dll

2012-10-16 22:33 . 2012-06-21 18:13 869520 ----a-w- c:windowssystem32RtkApi64.dll

2012-10-16 22:33 . 2012-06-21 18:13 3615888 ----a-w- c:windowssystem32RtkAPO64.dll

2012-10-16 22:33 . 2012-06-21 18:13 561792 ----a-w- c:windowsSysWow64MBTHX32.dll

2012-10-16 22:33 . 2012-06-21 18:13 83072 ----a-w- c:windowssystem32MBWrp64.dll

2012-10-16 22:33 . 2012-06-21 18:13 105616 ----a-w- c:windowssystem32RCoInstII64.dll

2012-10-16 22:33 . 2012-06-21 18:13 1262696 ----a-w- c:windowssystem32RTCOM64.dll

2012-10-16 22:33 . 2012-06-21 18:13 897152 ----a-w- c:windowssystem32MBAPO64.dll

2012-10-16 22:33 . 2012-06-21 18:13 1015640 ----a-w- c:windowssystem32MaxxAudioAPOShell64.dll

2012-10-16 22:33 . 2012-06-21 18:13 2533952 ----a-w- c:windowssystem32FMAPO64.dll

2012-10-16 22:33 . 2012-06-21 18:13 753280 ----a-w- c:windowsSysWow64MBAPO32.dll

2012-10-16 19:52 . 2012-10-08 23:59 72280 ----a-w- c:windowssystem32driverssbapifs.sys

2012-10-10 13:02 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll

2012-10-10 13:02 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-10-10 13:01 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll

2012-10-10 13:01 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-29 16:30 . 2012-06-18 15:20 821736 ----a-w- c:windowsSysWow64npdeployJava1.dll

2012-10-29 16:30 . 2011-07-05 21:54 746984 ----a-w- c:windowsSysWow64deployJava1.dll

2012-10-23 12:51 . 2012-09-04 20:48 191984 ----a-w- c:windowssystem32javaws.exe

2012-10-23 12:51 . 2012-09-04 20:48 172528 ----a-w- c:windowssystem32javaw.exe

2012-10-23 12:51 . 2012-09-04 20:48 172528 ----a-w- c:windowssystem32java.exe

2012-10-23 12:51 . 2012-06-18 15:24 544240 ----a-w- c:windowssystem32npdeployJava1.dll

2012-10-23 12:51 . 2011-07-05 21:55 525808 ----a-w- c:windowssystem32deployJava1.dll

2012-10-13 16:10 . 2012-09-03 20:25 150776 ----a-w- c:windowsSysWow64WRusr.dll

2012-10-13 16:10 . 2012-09-03 20:25 110672 ----a-w- c:windowssystem32driversWRkrn.sys

2012-10-13 16:10 . 2012-09-03 20:25 103408 ----a-w- c:windowssystem32WRusr.dll

2012-10-10 13:05 . 2011-09-21 22:10 65309168 ----a-w- c:windowssystem32MRT.exe

2012-10-10 12:59 . 2012-04-16 14:24 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-10-10 12:59 . 2011-10-03 13:33 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-09-18 19:59 . 2012-07-30 14:23 461464 ----a-w- c:programdataMicrosoftClickToRun{9AC08E99-230B-47e8-9721-4577B7F124EA}integrator.exe

2012-08-24 11:15 . 2012-09-26 14:21 17810944 ----a-w- c:windowssystem32mshtml.dll

2012-08-24 10:39 . 2012-09-26 14:21 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-08-24 10:31 . 2012-09-26 14:21 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-08-24 10:22 . 2012-09-26 14:21 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-08-24 10:21 . 2012-09-26 14:21 1392128 ----a-w- c:windowssystem32wininet.dll

2012-08-24 10:20 . 2012-09-26 14:21 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-24 10:18 . 2012-09-26 14:21 237056 ----a-w- c:windowssystem32url.dll

2012-08-24 10:17 . 2012-09-26 14:21 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-08-24 10:14 . 2012-09-26 14:21 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-24 10:14 . 2012-09-26 14:21 816640 ----a-w- c:windowssystem32jscript.dll

2012-08-24 10:13 . 2012-09-26 14:21 599040 ----a-w- c:windowssystem32vbscript.dll

2012-08-24 10:12 . 2012-09-26 14:21 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-08-24 10:11 . 2012-09-26 14:21 729088 ----a-w- c:windowssystem32msfeeds.dll

2012-08-24 10:10 . 2012-09-26 14:21 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-08-24 10:09 . 2012-09-26 14:21 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-24 10:04 . 2012-09-26 14:21 248320 ----a-w- c:windowssystem32ieui.dll

2012-08-24 06:59 . 2012-09-26 14:21 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-08-24 06:51 . 2012-09-26 14:21 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-08-24 06:51 . 2012-09-26 14:21 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-08-24 06:47 . 2012-09-26 14:21 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-08-24 06:47 . 2012-09-26 14:21 420864 ----a-w- c:windowsSysWow64vbscript.dll

2012-08-24 06:43 . 2012-09-26 14:21 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-08-22 18:12 . 2012-09-18 15:30 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-08-22 18:12 . 2012-09-18 15:30 950128 ----a-w- c:windowssystem32driversndis.sys

2012-08-22 18:12 . 2012-09-18 15:30 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-08-22 18:12 . 2012-09-18 15:30 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 14:20 245760 ----a-w- c:windowssystem32OxpsConverter.exe

2012-08-21 18:01 . 2012-09-18 15:40 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys

2012-08-21 18:01 . 2011-09-28 00:12 125872 ----a-w- c:windowssystem32GEARAspi64.dll

2012-08-21 18:01 . 2011-09-28 00:12 106928 ----a-w- c:windowsSysWow64GEARAspi.dll

2012-08-20 17:38 . 2012-10-10 13:03 44032 ----a-w- c:windowsapppatchacwow64.dll

2012-08-02 17:58 . 2012-09-18 15:30 574464 ----a-w- c:windowssystem32d3d10level9.dll

2012-08-02 16:57 . 2012-09-18 15:30 490496 ----a-w- c:windowsSysWow64d3d10level9.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOTCLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-30 14:38 208608 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOTCLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-30 14:38 208608 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOTCLSID{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-30 14:38 208608 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2012-09-23 13:43 2042528 ----a-w- c:program filesMicrosoft Office 15rootoffice15grooveex.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2012-09-23 13:43 2042528 ----a-w- c:program filesMicrosoft Office 15rootoffice15grooveex.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2012-09-23 13:43 2042528 ----a-w- c:program filesMicrosoft Office 15rootoffice15grooveex.dll

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"RoxWatchTray"="c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe" [2010-11-25 240112]

"IAStorIcon"="c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2010-03-04 284696]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280]

"Desktop Disc Tool"="c:program files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe" [2010-11-17 514544]

"Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2012-05-16 26816]

"PC MaticRT"="c:program files (x86)PCPitstopPC MaticRTPCMaticRT.exe" [2012-10-09 1518080]

"WRSVC"="c:program filesWebrootWRSA.exe" [2012-10-13 726536]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-11-18 275072]

Secunia PSI Tray.lnk - c:program files (x86)SecuniaPSIpsi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 WRSVC;WRSVC;c:program filesWebrootWRSA.exe [2012-10-13 726536]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-10-10 250808]

R3 GamesAppService;GamesAppService;c:program files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]

R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2012-07-22 5132888]

R3 PCPitstop Scheduling;PCPitstop Scheduling;c:program files (x86)PCPitstopPCPitstopScheduleService.exe [2012-05-16 91848]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2012-08-23 19456]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RoxWatch12;Roxio Hard Drive Watcher 12;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856]

S0 WRkrn;WRkrn;c:windowsSystem32driversWRkrn.sys [2012-10-13 110672]

S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2010-03-04 13336]

S2 OfficeSvc;Microsoft Office Service;c:program filesMicrosoft Office 15ClientX64integratedoffice.exe [2012-09-11 1494144]

S2 PCPitstop Realtime;PCPitstop Realtime;c:program files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe [2012-10-09 3828736]

S2 sbapifs;sbapifs;c:windowssystem32DRIVERSsbapifs.sys [2012-10-08 72280]

S2 Secunia PSI Agent;Secunia PSI Agent;c:program files (x86)SecuniaPSIPSIA.exe [2011-10-14 994360]

S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2009-05-26 138752]

S3 PSI;PSI;c:windowssystem32DRIVERSpsi_mf.sys [2010-09-01 17976]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2012-06-13 726160]

S3 Secunia Update Agent;Secunia Update Agent;c:program files (x86)SecuniaPSIsua.exe [2011-10-14 399416]

S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-30 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-16 13:00]

.

2012-10-30 c:windowsTasksHP Photo Creations Communicator.job

- c:programdataHP Photo CreationsCommunicator.exe [2012-06-18 16:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOTCLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-30 14:38 232672 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525amd64SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOTCLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-30 14:38 232672 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525amd64SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOTCLSID{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-30 14:38 232672 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525amd64SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2012-09-23 13:44 2860192 ----a-w- c:program filesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2012-09-23 13:44 2860192 ----a-w- c:program filesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2012-09-23 13:44 2860192 ----a-w- c:program filesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2012-06-21 12503184]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-12 162328]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.blueletterbible.org/

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:program filesMicrosoft Office 15RootOffice15EXCEL.EXE/3000

IE: Se&nd to OneNote - c:program filesMicrosoft Office 15RootOffice15ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:program filesMicrosoft Office 15rootoffice15msosb.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-DellStage - c:program files (x86)Dell StageDell Stagestage_primary.exe

AddRemove-WT089446 - c:program files (x86)WildTangentDell GamesWedding Dash - Ready

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREMcAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane30]

"Key"="ActionsPane3"

"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-30 17:28:24

ComboFix-quarantined-files.txt 2012-10-30 22:28

.

Pre-Run: 903,948,451,840 bytes free

Post-Run: 903,564,660,736 bytes free

.

- - End Of File - - D53A574F6B1B2430190B4C90FF08D77F

Link to comment
Share on other sites

Is this your home page? hxxp://www.blueletterbible.org/

 

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt.

Please post the contents of that document.

Link to comment
Share on other sites

Yes, http://www.blueletterbible.org/ is my homepage, not sure why it shows up as "hxxp" ??

 

Thank you again for your help, your requested results are below. I'll be working until the evening the rest of the week.

 

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Webroot SecureAnywhere

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Secunia PSI (2.0.0.4003)

Java 6 Update 33

Java 7 Update 9

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to comment
Share on other sites

Download JavaRa to remove all old Java http://singularlabs.com/software/javara/

 

Next, download AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

2.Click on Delete button.

3.Confirm each time with OK.

4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number.

Posted Image

Link to comment
Share on other sites

I tried removing all older versions of JRE with JavaRa but when I run it to uninstall version 6 it says "This action is only valid for products that are currently installed" Also, only java 7 shows up in my control panel as a program that could be uninstalled.

 

Here's the AdwCleaner...

 

# AdwCleaner v2.006 - Logfile created 11/01/2012 at 19:55:36

# Updated 30/10/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Jacobs - JACOBS-PC

# Boot Mode : Normal

# Running from : C:UsersJacobsDesktopAdwCleaner.exe

# Option [Delete]

 

***** [services] *****

 

***** [Files / Folders] *****

 

***** [Registry] *****

Key Deleted : HKCUSoftwareAppDataLowSoftware

***** [internet Browsers] *****

- Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [567 octets] - [01/11/2012 19:55:36]

########## EOF - C:AdwCleaner[s1].txt - [626 octets] ##########

Link to comment
Share on other sites

It looks to me like you are getting a 'false/positive' report from PC Matic ... it may be detecting Webroot's virus definitions. Running two anti-virus programs (at the same time) will cause problems. They are resource hogs and will fight each other for your system's resources, as well may fight each other's definitions.

 

Uninstall Combofix:

Click on the Start button and then select Run from the menu. This will open up the Run box.

Copy/Paste combofix /uninstall (Please note that there is a space between combofix and /uninstall), click on the OK button or Enter on your keyboard.

You can now delete the ComboFix.exe program from your computer

 

For Vista / Windows 7

Click START Search

 

Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

 

After doing the above, download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

 

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Link to comment
Share on other sites

I've completed your requests. Thank you for all your help!

 

Webroot's virus definitions are stored in "the cloud" and uses very little CPU and resources but I guess that could still be the problem. It could very well be the problem because it seems I started having this problem within a month of installing Webroot if I recall correctly.

 

I will try and shutdown Webroot protection and run another PC Matic scan to see if anything changes. I will have to wait untill tomorrow to complete that.

 

Please let me know if there is anything else I need to do, thanks again!

Link to comment
Share on other sites

I appologize, I believe you wanted me to un-install Combofix which I did, then downloaded and ran TFC as you requested and rebooted. I ran TFC again and it looked like it cleaned up because it was showing zero bites in the files as it was cleaning the 2nd time. There were no logfiles generated.

 

Would you like me to re-install Combofix and run it?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...