Hi,
MWB blocking 2 Outbound IPs--88.214.193.212 and 185.48.58.8. Have tried another forum--very responsive and helpful but kept recommending the same fix (FRST scan, fixlist--one ran 18 hours before I stopped it, the second ran 8 hours, the third fixlist ran almost instantaneously, but the outbounds appeared immediately after rebooting. I've copied the files from MWB and DDS here. Thanks.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/25/2014
Scan Time: 9:54:57 AM
Logfile: MWB report.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.25.04
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Randy
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392051
Time Elapsed: 12 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.71.2
Run by Randy at 10:16:16 on 2014-10-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.1959 [GMT -7:00]
.
AV: Norton AntiVirus *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\Randy\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe
C:\Users\Randy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Windows\SysWOW64\vsnapvss.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uSearch Bar = Preserve
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\ips\ipsbho.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [Amazon Music] "C:\Users\Randy\AppData\Local\Amazon Music\Amazon Music Helper.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Randy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Randy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VISTAF~1.LNK - C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{82F628B6-6BC0-4217-839F-2C7C7749848C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E5E51F12-D9A0-4EBE-ABBE-EA8EF6D5DC23} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-11 55856]
R0 stcvsm;StorageCraft Volume Snapshot Driver;C:\Windows\System32\drivers\stcvsm.sys [2012-3-1 276264]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1506000.020\symds64.sys [2014-9-22 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1506000.020\symefa64.sys [2014-9-22 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [2014-10-20 1587416]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1506000.020\ccsetx64.sys [2014-9-22 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07060.00F\ccsetx64.sys [2014-8-7 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSviA64.sys [2014-10-24 633560]
R1 sbmount;StorageCraft Image Mount Driver;C:\Windows\System32\drivers\sbmount.sys [2012-3-1 116008]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\ironx64.sys [2014-9-22 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\symnets.sys [2014-9-22 593112]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-11-12 222720]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-8-10 32336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-3-11 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-22 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-22 968504]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe [2014-9-22 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe [2014-8-7 130104]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-21 1153368]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-11 1692480]
R2 ShadowProtectSvc;ShadowProtect Service;C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [2012-3-1 3644200]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;C:\Windows\SysWOW64\vsnapvss.exe [2012-3-1 72488]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-10 142640]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-11 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-22 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-22 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-22 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-11 539240]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-10-25 04:19:32 -------- d-----w- C:\Users\Randy\AppData\Local\{E0089834-1CF4-48E9-B981-A9390326B5CE}
2014-10-24 22:57:05 -------- d-----w- C:\NPE
2014-10-24 22:53:09 -------- d-----w- C:\Users\Randy\AppData\Local\NPE
2014-10-24 15:24:38 -------- d-----w- C:\Users\Randy\AppData\Local\{05BE08DD-3117-43C4-92F6-6D4CF7DF5FD4}
2014-10-24 03:24:11 -------- d-----w- C:\Users\Randy\AppData\Local\{DC8D1379-18EC-447B-AE94-CBEA44CBC2BA}
2014-10-23 13:57:29 -------- d-----w- C:\Users\Randy\AppData\Local\{6DB8D4CA-9C20-47AC-9B36-2285E09FEAA4}
2014-10-22 18:23:44 -------- d-----w- C:\FRST
2014-10-22 16:50:13 -------- d-----w- C:\Users\Randy\AppData\Local\{46C41A12-C91B-4FC4-9A2A-92CC79888122}
2014-10-22 14:47:42 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-22 14:47:23 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-22 14:47:23 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-22 14:47:23 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-22 14:47:23 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-22 14:47:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 22:47:22 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 18:03:12 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 13:30:42 -------- d-----w- C:\Users\Randy\AppData\Local\{83702692-4889-4378-A801-140783750DDF}
2014-10-20 16:49:37 -------- d-----w- C:\Users\Randy\AppData\Local\{0A33F72A-2FA6-42B6-B942-90CF7B053334}
2014-10-20 14:27:17 -------- d-----w- C:\Windows\ERUNT
2014-10-19 18:54:53 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-19 13:28:19 -------- d-----w- C:\Users\Randy\AppData\Local\{38324683-D829-4FD7-BCD1-9E4A414F1AFB}
2014-10-18 19:21:10 -------- d-----w- C:\Users\Randy\AppData\Local\{2AA0AD63-993A-4354-90D1-0CC540CF4F07}
2014-10-18 03:14:57 -------- d-----w- C:\Users\Randy\AppData\Local\{44A9C6B7-60D8-4F73-B3A8-784DA07E1681}
2014-10-17 14:18:40 -------- d-----w- C:\Users\Randy\AppData\Local\{34BA02EF-E93B-4FA6-A5A1-96CEE7B7226A}
2014-10-16 17:30:39 -------- d-----w- C:\Users\Randy\AppData\Local\{D7634700-EAC8-4F74-AD04-AC36FB42C570}
2014-10-16 05:10:17 -------- d-----w- C:\Users\Randy\AppData\Local\{899912E6-715D-49A3-B1DF-3BF6A8171AD0}
2014-10-15 14:13:40 -------- d-----w- C:\Users\Randy\AppData\Local\{52487020-6234-4203-96B2-0D81B57F99FF}
2014-10-15 08:44:59 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-15 01:17:11 -------- d-----w- C:\Users\Randy\AppData\Local\{6DCFA82A-C103-498F-920F-B9A39EE9E283}
2014-10-14 12:33:34 -------- d-----w- C:\Users\Randy\AppData\Local\{F7B8C095-863E-43D9-815C-57BDCBA9C9FA}
2014-10-13 17:19:27 -------- d-----w- C:\Users\Randy\AppData\Local\{2B9679A5-98DB-4631-A166-BF04A17C870B}
2014-10-13 04:11:09 -------- d-----w- C:\Users\Randy\AppData\Local\{E1E3EFFD-40FA-46E2-B91B-58C8D5451A40}
2014-10-12 16:10:57 -------- d-----w- C:\Users\Randy\AppData\Local\{0AF1B657-2950-4809-BD23-99A85312C0A0}
2014-10-12 03:18:21 -------- d-----w- C:\Users\Randy\AppData\Local\{4D368A6D-E369-49E4-9B9C-7F9D807C7A29}
2014-10-11 15:17:52 -------- d-----w- C:\Users\Randy\AppData\Local\{101F753F-697B-4CCD-A318-5734CC06FC51}
2014-10-10 17:18:44 -------- d-----w- C:\Users\Randy\AppData\Local\{87E694AC-3185-4354-B12A-D99DAE690351}
2014-10-10 04:59:26 -------- d-----w- C:\Users\Randy\AppData\Local\{73DD3D0C-B967-407E-A2C3-2ED123F23512}
2014-10-09 16:57:51 -------- d-----w- C:\Users\Randy\AppData\Local\{25BA1DC0-C82C-454F-BA4B-B1A0FBBA6AC7}
2014-10-09 04:55:33 -------- d-----w- C:\Users\Randy\AppData\Local\{9EA70135-D544-4942-ABA8-3907B562E81A}
2014-10-08 13:20:02 -------- d-----w- C:\Users\Randy\AppData\Local\{B46910DB-0AA9-452E-9D35-B209731F87E0}
2014-10-07 16:42:16 -------- d-----w- C:\Users\Randy\AppData\Local\{EB4E7FE3-10B4-47A1-ABA6-8BC1EC86F5A0}
2014-10-07 04:41:51 -------- d-----w- C:\Users\Randy\AppData\Local\{2D257203-0C2A-415E-BA3A-F8C5B3FD5946}
2014-10-06 14:03:11 -------- d-----w- C:\Users\Randy\AppData\Local\{71A26051-B731-4B9B-B12D-F7E74579A7D4}
2014-10-06 04:54:36 -------- d-----w- C:\Users\Randy\AppData\Local\{227E348D-56CC-47C2-A483-D6163FBDCCAB}
2014-10-05 14:27:14 -------- d-----w- C:\Users\Randy\AppData\Local\{8C1CFBA1-DB4B-4275-95AA-2D6F98B43098}
2014-10-04 13:43:40 -------- d-----w- C:\Users\Randy\AppData\Local\{6C781C95-9A68-4EAE-AD8E-EEEEB2A3D7E8}
2014-10-03 14:28:37 -------- d-----w- C:\Users\Randy\AppData\Local\{9309C11A-4705-4FE5-BDF8-C05AEE44E550}
2014-10-02 14:06:17 -------- d-----w- C:\Users\Randy\AppData\Local\{7D91DE0F-F186-44D2-BDEB-37A6E993B9B6}
2014-10-01 16:55:00 -------- d-----w- C:\Users\Randy\AppData\Local\{29DE458A-55F5-4742-838B-79CE6248ED22}
2014-10-01 04:18:44 -------- d-----w- C:\Users\Randy\AppData\Local\{E10B353A-3C2B-4322-A588-14CA7B966B10}
2014-09-30 21:01:28 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 21:01:28 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-30 16:18:19 -------- d-----w- C:\Users\Randy\AppData\Local\{89096505-A585-489C-A622-E3B0147A9188}
2014-09-30 04:17:53 -------- d-----w- C:\Users\Randy\AppData\Local\{2BDDCD97-B7DB-4ECE-BF89-F2B135896EF6}
2014-09-29 15:38:44 -------- d-----w- C:\Users\Randy\AppData\Local\{F0D7A611-A35D-4A85-8391-FEE70C60EAFB}
2014-09-29 03:38:18 -------- d-----w- C:\Users\Randy\AppData\Local\{A56887FA-082B-40F7-A081-335A0004655A}
2014-09-28 14:40:20 -------- d-----w- C:\Users\Randy\AppData\Local\{1EC0FEE6-67FC-4200-9B81-2B7C0236A46C}
2014-09-27 14:06:59 -------- d-----w- C:\Users\Randy\AppData\Local\{1561B84D-02D3-49A4-BA45-5C88F4621511}
2014-09-26 16:12:23 -------- d-----w- C:\Users\Randy\AppData\Local\{81EF5047-A7C1-4E95-A5F0-583C19A7DC50}
2014-09-26 03:19:30 -------- d-----w- C:\Users\Randy\AppData\Local\{F4CB1D93-1549-4DA6-9DDC-A70248A5DC9B}
.
==================== Find3M ====================
.
2014-10-24 04:52:22 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-24 04:52:22 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-23 14:17:04 107392 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-10-23 14:16:59 35688 ----a-w- C:\Windows\System32\LMIport.dll
2014-10-23 14:16:58 92520 ----a-w- C:\Windows\System32\LMIinit.dll
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-06 19:48:16 266968 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\ironx64.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-28 21:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 21:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 10:17:28.20 ===============
MWB blocking 2 Outbound IPs--88.214.193.212 and 185.48.58.8. Have tried another forum--very responsive and helpful but kept recommending the same fix (FRST scan, fixlist--one ran 18 hours before I stopped it, the second ran 8 hours, the third fixlist ran almost instantaneously, but the outbounds appeared immediately after rebooting. I've copied the files from MWB and DDS here. Thanks.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/25/2014
Scan Time: 9:54:57 AM
Logfile: MWB report.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.25.04
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Randy
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392051
Time Elapsed: 12 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.71.2
Run by Randy at 10:16:16 on 2014-10-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.1959 [GMT -7:00]
.
AV: Norton AntiVirus *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Users\Randy\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe
C:\Users\Randy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Windows\SysWOW64\vsnapvss.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
uSearch Bar = Preserve
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\ips\ipsbho.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [Amazon Music] "C:\Users\Randy\AppData\Local\Amazon Music\Amazon Music Helper.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Randy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Randy\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VISTAF~1.LNK - C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{82F628B6-6BC0-4217-839F-2C7C7749848C} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E5E51F12-D9A0-4EBE-ABBE-EA8EF6D5DC23} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.6.15\coieplg.dll
x64-TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-11 55856]
R0 stcvsm;StorageCraft Volume Snapshot Driver;C:\Windows\System32\drivers\stcvsm.sys [2012-3-1 276264]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1506000.020\symds64.sys [2014-9-22 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1506000.020\symefa64.sys [2014-9-22 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [2014-10-20 1587416]
R1 ccSet_NAV;NAV Settings Manager;C:\Windows\System32\drivers\NAVx64\1506000.020\ccsetx64.sys [2014-9-22 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07060.00F\ccsetx64.sys [2014-8-7 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSviA64.sys [2014-10-24 633560]
R1 sbmount;StorageCraft Image Mount Driver;C:\Windows\System32\drivers\sbmount.sys [2012-3-1 116008]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\ironx64.sys [2014-9-22 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1506000.020\symnets.sys [2014-9-22 593112]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-11-12 222720]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-8-10 32336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-3-11 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-22 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-22 968504]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe [2014-9-22 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\nst.exe [2014-8-7 130104]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-21 1153368]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-11 1692480]
R2 ShadowProtectSvc;ShadowProtect Service;C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [2012-3-1 3644200]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;C:\Windows\SysWOW64\vsnapvss.exe [2012-3-1 72488]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-10 142640]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-11 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-22 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-22 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-22 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-11 539240]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-10-25 04:19:32 -------- d-----w- C:\Users\Randy\AppData\Local\{E0089834-1CF4-48E9-B981-A9390326B5CE}
2014-10-24 22:57:05 -------- d-----w- C:\NPE
2014-10-24 22:53:09 -------- d-----w- C:\Users\Randy\AppData\Local\NPE
2014-10-24 15:24:38 -------- d-----w- C:\Users\Randy\AppData\Local\{05BE08DD-3117-43C4-92F6-6D4CF7DF5FD4}
2014-10-24 03:24:11 -------- d-----w- C:\Users\Randy\AppData\Local\{DC8D1379-18EC-447B-AE94-CBEA44CBC2BA}
2014-10-23 13:57:29 -------- d-----w- C:\Users\Randy\AppData\Local\{6DB8D4CA-9C20-47AC-9B36-2285E09FEAA4}
2014-10-22 18:23:44 -------- d-----w- C:\FRST
2014-10-22 16:50:13 -------- d-----w- C:\Users\Randy\AppData\Local\{46C41A12-C91B-4FC4-9A2A-92CC79888122}
2014-10-22 14:47:42 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-22 14:47:23 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-22 14:47:23 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-22 14:47:23 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-22 14:47:23 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-22 14:47:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 22:47:22 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 18:03:12 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-21 13:30:42 -------- d-----w- C:\Users\Randy\AppData\Local\{83702692-4889-4378-A801-140783750DDF}
2014-10-20 16:49:37 -------- d-----w- C:\Users\Randy\AppData\Local\{0A33F72A-2FA6-42B6-B942-90CF7B053334}
2014-10-20 14:27:17 -------- d-----w- C:\Windows\ERUNT
2014-10-19 18:54:53 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-19 13:28:19 -------- d-----w- C:\Users\Randy\AppData\Local\{38324683-D829-4FD7-BCD1-9E4A414F1AFB}
2014-10-18 19:21:10 -------- d-----w- C:\Users\Randy\AppData\Local\{2AA0AD63-993A-4354-90D1-0CC540CF4F07}
2014-10-18 03:14:57 -------- d-----w- C:\Users\Randy\AppData\Local\{44A9C6B7-60D8-4F73-B3A8-784DA07E1681}
2014-10-17 14:18:40 -------- d-----w- C:\Users\Randy\AppData\Local\{34BA02EF-E93B-4FA6-A5A1-96CEE7B7226A}
2014-10-16 17:30:39 -------- d-----w- C:\Users\Randy\AppData\Local\{D7634700-EAC8-4F74-AD04-AC36FB42C570}
2014-10-16 05:10:17 -------- d-----w- C:\Users\Randy\AppData\Local\{899912E6-715D-49A3-B1DF-3BF6A8171AD0}
2014-10-15 14:13:40 -------- d-----w- C:\Users\Randy\AppData\Local\{52487020-6234-4203-96B2-0D81B57F99FF}
2014-10-15 08:44:59 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-15 01:17:11 -------- d-----w- C:\Users\Randy\AppData\Local\{6DCFA82A-C103-498F-920F-B9A39EE9E283}
2014-10-14 12:33:34 -------- d-----w- C:\Users\Randy\AppData\Local\{F7B8C095-863E-43D9-815C-57BDCBA9C9FA}
2014-10-13 17:19:27 -------- d-----w- C:\Users\Randy\AppData\Local\{2B9679A5-98DB-4631-A166-BF04A17C870B}
2014-10-13 04:11:09 -------- d-----w- C:\Users\Randy\AppData\Local\{E1E3EFFD-40FA-46E2-B91B-58C8D5451A40}
2014-10-12 16:10:57 -------- d-----w- C:\Users\Randy\AppData\Local\{0AF1B657-2950-4809-BD23-99A85312C0A0}
2014-10-12 03:18:21 -------- d-----w- C:\Users\Randy\AppData\Local\{4D368A6D-E369-49E4-9B9C-7F9D807C7A29}
2014-10-11 15:17:52 -------- d-----w- C:\Users\Randy\AppData\Local\{101F753F-697B-4CCD-A318-5734CC06FC51}
2014-10-10 17:18:44 -------- d-----w- C:\Users\Randy\AppData\Local\{87E694AC-3185-4354-B12A-D99DAE690351}
2014-10-10 04:59:26 -------- d-----w- C:\Users\Randy\AppData\Local\{73DD3D0C-B967-407E-A2C3-2ED123F23512}
2014-10-09 16:57:51 -------- d-----w- C:\Users\Randy\AppData\Local\{25BA1DC0-C82C-454F-BA4B-B1A0FBBA6AC7}
2014-10-09 04:55:33 -------- d-----w- C:\Users\Randy\AppData\Local\{9EA70135-D544-4942-ABA8-3907B562E81A}
2014-10-08 13:20:02 -------- d-----w- C:\Users\Randy\AppData\Local\{B46910DB-0AA9-452E-9D35-B209731F87E0}
2014-10-07 16:42:16 -------- d-----w- C:\Users\Randy\AppData\Local\{EB4E7FE3-10B4-47A1-ABA6-8BC1EC86F5A0}
2014-10-07 04:41:51 -------- d-----w- C:\Users\Randy\AppData\Local\{2D257203-0C2A-415E-BA3A-F8C5B3FD5946}
2014-10-06 14:03:11 -------- d-----w- C:\Users\Randy\AppData\Local\{71A26051-B731-4B9B-B12D-F7E74579A7D4}
2014-10-06 04:54:36 -------- d-----w- C:\Users\Randy\AppData\Local\{227E348D-56CC-47C2-A483-D6163FBDCCAB}
2014-10-05 14:27:14 -------- d-----w- C:\Users\Randy\AppData\Local\{8C1CFBA1-DB4B-4275-95AA-2D6F98B43098}
2014-10-04 13:43:40 -------- d-----w- C:\Users\Randy\AppData\Local\{6C781C95-9A68-4EAE-AD8E-EEEEB2A3D7E8}
2014-10-03 14:28:37 -------- d-----w- C:\Users\Randy\AppData\Local\{9309C11A-4705-4FE5-BDF8-C05AEE44E550}
2014-10-02 14:06:17 -------- d-----w- C:\Users\Randy\AppData\Local\{7D91DE0F-F186-44D2-BDEB-37A6E993B9B6}
2014-10-01 16:55:00 -------- d-----w- C:\Users\Randy\AppData\Local\{29DE458A-55F5-4742-838B-79CE6248ED22}
2014-10-01 04:18:44 -------- d-----w- C:\Users\Randy\AppData\Local\{E10B353A-3C2B-4322-A588-14CA7B966B10}
2014-09-30 21:01:28 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 21:01:28 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-30 16:18:19 -------- d-----w- C:\Users\Randy\AppData\Local\{89096505-A585-489C-A622-E3B0147A9188}
2014-09-30 04:17:53 -------- d-----w- C:\Users\Randy\AppData\Local\{2BDDCD97-B7DB-4ECE-BF89-F2B135896EF6}
2014-09-29 15:38:44 -------- d-----w- C:\Users\Randy\AppData\Local\{F0D7A611-A35D-4A85-8391-FEE70C60EAFB}
2014-09-29 03:38:18 -------- d-----w- C:\Users\Randy\AppData\Local\{A56887FA-082B-40F7-A081-335A0004655A}
2014-09-28 14:40:20 -------- d-----w- C:\Users\Randy\AppData\Local\{1EC0FEE6-67FC-4200-9B81-2B7C0236A46C}
2014-09-27 14:06:59 -------- d-----w- C:\Users\Randy\AppData\Local\{1561B84D-02D3-49A4-BA45-5C88F4621511}
2014-09-26 16:12:23 -------- d-----w- C:\Users\Randy\AppData\Local\{81EF5047-A7C1-4E95-A5F0-583C19A7DC50}
2014-09-26 03:19:30 -------- d-----w- C:\Users\Randy\AppData\Local\{F4CB1D93-1549-4DA6-9DDC-A70248A5DC9B}
.
==================== Find3M ====================
.
2014-10-24 04:52:22 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-24 04:52:22 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-23 14:17:04 107392 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-10-23 14:16:59 35688 ----a-w- C:\Windows\System32\LMIport.dll
2014-10-23 14:16:58 92520 ----a-w- C:\Windows\System32\LMIinit.dll
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-06 19:48:16 266968 ----a-w- C:\Windows\System32\drivers\NAVx64\1506000.020\ironx64.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-28 21:52:00 6112072 ----a-w- C:\Windows\System32\usbaaplrc.dll
2014-07-28 21:52:00 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 10:17:28.20 ===============