Bound4Glory Posted October 23, 2012 Share Posted October 23, 2012 Hi, This is my 1st time to post so I really appreciate any help. I've ran PC Matic several times, and each time it shows I have a high security threat called Win32 Startpage or (fs). I've have allowed PC Matic to clean it but after each re-scan it shows it's still there. I've tried to search for the file and cannot find it. I also use Webroot Secure Anywhere and it has not found this trojan. I have Windows 7 and also use Defender. Not sure how to execute a log file for troubleshooting purposes. Really need advice! Thanks. Link to comment Share on other sites More sharing options...
Jacee Posted October 23, 2012 Share Posted October 23, 2012 Download DDS from one of these links: DDS.com DDS.pif Disable any script blocking protection Double click the dds icon to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt <--- will be minimized in the task tray Save both reports to your desktop. Include the contents of both logs in your next post.The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post it's contents as you would any other log. Link to comment Share on other sites More sharing options...
Bound4Glory Posted October 24, 2012 Author Share Posted October 24, 2012 Thank you for the help Jacee! I also have the exact same problem on my laptop, hopefully I'll be able to correct both issues. I have followed your instructions, shut down real time protection with webroot and defender and generated the following logfiles from my desktop. DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Jacobs at 8:56:16 on 2012-10-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3042 [GMT -5:00] . AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Program FilesWebrootWRSA.exe C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:WindowsSysWOW64svchost.exe -k hpdevmgmt C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe C:Program Files (x86)SecuniaPSIPSIA.exe C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe C:Windowssystem32svchost.exe -k imgsvc C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE C:Windowssystem32SearchIndexer.exe C:Windowssystem32svchost.exe -k HPService C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32WUDFHost.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:WindowsSystem32svchost.exe -k LocalServicePeerNet C:Program Files (x86)SecuniaPSIsua.exe C:Windowssystem32DllHost.exe C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe C:WindowsSystem32svchost.exe -k secsvcs C:Program FilesiPodbiniPodService.exe C:Windowssystem32taskhost.exe C:Program FilesWebrootWRSA.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesRealtekAudioHDARAVCpl64.exe C:WindowsSystem32igfxtray.exe C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe C:Program Files (x86)SecuniaPSIpsi_tray.exe C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe C:Program Files (x86)iTunesiTunesHelper.exe C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe C:Windowssystem32conhost.exe C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe C:PROGRA~2HPDIGITA~1binhpqbam08.exe C:PROGRA~2HPDIGITA~1binhpqgpc01.exe C:Program Files (x86)Common FilesAppleMobile Device SupportSyncServer.exe C:Windowssystem32conhost.exe C:Windowssystem32taskeng.exe C:ProgramDataHP Photo CreationsCommunicator.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe C:Program FilesWindows DefenderMSASCui.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32DllHost.exe C:WindowsSystem32cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.blueletterbible.org/ mWinlogon: Userinit = userinit.exe UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-19.01) . Microsoft Windows 7 Home Premium Boot Device: DeviceHarddiskVolume2 Install Date: 9/21/2011 3:07:51 PM System Uptime: 10/24/2012 1:07:07 AM (7 hours ago) . Motherboard: Dell Inc. | | 018D1Y Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz | CPU 1 | 1601/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 918 GiB total, 848.756 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) MUI AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 2 Deluxe Blackhawk Striker 2 Bonjour Bounce Symphony BufferChm Build-a-lot 2 Cake Mania Chuzzle Deluxe D110 D3DX10 Dell Edoc Viewer Dell MusicStage Dell PhotoStage Dell Stage Destinations DeviceDiscovery Diner Dash 2 Restaurant Rescue DirectX 9 Runtime Dora's World Adventure Escape Whisper Valley Farm Frenzy FATE Final Drive Fury Final Drive Nitro GPBaseService2 HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPPhotoGadget HPProductAssistant Info Center 1.0.0.7 Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Internet Explorer iTunes Java Auto Updater Java 6 Update 33 Java 6 Update 33 (64-bit) Java 6 Update 37 Java 6 Update 37 (64-bit) Jewel Quest Jewel Quest Solitaire 2 Junk Mail filter update Luxor MarketResearch Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 365 Home Premium Preview - en-us Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Namco All-Stars PAC-MAN Network64 Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component PC Matic 1.1.0.48 PC Pitstop Info Center 1.0.0.13 PC Pitstop SuperShield 1.0.0.33 Penguins! PhotoShowExpress Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer PS_AIO_07_D110_SW_Min Quicken 2011 QuickTime QuickTransfer RBVirtualFolder64Inst Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio File Backup Samantha Swift Scan Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) SmartWebPrinting SolutionCenter Sonic CinePlayer Decoder Pack Status TaxACT 2011 - 1040 Edition Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life WebReg Webroot SecureAnywhere Wedding Dash - Ready, Aim, Love! WildTangent Games WildTangent Games App (Dell Games) WinDirStat 1.1.2 Windows Driver Package - Realtek (RTL8167) Net (08/23/2011 7.048.0823.2011) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/19/2012 6.0.1.6662) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (08/30/2011 6.0.1.6449) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/18/2011 6.0.1.6482) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/13/2011 6.0.1.6526) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 10/23/2012 7:27:23 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== Link to comment Share on other sites More sharing options...
Jacee Posted October 24, 2012 Share Posted October 24, 2012 I'd like you to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push Link to comment Share on other sites More sharing options...
Bound4Glory Posted October 24, 2012 Author Share Posted October 24, 2012 Jacee, No threats found Scanned files: 151241 Infected files: 0 Cleaned files: 0 Toltal scan time: 01:47:28 Scan Status: Finished I uninstalled app on close. Link to comment Share on other sites More sharing options...
Jacee Posted October 24, 2012 Share Posted October 24, 2012 Can you post the complete DDS.txt report please? It's the one you posted first, not the (2nd) 'attached' txt. If you need to run DDS again, then so. Link to comment Share on other sites More sharing options...
Bound4Glory Posted October 24, 2012 Author Share Posted October 24, 2012 I hope this is correct...thanks for the help DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Jacobs at 18:01:18 on 2012-10-24 #Option Extended Search is enabled. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2297 [GMT -5:00] . AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Program FilesWebrootWRSA.exe C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:WindowsSysWOW64svchost.exe -k hpdevmgmt C:WindowsSystem32svchost.exe -k HPZ12 C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe C:WindowsSystem32svchost.exe -k HPZ12 C:Program Files (x86)SecuniaPSIPSIA.exe C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe C:Windowssystem32svchost.exe -k imgsvc C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE C:Windowssystem32SearchIndexer.exe C:Windowssystem32svchost.exe -k HPService C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32WUDFHost.exe C:Windowssystem32taskhost.exe C:Program FilesWebrootWRSA.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesRealtekAudioHDARAVCpl64.exe C:Program Files (x86)SecuniaPSIsua.exe C:WindowsSystem32igfxtray.exe C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe C:Program Files (x86)SecuniaPSIpsi_tray.exe C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe C:Program Files (x86)iTunesiTunesHelper.exe C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe C:Program FilesiPodbiniPodService.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:WindowsSystem32svchost.exe -k LocalServicePeerNet C:Program Files (x86)HPDigital ImagingbinhpqSTE08.exe C:PROGRA~2HPDIGITA~1binhpqbam08.exe C:PROGRA~2HPDIGITA~1binhpqgpc01.exe C:Windowssystem32DllHost.exe C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe C:WindowsSystem32svchost.exe -k secsvcs C:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe C:Program FilesWindows DefenderMSASCui.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Windowssystem32taskhost.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32DllHost.exe C:WindowsSystem32cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.blueletterbible.org/ mWinlogon: Userinit = userinit.exe BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft Office 15rootoffice15urlredir.dll BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:Program FilesMicrosoft Office 15rootoffice15grooveex.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_bho.dll mRun: [RoxWatchTray] "C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe" mRun: [iAStorIcon] C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [Desktop Disc Tool] "C:Program Files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe" mRun: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe mRun: [PC MaticRT] C:Program Files (x86)PCPitstopPC MaticRTPCMaticRT.exe mRun: [WRSVC] "C:Program FilesWebrootWRSA.exe" -ul StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupHPDIGI~1.LNK - C:Program Files (x86)HPDigital Imagingbinhpqtra08.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupSECUNI~1.LNK - C:Program Files (x86)SecuniaPSIpsi_tray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:Program FilesMicrosoft Office 15RootOffice15EXCEL.EXE/3000 IE: Se&nd to OneNote - C:Program FilesMicrosoft Office 15RootOffice15ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program FilesMicrosoft Office 15rootoffice15onbttnie.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program FilesMicrosoft Office 15rootoffice15ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces{D3348727-DE9F-4C04-B233-3BD4DB851D2C} : DHCPNameServer = 192.168.1.1 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:Program FilesMicrosoft Office 15rootoffice15msosb.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15OCHelper.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15URLREDIR.DLL x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll x64-Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s x64-Run: [igfxTray] C:WindowsSystem32igfxtray.exe x64-Run: [DellStage] "C:Program Files (x86)Dell StageDell Stagestage_primary.exe" "C:Program Files (x86)Dell StageDell Stagestart.umj" --startup x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program FilesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-Notify: PFW - <no file> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2011-7-5 55856] R0 WRkrn;WRkrn;C:WindowsSystem32driversWRkrn.sys [2012-9-3 110672] R2 cvhsvc;Client Virtualization Handler;C:Program Files (x86)Common Filesmicrosoft sharedVirtualization HandlerCVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-7-5 13336] R2 OfficeSvc;Microsoft Office Service;C:Program FilesMicrosoft Office 15ClientX64integratedoffice.exe [2012-7-30 1494144] R2 PCPitstop Realtime;PCPitstop Realtime;C:Program Files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe [2012-10-16 3828736] R2 sbapifs;sbapifs;C:WindowsSystem32driverssbapifs.sys [2012-10-16 72280] R2 Secunia PSI Agent;Secunia PSI Agent;C:Program Files (x86)SecuniaPSIpsia.exe [2011-10-14 994360] R2 sftlist;Application Virtualization Client;C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-1 508776] R2 WRSVC;WRSVC;C:Program FilesWebrootWRSA.exe [2012-9-3 726536] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:WindowsSystem32driversIntcHdmi.sys [2011-7-5 138752] R3 PSI;PSI;C:WindowsSystem32driverspsi_mf.sys [2010-9-1 17976] R3 RTL8167;Realtek 8167 NT Driver;C:WindowsSystem32driversRt64win7.sys [2011-11-7 565352] R3 Secunia Update Agent;Secunia Update Agent;C:Program Files (x86)SecuniaPSIsua.exe [2011-10-14 399416] R3 Sftfs;Sftfs;C:WindowsSystem32driversSftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:WindowsSystem32driversSftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:WindowsSystem32driversSftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:WindowsSystem32driversSftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S3 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-7-27 63960] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-16 250808] S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072] S3 osppsvc;Office Software Protection Platform;C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2012-7-22 5132888] S3 PCPitstop Scheduling;PCPitstop Scheduling;C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe [2012-6-16 91848] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:WindowsSystem32driversrdpvideominiport.sys [2012-10-24 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RoxWatch12;Roxio Hard Drive Watcher 12;C:Program Files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632] S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2012-10-24 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:WindowsSystem32driversTsUsbGD.sys [2012-10-24 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:WindowsSystem32driversusbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2011-9-21 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184] . =============== Created Last 60 ================ . 2012-10-24 16:54:43 -------- d-----w- C:Program Files (x86)ESET 2012-10-24 15:10:41 340992 ----a-w- C:WindowsSystem32schannel.dll 2012-10-24 15:10:41 247808 ----a-w- C:WindowsSysWow64schannel.dll 2012-10-24 15:10:40 458712 ----a-w- C:WindowsSystem32driverscng.sys 2012-10-24 15:10:40 307200 ----a-w- C:WindowsSystem32ncrypt.dll 2012-10-24 15:10:40 220160 ----a-w- C:WindowsSysWow64ncrypt.dll 2012-10-24 15:10:40 154480 ----a-w- C:WindowsSystem32driversksecpkg.sys 2012-10-24 15:10:39 96768 ----a-w- C:WindowsSysWow64sspicli.dll 2012-10-24 15:10:39 22016 ----a-w- C:WindowsSysWow64secur32.dll 2012-10-24 15:10:39 1448448 ----a-w- C:WindowsSystem32lsasrv.dll 2012-10-23 23:55:04 -------- d-----w- C:ProgramData34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-23 20:18:28 69000 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{FEDEEB66-BB44-41E3-B69E-06FF74C630DA}offreg.dll 2012-10-23 12:45:49 9291768 ----a-w- C:ProgramDataMicrosoftWindows DefenderDefinition Updates{FEDEEB66-BB44-41E3-B69E-06FF74C630DA}mpengine.dll 2012-10-16 22:34:02 4065296 ----a-w- C:WindowsSystem32driversRTKVHD64.sys 2012-10-16 22:33:59 869520 ----a-w- C:WindowsSystem32RtkApi64.dll 2012-10-16 22:33:59 83072 ----a-w- C:WindowsSystem32MBWrp64.dll 2012-10-16 22:33:59 626304 ----a-w- C:WindowsSystem32MBTHX64.dll 2012-10-16 22:33:59 561792 ----a-w- C:WindowsSysWow64MBTHX32.dll 2012-10-16 22:33:59 3615888 ----a-w- C:WindowsSystem32RtkAPO64.dll 2012-10-16 22:33:59 2674320 ----a-w- C:WindowsSystem32RtPgEx64.dll 2012-10-16 22:33:59 1262696 ----a-w- C:WindowsSystem32RTCOM64.dll 2012-10-16 22:33:59 105616 ----a-w- C:WindowsSystem32RCoInstII64.dll 2012-10-16 22:33:58 897152 ----a-w- C:WindowsSystem32MBAPO64.dll 2012-10-16 22:33:58 753280 ----a-w- C:WindowsSysWow64MBAPO32.dll 2012-10-16 22:33:58 2533952 ----a-w- C:WindowsSystem32FMAPO64.dll 2012-10-16 22:33:58 1015640 ----a-w- C:WindowsSystem32MaxxAudioAPOShell64.dll 2012-10-16 19:52:11 72280 ----a-w- C:WindowsSystem32driverssbapifs.sys 2012-10-10 13:02:31 2048 ----a-w- C:WindowsSysWow64tzres.dll 2012-10-10 13:02:31 2048 ----a-w- C:WindowsSystem32tzres.dll 2012-10-10 13:01:52 715776 ----a-w- C:WindowsSystem32kerberos.dll 2012-10-10 13:01:52 542208 ----a-w- C:WindowsSysWow64kerberos.dll 2012-09-26 14:20:18 245760 ----a-w- C:WindowsSystem32OxpsConverter.exe 2012-09-18 15:40:38 33240 ----a-w- C:WindowsSystem32driversGEARAspiWDM.sys 2012-09-18 15:30:22 950128 ----a-w- C:WindowsSystem32driversndis.sys 2012-09-18 15:30:22 41472 ----a-w- C:WindowsSystem32driversRNDISMP.sys 2012-09-18 15:30:22 376688 ----a-w- C:WindowsSystem32driversnetio.sys 2012-09-18 15:30:22 288624 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS 2012-09-18 15:30:22 1913200 ----a-w- C:WindowsSystem32driverstcpip.sys 2012-09-18 15:30:21 574464 ----a-w- C:WindowsSystem32d3d10level9.dll 2012-09-18 15:30:21 490496 ----a-w- C:WindowsSysWow64d3d10level9.dll 2012-09-12 01:07:50 150648 ----a-w- C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE 2012-09-03 20:25:20 150776 ----a-w- C:WindowsSysWow64WRusr.dll 2012-09-03 20:25:20 110672 ----a-w- C:WindowsSystem32driversWRkrn.sys 2012-09-03 20:25:20 103408 ----a-w- C:WindowsSystem32WRusr.dll 2012-09-03 20:25:19 -------- d-----w- C:Program FilesWebroot 2012-09-03 20:25:15 -------- d-----w- C:ProgramDataWRData 2012-09-03 17:06:18 2990096 ----a-w- C:WindowsSysWow64winsflte.dl1 2012-09-03 17:06:18 -------- d-----w- C:WindowsSysWow64winsflt.dl1 2012-09-03 17:02:38 -------- d-----w- C:ProgramDataCA-SupportBridge 2012-09-03 16:56:33 -------- d-----w- C:Program Files (x86)iYogi Support Dock . ==================== Find6M ==================== . 2012-10-23 12:51:55 544240 ----a-w- C:WindowsSystem32npdeployJava1.dll 2012-10-23 12:51:55 525808 ----a-w- C:WindowsSystem32deployJava1.dll 2012-10-23 12:48:24 477168 ----a-w- C:WindowsSysWow64npdeployJava1.dll 2012-10-23 12:48:24 473072 ----a-w- C:WindowsSysWow64deployJava1.dll 2012-10-10 12:59:26 73656 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2012-10-10 12:59:26 696760 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe 2012-08-31 18:19:35 1659760 ----a-w- C:WindowsSystem32driversntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:WindowsSystem32ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:WindowsSysWow64ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:WindowsSysWow64ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:WindowsSystem32wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:WindowsSysWow64wintrust.dll 2012-08-24 10:31:32 2312704 ----a-w- C:WindowsSystem32jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:WindowsSystem32wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:WindowsSystem32ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:WindowsSystem32vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:WindowsSystem32mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:WindowsSysWow64jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:WindowsSysWow64wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:WindowsSysWow64vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb 2012-08-23 14:13:11 243200 ----a-w- C:WindowsSystem32rdpudd.dll 2012-08-23 14:10:20 19456 ----a-w- C:WindowsSystem32driversrdpvideominiport.sys 2012-08-23 14:08:26 30208 ----a-w- C:WindowsSystem32driversTsUsbGD.sys 2012-08-23 14:07:35 57856 ----a-w- C:WindowsSystem32driversTsUsbFlt.sys 2012-08-23 13:47:20 46592 ----a-w- C:WindowsSysWow64MsRdpWebAccess.dll 2012-08-23 13:46:20 16896 ----a-w- C:WindowsSysWow64wksprtPS.dll 2012-08-23 13:41:52 13312 ----a-w- C:WindowsSystem32TsUsbRedirectionGroupPolicyControl.exe 2012-08-23 13:40:56 13312 ----a-w- C:WindowsSystem32TsUsbRedirectionGroupPolicyExtension.dll 2012-08-23 13:24:57 15360 ----a-w- C:WindowsSystem32RdpGroupPolicyExtension.dll 2012-08-23 13:20:40 54272 ----a-w- C:WindowsSystem32MsRdpWebAccess.dll 2012-08-23 13:18:14 37376 ----a-w- C:WindowsSysWow64tsgqec.dll 2012-08-23 13:17:54 18432 ----a-w- C:WindowsSystem32wksprtPS.dll 2012-08-23 13:06:58 43520 ----a-w- C:WindowsSystem32TsUsbGDCoInstaller.dll 2012-08-23 12:52:53 44032 ----a-w- C:WindowsSystem32tsgqec.dll 2012-08-23 11:20:06 62976 ----a-w- C:WindowsSystem32TSWbPrxy.exe 2012-08-23 11:15:57 269312 ----a-w- C:WindowsSysWow64aaclient.dll 2012-08-23 11:14:09 384000 ----a-w- C:WindowsSystem32wksprt.exe 2012-08-23 11:12:17 192000 ----a-w- C:WindowsSysWow64rdpendp_winip.dll 2012-08-23 10:54:24 322560 ----a-w- C:WindowsSystem32aaclient.dll 2012-08-23 10:51:14 228864 ----a-w- C:WindowsSystem32rdpendp_winip.dll 2012-08-23 10:39:24 1048064 ----a-w- C:WindowsSysWow64mstsc.exe 2012-08-23 10:22:22 1123840 ----a-w- C:WindowsSystem32mstsc.exe 2012-08-23 09:51:57 3174912 ----a-w- C:WindowsSystem32rdpcorets.dll 2012-08-23 08:19:01 4916224 ----a-w- C:WindowsSysWow64mstscax.dll 2012-08-23 08:13:07 5773824 ----a-w- C:WindowsSystem32mstscax.dll 2012-08-21 18:01:20 125872 ----a-w- C:WindowsSystem32GEARAspi64.dll 2012-08-21 18:01:20 106928 ----a-w- C:WindowsSysWow64GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:WindowsSystem32wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:WindowsSystem32wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:WindowsSystem32wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:WindowsSystem32winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:WindowsSystem32ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:WindowsSystem32KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:WindowsSystem32conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:Windowsapppatchacwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:WindowsSysWow64setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:WindowsSysWow64wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:WindowsSysWow64KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:WindowsSysWow64instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:WindowsSysWow64user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll 2012-07-22 05:37:48 829264 ----a-w- C:WindowsSystem32msvcr100.dll 2012-07-22 05:37:48 608080 ----a-w- C:WindowsSystem32msvcp100.dll 2012-07-22 01:55:14 773968 ----a-w- C:WindowsSysWow64msvcr100.dll 2012-07-22 01:55:14 421200 ----a-w- C:WindowsSysWow64msvcp100.dll 2012-07-18 18:15:06 3148800 ----a-w- C:WindowsSystem32win32k.sys 2012-07-09 18:42:56 4547984 ----a-w- C:WindowsSystem32usbaaplrc.dll 2012-07-09 18:42:54 52736 ----a-w- C:WindowsSystem32driversusbaapl64.sys 2012-07-04 22:13:27 59392 ----a-w- C:WindowsSystem32browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:WindowsSystem32browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:WindowsSysWow64browcli.dll 2012-06-06 06:06:16 2004480 ----a-w- C:WindowsSystem32msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:WindowsSystem32msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:WindowsSystem32cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:WindowsSysWow64msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:WindowsSysWow64msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:WindowsSysWow64cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:WindowsSystem32wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:WindowsSystem32wudriver.dll 2012-06-02 20:19:42 186752 ----a-w- C:WindowsSystem32wuwebv.dll 2012-06-02 20:15:12 36864 ----a-w- C:WindowsSystem32wuapp.exe 2012-06-02 05:48:16 95600 ----a-w- C:WindowsSystem32driversksecdd.sys 2012-06-02 05:41:28 184320 ----a-w- C:WindowsSystem32cryptsvc.dll 2012-06-02 05:41:28 140288 ----a-w- C:WindowsSystem32cryptnet.dll 2012-06-02 05:41:27 1464320 ----a-w- C:WindowsSystem32crypt32.dll 2012-06-02 04:36:29 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll 2012-06-02 04:36:29 1159680 ----a-w- C:WindowsSysWow64crypt32.dll 2012-06-02 04:36:29 103936 ----a-w- C:WindowsSysWow64cryptnet.dll 2012-05-31 17:25:12 279656 ------w- C:WindowsSystem32MpSigStub.exe 2012-05-14 05:26:34 956928 ----a-w- C:WindowsSystem32localspl.dll 2012-05-05 08:36:55 503808 ----a-w- C:WindowsSystem32srcore.dll 2012-05-05 07:46:52 43008 ----a-w- C:WindowsSysWow64srclient.dll . ============= FINISH: 18:01:28.26 =============== Link to comment Share on other sites More sharing options...
Jacee Posted October 25, 2012 Share Posted October 25, 2012 Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop. Save any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean. After rebooting download the latest Java ... yours is outdated. Update Java: Download the latest version of Java Runtime Environment (JRE) 7u9.http://www.oracle.com/technetwork/java/javase/downloads/index.html Scroll over to the right (JRE) Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u9-windows-i586-p.exe to install the newest version. Now, would you run the program that is reporting Win32 Startpage or (fs) and see if it still says the same thing? If you can save the report and post it, it sure would help! You could also take a snapshot and attach it to the post for me to see. Link to comment Share on other sites More sharing options...
Bound4Glory Posted October 27, 2012 Author Share Posted October 27, 2012 I have completed all you have requested. Prcessed another scan via PC MAtic and I'm still getting the same results. I could not generate a report from the scan results and didn't want to copy the screen because it reveals my key and email. Thank for helping and I appreciate anymore ideas, will be working on this issue during the eveing due to work for now, thanks Link to comment Share on other sites More sharing options...
Jacee Posted October 27, 2012 Share Posted October 27, 2012 I wonder if it's pointing to C:Program Files (x86)Dell StageDell Stagestage_primary.exe" "C:Program Files (x86)Dell StageDell Stagestart.umj" --startup Let's see if MBam picks anything up: Please download (free version) Malwarebytes' Anti-Malware to your desktop http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ * Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply. Link to comment Share on other sites More sharing options...
Bound4Glory Posted October 29, 2012 Author Share Posted October 29, 2012 Jacee, I downloaded and ran the app you requested and it found nothing and is posted below. I don't believe Dell Stage is causing the problem because I have the same issue on my Sony Vaio laptop. I've been trying to cleanup my pc and uninstall Dell Stage but I've ran into a few problems but still working on that. I don't understand why my Webroot Secure Anywhere has not found anything and I've scanned my entire hard drive several times with it. Only PC Matic finds this and thinks it's a high prioity threat. Thanks again you for your help with this! Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jacobs :: JACOBS-PC [administrator] 10/28/2012 7:54:58 AM mbam-log-2012-10-28 (07-54-58).txt Scan type: Full scan (C:|Q:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 337378 Time elapsed: 59 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Link to comment Share on other sites More sharing options...
Bound4Glory Posted October 29, 2012 Author Share Posted October 29, 2012 I also have found these files which may be of some use? I found 6 files in "C:ProgramDataPCPitstopDatQuarantine" and 3 of them are XML files which I could open. Here's the data in 1 of the 3 latest XML files. <SBCSQuarantineRecordXML threatId="4761035" name="Trojan.Win32.Startpage.or (fs)" level="2" category="Trojan" type="Malware" adviseType="3" canQuarantine="true" author="" optionalScan="0" quarantineId="{FA6C34B0-C69F-4E51-A9AE-945157F65DDD}" dateTimeStampUTC="2012-10-23T20:35:02" scanGUID="{41C7DEC8-D8AC-480B-87E8-38CE2D6FD626}" quarantineLocation="C:ProgramDataPCPitstopDatQuarantine" Source="0" BufferOnly="false" threatDefinitionVersion="13658"><authorURL></authorURL><desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc><threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails><customData></customData><fixes><fix traceType="3" actionType="4" isTransient="false" dispValue="HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONRUNWRSVC 1"><originalAttributes><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONRUN"/><attr n="valueName" v="WRSVC"/><attr n="valueType" v="1"/><attr n="valueData" v="220043003A005C00500072006F006700720061006D002000460069006C00650073005C0057006500620072006F006F0074005C0057005200530041002E00650078006500220020002D0075006C000000"/></originalAttributes><quarantineAttributes><attr n="hive" v="HKEY_LOCAL_MACHINE"/><attr n="key" v="SOFTWAREWow6432NodeMICROSOFTWINDOWSCURRENTVERSIONRUN"/><attr n="valueName" v="WRSVC"/><attr n="valueType" v="0"/><attr n="valueData" v=""/></quarantineAttributes></fix><fix traceType="2" actionType="1" isTransient="false" dispValue="c:program filesWebrootWRSA.exe"><originalAttributes><attr n="path" v="c:program filesWebrootWRSA.exe"/><attr n="md5" v="F6717BACF4CBB45B4BAE206729AD3101"/></originalAttributes><quarantineAttributes><attr n="quarantineName" v="{41B2DC59-D8A1-495A-BE93-2C7CB862C86C}"/><attr n="isEncrypted" v="true"/></quarantineAttributes></fix></fixes></SBCSQuarantineRecordXML> Link to comment Share on other sites More sharing options...
Jacee Posted October 30, 2012 Share Posted October 30, 2012 Download Combofix from any of the links below, and save it to your desktop.<--Important Link 1 Link 2 Link 3 Click on this link Here to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem. Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working. This includes Antivirus, Firewall, and any Spyware scanners that run in the background. Double click combofix.exe and follow the prompts. When finished, it will produce a log for you. Note: Do not mouseclick combofix's window while its running. That may cause it to stallPlease be patient while the scan runs, at times it may appear to stall. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply After rebooting ensure your Security applications have been re-enabled. In your next reply post: ComboFix.txt ***A guide and tutorial on "How to use Combofix" can be found here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix IF CF won't run: During the download, rename Combofix.exe to sVchost.exe Link to comment Share on other sites More sharing options...
Bound4Glory Posted October 30, 2012 Author Share Posted October 30, 2012 ComboFix.txt ComboFix 12-10-30.03 - Jacobs 10/30/2012 17:24:24.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2685 [GMT -5:00] Running from: c:usersJacobsDesktopComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-30 ))))))))))))))))))))))))))))))) . . 2012-10-30 22:27 . 2012-10-30 22:27 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-10-29 21:42 . 2012-06-13 08:00 74344 ----a-w- c:windowssystem32RtNicProp64.dll 2012-10-29 21:42 . 2012-06-13 08:00 726160 ----a-w- c:windowssystem32driversRt64win7.sys 2012-10-29 16:30 . 2012-10-29 16:30 -------- d-----w- c:program files (x86)Common FilesJava 2012-10-29 16:30 . 2012-10-29 16:30 95208 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll 2012-10-28 14:03 . 2012-10-29 16:16 -------- d-----w- c:usersJacobsAppDataLocalDeployment 2012-10-28 12:54 . 2012-10-28 12:54 -------- d-----w- c:usersJacobsAppDataRoamingMalwarebytes 2012-10-28 12:52 . 2012-10-28 12:52 -------- d-----w- c:programdataMalwarebytes 2012-10-27 00:36 . 2012-10-12 07:19 9291768 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{4517B689-3E81-434D-BE0F-050E5FE33147}mpengine.dll 2012-10-24 15:10 . 2012-08-24 18:05 340992 ----a-w- c:windowssystem32schannel.dll 2012-10-24 15:10 . 2012-08-24 16:57 247808 ----a-w- c:windowsSysWow64schannel.dll 2012-10-24 15:10 . 2012-08-24 18:13 154480 ----a-w- c:windowssystem32driversksecpkg.sys 2012-10-24 15:10 . 2012-08-24 18:09 458712 ----a-w- c:windowssystem32driverscng.sys 2012-10-24 15:10 . 2012-08-24 18:04 307200 ----a-w- c:windowssystem32ncrypt.dll 2012-10-24 15:10 . 2012-08-24 16:57 220160 ----a-w- c:windowsSysWow64ncrypt.dll 2012-10-24 15:10 . 2012-08-24 18:03 1448448 ----a-w- c:windowssystem32lsasrv.dll 2012-10-24 15:10 . 2012-08-24 16:57 22016 ----a-w- c:windowsSysWow64secur32.dll 2012-10-24 15:10 . 2012-08-24 16:53 96768 ----a-w- c:windowsSysWow64sspicli.dll 2012-10-23 23:55 . 2012-10-23 23:55 -------- d-----w- c:programdata34BE82C4-E596-4e99-A191-52C6199EBF69 2012-10-16 22:34 . 2012-06-21 18:13 4065296 ----a-w- c:windowssystem32driversRTKVHD64.sys 2012-10-16 22:33 . 2012-06-21 18:13 626304 ----a-w- c:windowssystem32MBTHX64.dll 2012-10-16 22:33 . 2012-06-21 18:13 2674320 ----a-w- c:windowssystem32RtPgEx64.dll 2012-10-16 22:33 . 2012-06-21 18:13 869520 ----a-w- c:windowssystem32RtkApi64.dll 2012-10-16 22:33 . 2012-06-21 18:13 3615888 ----a-w- c:windowssystem32RtkAPO64.dll 2012-10-16 22:33 . 2012-06-21 18:13 561792 ----a-w- c:windowsSysWow64MBTHX32.dll 2012-10-16 22:33 . 2012-06-21 18:13 83072 ----a-w- c:windowssystem32MBWrp64.dll 2012-10-16 22:33 . 2012-06-21 18:13 105616 ----a-w- c:windowssystem32RCoInstII64.dll 2012-10-16 22:33 . 2012-06-21 18:13 1262696 ----a-w- c:windowssystem32RTCOM64.dll 2012-10-16 22:33 . 2012-06-21 18:13 897152 ----a-w- c:windowssystem32MBAPO64.dll 2012-10-16 22:33 . 2012-06-21 18:13 1015640 ----a-w- c:windowssystem32MaxxAudioAPOShell64.dll 2012-10-16 22:33 . 2012-06-21 18:13 2533952 ----a-w- c:windowssystem32FMAPO64.dll 2012-10-16 22:33 . 2012-06-21 18:13 753280 ----a-w- c:windowsSysWow64MBAPO32.dll 2012-10-16 19:52 . 2012-10-08 23:59 72280 ----a-w- c:windowssystem32driverssbapifs.sys 2012-10-10 13:02 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll 2012-10-10 13:02 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll 2012-10-10 13:01 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll 2012-10-10 13:01 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-29 16:30 . 2012-06-18 15:20 821736 ----a-w- c:windowsSysWow64npdeployJava1.dll 2012-10-29 16:30 . 2011-07-05 21:54 746984 ----a-w- c:windowsSysWow64deployJava1.dll 2012-10-23 12:51 . 2012-09-04 20:48 191984 ----a-w- c:windowssystem32javaws.exe 2012-10-23 12:51 . 2012-09-04 20:48 172528 ----a-w- c:windowssystem32javaw.exe 2012-10-23 12:51 . 2012-09-04 20:48 172528 ----a-w- c:windowssystem32java.exe 2012-10-23 12:51 . 2012-06-18 15:24 544240 ----a-w- c:windowssystem32npdeployJava1.dll 2012-10-23 12:51 . 2011-07-05 21:55 525808 ----a-w- c:windowssystem32deployJava1.dll 2012-10-13 16:10 . 2012-09-03 20:25 150776 ----a-w- c:windowsSysWow64WRusr.dll 2012-10-13 16:10 . 2012-09-03 20:25 110672 ----a-w- c:windowssystem32driversWRkrn.sys 2012-10-13 16:10 . 2012-09-03 20:25 103408 ----a-w- c:windowssystem32WRusr.dll 2012-10-10 13:05 . 2011-09-21 22:10 65309168 ----a-w- c:windowssystem32MRT.exe 2012-10-10 12:59 . 2012-04-16 14:24 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-10-10 12:59 . 2011-10-03 13:33 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-09-18 19:59 . 2012-07-30 14:23 461464 ----a-w- c:programdataMicrosoftClickToRun{9AC08E99-230B-47e8-9721-4577B7F124EA}integrator.exe 2012-08-24 11:15 . 2012-09-26 14:21 17810944 ----a-w- c:windowssystem32mshtml.dll 2012-08-24 10:39 . 2012-09-26 14:21 10925568 ----a-w- c:windowssystem32ieframe.dll 2012-08-24 10:31 . 2012-09-26 14:21 2312704 ----a-w- c:windowssystem32jscript9.dll 2012-08-24 10:22 . 2012-09-26 14:21 1346048 ----a-w- c:windowssystem32urlmon.dll 2012-08-24 10:21 . 2012-09-26 14:21 1392128 ----a-w- c:windowssystem32wininet.dll 2012-08-24 10:20 . 2012-09-26 14:21 1494528 ----a-w- c:windowssystem32inetcpl.cpl 2012-08-24 10:18 . 2012-09-26 14:21 237056 ----a-w- c:windowssystem32url.dll 2012-08-24 10:17 . 2012-09-26 14:21 85504 ----a-w- c:windowssystem32jsproxy.dll 2012-08-24 10:14 . 2012-09-26 14:21 173056 ----a-w- c:windowssystem32ieUnatt.exe 2012-08-24 10:14 . 2012-09-26 14:21 816640 ----a-w- c:windowssystem32jscript.dll 2012-08-24 10:13 . 2012-09-26 14:21 599040 ----a-w- c:windowssystem32vbscript.dll 2012-08-24 10:12 . 2012-09-26 14:21 2144768 ----a-w- c:windowssystem32iertutil.dll 2012-08-24 10:11 . 2012-09-26 14:21 729088 ----a-w- c:windowssystem32msfeeds.dll 2012-08-24 10:10 . 2012-09-26 14:21 96768 ----a-w- c:windowssystem32mshtmled.dll 2012-08-24 10:09 . 2012-09-26 14:21 2382848 ----a-w- c:windowssystem32mshtml.tlb 2012-08-24 10:04 . 2012-09-26 14:21 248320 ----a-w- c:windowssystem32ieui.dll 2012-08-24 06:59 . 2012-09-26 14:21 1800704 ----a-w- c:windowsSysWow64jscript9.dll 2012-08-24 06:51 . 2012-09-26 14:21 1129472 ----a-w- c:windowsSysWow64wininet.dll 2012-08-24 06:51 . 2012-09-26 14:21 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl 2012-08-24 06:47 . 2012-09-26 14:21 142848 ----a-w- c:windowsSysWow64ieUnatt.exe 2012-08-24 06:47 . 2012-09-26 14:21 420864 ----a-w- c:windowsSysWow64vbscript.dll 2012-08-24 06:43 . 2012-09-26 14:21 2382848 ----a-w- c:windowsSysWow64mshtml.tlb 2012-08-22 18:12 . 2012-09-18 15:30 1913200 ----a-w- c:windowssystem32driverstcpip.sys 2012-08-22 18:12 . 2012-09-18 15:30 950128 ----a-w- c:windowssystem32driversndis.sys 2012-08-22 18:12 . 2012-09-18 15:30 376688 ----a-w- c:windowssystem32driversnetio.sys 2012-08-22 18:12 . 2012-09-18 15:30 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 14:20 245760 ----a-w- c:windowssystem32OxpsConverter.exe 2012-08-21 18:01 . 2012-09-18 15:40 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys 2012-08-21 18:01 . 2011-09-28 00:12 125872 ----a-w- c:windowssystem32GEARAspi64.dll 2012-08-21 18:01 . 2011-09-28 00:12 106928 ----a-w- c:windowsSysWow64GEARAspi.dll 2012-08-20 17:38 . 2012-10-10 13:03 44032 ----a-w- c:windowsapppatchacwow64.dll 2012-08-02 17:58 . 2012-09-18 15:30 574464 ----a-w- c:windowssystem32d3d10level9.dll 2012-08-02 16:57 . 2012-09-18 15:30 490496 ----a-w- c:windowsSysWow64d3d10level9.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOTCLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-30 14:38 208608 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525SkyDriveShell.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOTCLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-30 14:38 208608 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525SkyDriveShell.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOTCLSID{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-30 14:38 208608 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525SkyDriveShell.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-09-23 13:43 2042528 ----a-w- c:program filesMicrosoft Office 15rootoffice15grooveex.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-09-23 13:43 2042528 ----a-w- c:program filesMicrosoft Office 15rootoffice15grooveex.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-09-23 13:43 2042528 ----a-w- c:program filesMicrosoft Office 15rootoffice15grooveex.dll . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "RoxWatchTray"="c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe" [2010-11-25 240112] "IAStorIcon"="c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe" [2010-03-04 284696] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280] "Desktop Disc Tool"="c:program files (x86)RoxioOEMRoxio BurnRoxioBurnLauncher.exe" [2010-11-17 514544] "Info Center"="c:program files (x86)PCPitstopInfo CenterInfoCenter.exe" [2012-05-16 26816] "PC MaticRT"="c:program files (x86)PCPitstopPC MaticRTPCMaticRT.exe" [2012-10-09 1518080] "WRSVC"="c:program filesWebrootWRSA.exe" [2012-10-13 726536] . c:programdataMicrosoftWindowsStart MenuProgramsStartup HP Digital Imaging Monitor.lnk - c:program files (x86)HPDigital Imagingbinhpqtra08.exe [2009-11-18 275072] Secunia PSI Tray.lnk - c:program files (x86)SecuniaPSIpsi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 WRSVC;WRSVC;c:program filesWebrootWRSA.exe [2012-10-13 726536] R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-10-10 250808] R3 GamesAppService;GamesAppService;c:program files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072] R3 osppsvc;Office Software Protection Platform;c:program filesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE [2012-07-22 5132888] R3 PCPitstop Scheduling;PCPitstop Scheduling;c:program files (x86)PCPitstopPCPitstopScheduleService.exe [2012-05-16 91848] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RoxWatch12;Roxio Hard Drive Watcher 12;c:program files (x86)Common FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [2010-11-25 219632] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-09-21 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856] S0 WRkrn;WRkrn;c:windowsSystem32driversWRkrn.sys [2012-10-13 110672] S2 cvhsvc;Client Virtualization Handler;c:program files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.EXE [2012-01-04 822624] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2010-03-04 13336] S2 OfficeSvc;Microsoft Office Service;c:program filesMicrosoft Office 15ClientX64integratedoffice.exe [2012-09-11 1494144] S2 PCPitstop Realtime;PCPitstop Realtime;c:program files (x86)PCPitstopPC MaticRTPCPitstopRTService.exe [2012-10-09 3828736] S2 sbapifs;sbapifs;c:windowssystem32DRIVERSsbapifs.sys [2012-10-08 72280] S2 Secunia PSI Agent;Secunia PSI Agent;c:program files (x86)SecuniaPSIPSIA.exe [2011-10-14 994360] S2 sftlist;Application Virtualization Client;c:program files (x86)Microsoft Application Virtualization Clientsftlist.exe [2011-10-01 508776] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:windowssystem32driversIntcHdmi.sys [2009-05-26 138752] S3 PSI;PSI;c:windowssystem32DRIVERSpsi_mf.sys [2010-09-01 17976] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2012-06-13 726160] S3 Secunia Update Agent;Secunia Update Agent;c:program files (x86)SecuniaPSIsua.exe [2011-10-14 399416] S3 Sftfs;Sftfs;c:windowssystem32DRIVERSSftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:windowssystem32DRIVERSSftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:windowssystem32DRIVERSSftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:windowssystem32DRIVERSSftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:program files (x86)Microsoft Application Virtualization Clientsftvsa.exe [2011-10-01 219496] . . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-10-30 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-16 13:00] . 2012-10-30 c:windowsTasksHP Photo Creations Communicator.job - c:programdataHP Photo CreationsCommunicator.exe [2012-06-18 16:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOTCLSID{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-30 14:38 232672 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525amd64SkyDriveShell64.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOTCLSID{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-30 14:38 232672 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525amd64SkyDriveShell64.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOTCLSID{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-30 14:38 232672 ----a-w- c:usersJacobsAppDataLocalMicrosoftSkyDrive16.4.4111.0525amd64SkyDriveShell64.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2012-09-23 13:44 2860192 ----a-w- c:program filesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2012-09-23 13:44 2860192 ----a-w- c:program filesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2012-09-23 13:44 2860192 ----a-w- c:program filesMicrosoft Office 15rootvfsProgramFilesX64Microsoft OfficeOffice15GROOVEEX.DLL . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RtHDVCpl"="c:program filesRealtekAudioHDARAVCpl64.exe" [2012-06-21 12503184] "IgfxTray"="c:windowssystem32igfxtray.exe" [2011-02-12 162328] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.blueletterbible.org/ mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:program filesMicrosoft Office 15RootOffice15EXCEL.EXE/3000 IE: Se&nd to OneNote - c:program filesMicrosoft Office 15RootOffice15ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:program filesMicrosoft Office 15rootoffice15msosb.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-DellStage - c:program files (x86)Dell StageDell Stagestage_primary.exe AddRemove-WT089446 - c:program files (x86)WildTangentDell GamesWedding Dash - Ready . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREMcAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane30] "Key"="ActionsPane3" "Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-10-30 17:28:24 ComboFix-quarantined-files.txt 2012-10-30 22:28 . Pre-Run: 903,948,451,840 bytes free Post-Run: 903,564,660,736 bytes free . - - End Of File - - D53A574F6B1B2430190B4C90FF08D77F Link to comment Share on other sites More sharing options...
Jacee Posted October 31, 2012 Share Posted October 31, 2012 Is this your home page? hxxp://www.blueletterbible.org/ Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.changelog.fr/SecurityCheck.exe Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt. Please post the contents of that document. Link to comment Share on other sites More sharing options...
Bound4Glory Posted November 1, 2012 Author Share Posted November 1, 2012 Yes, http://www.blueletterbible.org/ is my homepage, not sure why it shows up as "hxxp" ?? Thank you again for your help, your requested results are below. I'll be working until the evening the rest of the week. Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Webroot SecureAnywhere Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (2.0.0.4003) Java 6 Update 33 Java 7 Update 9 Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to comment Share on other sites More sharing options...
Jacee Posted November 1, 2012 Share Posted November 1, 2012 Download JavaRa to remove all old Java http://singularlabs.com/software/javara/ Next, download AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ 1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application. 2.Click on Delete button. 3.Confirm each time with OK. 4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply. Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number. Link to comment Share on other sites More sharing options...
Bound4Glory Posted November 2, 2012 Author Share Posted November 2, 2012 I tried removing all older versions of JRE with JavaRa but when I run it to uninstall version 6 it says "This action is only valid for products that are currently installed" Also, only java 7 shows up in my control panel as a program that could be uninstalled. Here's the AdwCleaner... # AdwCleaner v2.006 - Logfile created 11/01/2012 at 19:55:36 # Updated 30/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Jacobs - JACOBS-PC # Boot Mode : Normal # Running from : C:UsersJacobsDesktopAdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCUSoftwareAppDataLowSoftware ***** [internet Browsers] ***** - Internet Explorer v9.0.8112.16421 [OK] Registry is clean. ************************* AdwCleaner[s1].txt - [567 octets] - [01/11/2012 19:55:36] ########## EOF - C:AdwCleaner[s1].txt - [626 octets] ########## Link to comment Share on other sites More sharing options...
Jacee Posted November 2, 2012 Share Posted November 2, 2012 It looks to me like you are getting a 'false/positive' report from PC Matic ... it may be detecting Webroot's virus definitions. Running two anti-virus programs (at the same time) will cause problems. They are resource hogs and will fight each other for your system's resources, as well may fight each other's definitions. Uninstall Combofix: Click on the Start button and then select Run from the menu. This will open up the Run box. Copy/Paste combofix /uninstall (Please note that there is a space between combofix and /uninstall), click on the OK button or Enter on your keyboard. You can now delete the ComboFix.exe program from your computer For Vista / Windows 7 Click START Search Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there. After doing the above, download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop. Save any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean. Link to comment Share on other sites More sharing options...
Bound4Glory Posted November 3, 2012 Author Share Posted November 3, 2012 I've completed your requests. Thank you for all your help! Webroot's virus definitions are stored in "the cloud" and uses very little CPU and resources but I guess that could still be the problem. It could very well be the problem because it seems I started having this problem within a month of installing Webroot if I recall correctly. I will try and shutdown Webroot protection and run another PC Matic scan to see if anything changes. I will have to wait untill tomorrow to complete that. Please let me know if there is anything else I need to do, thanks again! Link to comment Share on other sites More sharing options...
Jacee Posted November 4, 2012 Share Posted November 4, 2012 Please, just give me the Combofix log I asked for, above your last post Link to comment Share on other sites More sharing options...
Bound4Glory Posted November 4, 2012 Author Share Posted November 4, 2012 I appologize, I believe you wanted me to un-install Combofix which I did, then downloaded and ran TFC as you requested and rebooted. I ran TFC again and it looked like it cleaned up because it was showing zero bites in the files as it was cleaning the 2nd time. There were no logfiles generated. Would you like me to re-install Combofix and run it? Link to comment Share on other sites More sharing options...
Jacee Posted November 4, 2012 Share Posted November 4, 2012 Ooops, sorry about that ... no I got lost ... too many forums! It appears to me that your computer is clean. Link to comment Share on other sites More sharing options...
Bound4Glory Posted November 5, 2012 Author Share Posted November 5, 2012 Thanks again. I appreciate your help! Link to comment Share on other sites More sharing options...
Jacee Posted November 5, 2012 Share Posted November 5, 2012 Please create a fresh/new restore point... http://www.guidingtech.com/3960/manually-create-system-restore-point-windows-7/ Link to comment Share on other sites More sharing options...
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts