Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run as Admin, guessing rootkit or the like


  • This topic is locked This topic is locked
23 replies to this topic

#1 adam67

adam67

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 11 April 2014 - 01:04 PM

Hello,

Thank you for taking a look. Logs below!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2014
Ran by Van (administrator) on VAN-PC on 11-04-2014 10:44:56
Running from C:\Users\Van\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF0RWIXJ
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\system32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
() C:\Program Files\Progressive Insurance\Progressive Policy Downloader\SCHEDSRV.exe
(Progressive Casualty Insurance, Inc) C:\Program Files\Progressive Insurance\Progressive Policy Downloader\schedmon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intuit Inc. All rights reserved.) C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2014\QBDBMgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [picon] - C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe [104960 2010-02-18] ()
HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)
HKLM\...\Run: [USCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [EncMov32] - %ProgramFiles (x86)%\EncmpassInsurance\Encompass Optimization Install\EncompassMove.exe
HKLM\...\Run: [EncMove] - C:\Program Files\EncompassInsurance\Encompass Optimization Install\EncompassMove.exe [36864 2009-09-03] (Microsoft)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM\...\Run: [AlreadyRebooted] - TRUE
HKLM\...\Run: [Progressive Scheduler] - C:\Program Files\Progressive Insurance\Progressive Policy Downloader\schedsrv.exe [196608 2007-05-10] ()
HKLM\...\Run: [Progressive Scheduler Monitor] - C:\Program Files\Progressive Insurance\Progressive Policy Downloader\schedmon.exe [21504 2007-05-11] (Progressive Casualty Insurance, Inc)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [ScrewDrivers RDP Plugin] - C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [46448 2013-09-13] ()
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM\...\RunOnce: [DBRMTray] - C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\917\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [Aim] - C:\Program Files\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [Google Update] - C:\Users\Van\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-10-26] (Google Inc.)
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.)
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [rymxuw] - regsvr32.exe "C:\ProgramData\rymxuw.dat"
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Van\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_Url = http://www.yahoo.com/?fr=fp-yie8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4DEB62883D6FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
URLSearchHook: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
SearchScopes: HKCU - {0DD2CDD3-A1CC-4F7A-AF60-BE7DB8CE0B34} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask.com/redirect?client=ie&tb=DGY&o=&src=crm&q={searchTerms}&locale=
SearchScopes: HKCU - {2DE777E8-F4D7-4A1D-A088-B4D1AB730878} URL = http://search1.brandthunder.com/?q={searchTerms}&tid={tid?}
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {5C7A731B-1D17-4EDE-A051-76BD91A2C857} URL =
SearchScopes: HKCU - {653C81F1-DAEF-4E0E-B5F3-8329ECFAFEB3} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {B3271B92-D943-4374-8BC1-4A5D20A8A535} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {CD90E066-8409-45B4-82A1-8D02FB156582} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13053&gct=&gc=1&q={searchTerms}&crm=1
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Radio TV 1.4 Toolbar - {F7E4B48A-9940-48D8-A732-246A2FDB7B40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://quicksilver.mercuryinsurance.com/engine/isetup.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://updates.mercuryinsurance.com/PP14.1.7_HO14.0.16_CO3.2.16/setup.exe
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://chubb.webex.com/client/T27L10NSP25/nbr/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

========================== Services (Whitelisted) =================

R2 atashost; C:\Windows\system32\atashost.exe [133944 2012-06-22] (Cisco WebEx LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2010-02-18] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.)
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-11 10:44 - 2014-04-11 10:44 - 00000000 ____D () C:\FRST
2014-04-11 10:22 - 2014-04-11 10:24 - 00000000 ____D () C:\2e133cf0be772bed74f510ba74d9ae
2014-04-11 10:15 - 2014-04-11 10:40 - 00000421 _____ () C:\Windows\system32\ppd0411.log
2014-04-11 09:36 - 2014-04-11 09:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-11 09:32 - 2014-04-11 09:32 - 00092616 _____ () C:\Users\Van\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-11 09:02 - 2014-04-11 09:02 - 00000000 ____D () C:\Users\Van\AppData\Roaming\Malwarebytes
2014-04-11 09:00 - 2014-04-11 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 09:00 - 2014-04-11 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 08:09 - 2014-04-11 08:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-11 08:09 - 2014-04-11 08:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-11 07:33 - 2014-04-11 07:37 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-10 16:32 - 2014-04-10 16:32 - 00000000 ____D () C:\Users\Van\AppData\Roaming\Roxio Log Files
2014-04-10 15:16 - 2014-04-10 15:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 15:14 - 2014-04-10 15:15 - 00000000 ____D () C:\Qoobox
2014-04-10 15:14 - 2014-04-10 15:15 - 00000000 ____D () C:\32788R22FWJFW
2014-04-10 15:14 - 2014-04-10 15:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-01 00:02 - 2014-04-01 14:32 - 00012775 _____ () C:\Windows\system32\ppd0401.log
2014-03-31 00:00 - 2014-03-31 23:57 - 00021190 _____ () C:\Windows\system32\ppd0331.log
2014-03-29 00:01 - 2014-03-29 23:56 - 00021024 _____ () C:\Windows\system32\ppd0329.log
2014-03-28 00:01 - 2014-03-28 23:56 - 00021024 _____ () C:\Windows\system32\ppd0328.log
2014-03-27 13:59 - 2014-03-27 13:59 - 00032898 _____ () C:\Users\Van\Downloads\Attached Message Part
2014-03-27 00:01 - 2014-03-27 23:56 - 00021024 _____ () C:\Windows\system32\ppd0327.log
2014-03-26 00:04 - 2014-03-26 23:56 - 00021190 _____ () C:\Windows\system32\ppd0326.log
2014-03-25 08:40 - 2014-04-08 13:14 - 00000000 ____D () C:\Users\Van\Desktop\Counsyl
2014-03-25 00:04 - 2014-03-25 23:59 - 00021024 _____ () C:\Windows\system32\ppd0325.log
2014-03-24 00:04 - 2014-03-24 23:59 - 00021024 _____ () C:\Windows\system32\ppd0324.log
2014-03-23 00:04 - 2014-03-23 23:59 - 00021024 _____ () C:\Windows\system32\ppd0323.log
2014-03-22 00:04 - 2014-03-22 23:59 - 00021024 _____ () C:\Windows\system32\ppd0322.log
2014-03-21 00:04 - 2014-03-21 23:59 - 00021024 _____ () C:\Windows\system32\ppd0321.log
2014-03-19 08:14 - 2014-04-11 10:21 - 00226084 _____ (Microsoft Corporation) C:\ProgramData\rymxuw.dat
2014-03-19 08:14 - 2014-04-11 10:21 - 00226084 _____ (Microsoft Corporation) C:\ProgramData\rymxuw.dat
2014-03-19 00:00 - 2014-03-19 23:55 - 00021024 _____ () C:\Windows\system32\ppd0319.log
2014-03-18 00:00 - 2014-03-18 23:55 - 00021024 _____ () C:\Windows\system32\ppd0318.log
2014-03-17 00:00 - 2014-03-17 23:55 - 00021024 _____ () C:\Windows\system32\ppd0317.log
2014-03-16 00:00 - 2014-03-16 23:55 - 00021024 _____ () C:\Windows\system32\ppd0316.log
2014-03-15 00:00 - 2014-03-15 23:55 - 00021024 _____ () C:\Windows\system32\ppd0315.log
2014-03-14 00:00 - 2014-03-14 23:55 - 00021024 _____ () C:\Windows\system32\ppd0314.log
2014-03-13 00:00 - 2014-03-13 23:55 - 00016591 _____ () C:\Windows\system32\ppd0313.log
2014-03-12 22:34 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:34 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:34 - 2014-02-28 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:34 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:34 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:34 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:34 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:34 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:34 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:34 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:34 - 2014-02-28 20:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:34 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:34 - 2014-02-28 20:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:34 - 2014-02-28 20:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:34 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:34 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:34 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:34 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:34 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:34 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:34 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:34 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:34 - 2014-02-06 18:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:34 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:34 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:34 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:34 - 2014-01-27 19:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 00:00 - 2014-03-12 23:55 - 00021024 _____ () C:\Windows\system32\ppd0312.log

==================== One Month Modified Files and Folders =======

2014-04-11 10:44 - 2014-04-11 10:44 - 00000000 ____D () C:\FRST
2014-04-11 10:40 - 2014-04-11 10:15 - 00000421 _____ () C:\Windows\system32\ppd0411.log
2014-04-11 10:35 - 2009-07-13 21:55 - 01916929 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 10:29 - 2010-10-26 14:50 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 10:26 - 2010-10-13 07:25 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-11 10:24 - 2014-04-11 10:22 - 00000000 ____D () C:\2e133cf0be772bed74f510ba74d9ae
2014-04-11 10:24 - 2011-01-04 11:06 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-11 10:23 - 2012-04-11 07:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 10:23 - 2011-01-04 11:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-11 10:21 - 2014-03-19 08:14 - 00226084 _____ (Microsoft Corporation) C:\ProgramData\rymxuw.dat
2014-04-11 10:21 - 2014-03-19 08:14 - 00226084 _____ (Microsoft Corporation) C:\ProgramData\rymxuw.dat
2014-04-11 10:21 - 2013-07-24 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 10:20 - 2009-07-13 21:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 10:20 - 2009-07-13 21:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 10:19 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-04-11 10:17 - 2010-11-01 10:03 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-11 10:16 - 2012-06-20 14:38 - 00000000 ___RD () C:\Users\Van\Dropbox
2014-04-11 10:16 - 2012-06-20 14:33 - 00000000 ____D () C:\Users\Van\AppData\Roaming\Dropbox
2014-04-11 10:15 - 2010-10-26 14:50 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 10:15 - 2010-10-25 22:55 - 00000000 ____D () C:\Users\Van
2014-04-11 10:15 - 2010-10-25 10:56 - 00000000 _____ () C:\Users\Van\AppData\Local\WavXMapDrive.bat
2014-04-11 10:12 - 2013-10-22 15:26 - 00002396 _____ () C:\Windows\setupact.log
2014-04-11 10:12 - 2011-02-01 11:31 - 00000000 ____D () C:\Program Files\ConduitEngine
2014-04-11 10:12 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 10:12 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-11 10:11 - 2012-06-20 14:34 - 00000000 ____D () C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-11 10:11 - 2012-06-15 07:36 - 00000000 ____D () C:\Program Files\Common Files\Software Update Utility
2014-04-11 10:11 - 2011-07-20 10:40 - 00000000 ____D () C:\ProgramData\Intuit
2014-04-11 10:11 - 2011-07-20 10:40 - 00000000 ____D () C:\ProgramData\Intuit
2014-04-11 10:11 - 2011-05-13 09:14 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-11 10:11 - 2011-05-13 09:14 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-04-11 10:11 - 2011-01-13 09:32 - 00000000 ____D () C:\Users\Van\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-11 10:11 - 2010-10-26 14:49 - 00000000 ____D () C:\Users\Van\AppData\Local\Google
2014-04-11 10:11 - 2010-10-26 14:49 - 00000000 ____D () C:\Program Files\Google
2014-04-11 10:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-04-11 10:11 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-11 10:08 - 2011-02-01 11:31 - 00000000 ____D () C:\Users\Van\AppData\Local\Conduit
2014-04-11 10:08 - 2010-10-26 14:49 - 00000000 ____D () C:\ProgramData\Google
2014-04-11 10:08 - 2010-10-26 14:49 - 00000000 ____D () C:\ProgramData\Google
2014-04-11 10:07 - 2011-02-01 11:31 - 00000000 ____D () C:\Program Files\Conduit
2014-04-11 09:57 - 2014-04-11 09:36 - 00000000 ____D () C:\Windows\Minidump
2014-04-11 09:57 - 2012-02-03 09:14 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-04-11 09:57 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-11 09:32 - 2014-04-11 09:32 - 00092616 _____ () C:\Users\Van\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-11 09:24 - 2010-10-13 11:01 - 00000000 ____D () C:\Windows\Panther
2014-04-11 09:24 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-04-11 09:02 - 2014-04-11 09:02 - 00000000 ____D () C:\Users\Van\AppData\Roaming\Malwarebytes
2014-04-11 09:00 - 2014-04-11 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 09:00 - 2014-04-11 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 08:14 - 2014-04-11 08:09 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-11 08:14 - 2014-04-11 08:09 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-11 08:00 - 2010-10-26 15:22 - 00000000 ____D () C:\Users\Van\AppData\Local\Deployment
2014-04-11 07:37 - 2014-04-11 07:33 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-10 16:32 - 2014-04-10 16:32 - 00000000 ____D () C:\Users\Van\AppData\Roaming\Roxio Log Files
2014-04-10 15:16 - 2014-04-10 15:16 - 00000000 ____D () C:\Windows\ERUNT
2014-04-10 15:15 - 2014-04-10 15:14 - 00000000 ____D () C:\Qoobox
2014-04-10 15:15 - 2014-04-10 15:14 - 00000000 ____D () C:\32788R22FWJFW
2014-04-10 15:14 - 2014-04-10 15:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-08 13:14 - 2014-03-25 08:40 - 00000000 ____D () C:\Users\Van\Desktop\Counsyl
2014-04-01 14:32 - 2014-04-01 00:02 - 00012775 _____ () C:\Windows\system32\ppd0401.log
2014-04-01 13:53 - 2011-01-13 09:30 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051332755-2411500937-872377124-1000UA.job
2014-04-01 08:00 - 2014-03-11 13:59 - 00000540 _____ () C:\Windows\Tasks\Progressive Downloader Plus Scheduled Task.job
2014-04-01 05:53 - 2011-01-13 09:30 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051332755-2411500937-872377124-1000Core.job
2014-03-31 23:57 - 2014-03-31 00:00 - 00021190 _____ () C:\Windows\system32\ppd0331.log
2014-03-29 23:56 - 2014-03-29 00:01 - 00021024 _____ () C:\Windows\system32\ppd0329.log
2014-03-28 23:56 - 2014-03-28 00:01 - 00021024 _____ () C:\Windows\system32\ppd0328.log
2014-03-27 23:56 - 2014-03-27 00:01 - 00021024 _____ () C:\Windows\system32\ppd0327.log
2014-03-27 13:59 - 2014-03-27 13:59 - 00032898 _____ () C:\Users\Van\Downloads\Attached Message Part
2014-03-26 23:56 - 2014-03-26 00:04 - 00021190 _____ () C:\Windows\system32\ppd0326.log
2014-03-26 13:30 - 2012-01-12 11:54 - 00000000 ____D () C:\Program Files\Quicksilver
2014-03-25 23:59 - 2014-03-25 00:04 - 00021024 _____ () C:\Windows\system32\ppd0325.log
2014-03-25 14:34 - 2011-07-20 10:40 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-03-24 23:59 - 2014-03-24 00:04 - 00021024 _____ () C:\Windows\system32\ppd0324.log
2014-03-23 23:59 - 2014-03-23 00:04 - 00021024 _____ () C:\Windows\system32\ppd0323.log
2014-03-22 23:59 - 2014-03-22 00:04 - 00021024 _____ () C:\Windows\system32\ppd0322.log
2014-03-21 23:59 - 2014-03-21 00:04 - 00021024 _____ () C:\Windows\system32\ppd0321.log
2014-03-19 23:55 - 2014-03-19 00:00 - 00021024 _____ () C:\Windows\system32\ppd0319.log
2014-03-18 23:55 - 2014-03-18 00:00 - 00021024 _____ () C:\Windows\system32\ppd0318.log
2014-03-17 23:55 - 2014-03-17 00:00 - 00021024 _____ () C:\Windows\system32\ppd0317.log
2014-03-16 23:55 - 2014-03-16 00:00 - 00021024 _____ () C:\Windows\system32\ppd0316.log
2014-03-15 23:55 - 2014-03-15 00:00 - 00021024 _____ () C:\Windows\system32\ppd0315.log
2014-03-15 10:49 - 2011-01-13 09:32 - 00002356 _____ () C:\Users\Van\Desktop\Google Chrome.lnk
2014-03-14 23:55 - 2014-03-14 00:00 - 00021024 _____ () C:\Windows\system32\ppd0314.log
2014-03-14 10:52 - 2010-10-13 07:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-13 23:55 - 2014-03-13 00:00 - 00016591 _____ () C:\Windows\system32\ppd0313.log
2014-03-13 08:36 - 2013-11-19 10:57 - 00000000 ____D () C:\Users\Van\AppData\Local\LogMeIn Rescue Applet
2014-03-13 03:18 - 2009-07-13 21:33 - 00371704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:17 - 2013-11-13 04:20 - 00103790 _____ () C:\Windows\PFRO.log
2014-03-13 03:17 - 2010-10-13 07:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 23:55 - 2014-03-12 00:00 - 00021024 _____ () C:\Windows\system32\ppd0312.log
2014-03-12 09:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\rymxuw.dat

Some content of TEMP:
====================
C:\Users\Van\AppData\Local\Temp\Abspdf.exe
C:\Users\Van\AppData\Local\Temp\acfpdfu.dll
C:\Users\Van\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Van\AppData\Local\Temp\acfpdfui.dll
C:\Users\Van\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Van\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Van\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Van\AppData\Local\Temp\awsvfe.exe
C:\Users\Van\AppData\Local\Temp\cdintf.dll
C:\Users\Van\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Van\AppData\Local\Temp\MSIZAP.EXE
C:\Users\Van\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Van\AppData\Local\Temp\stlport_r50.dll
C:\Users\Van\AppData\Local\Temp\xmllite.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 00:49

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2014
Ran by Van at 2014-04-11 10:45:17
Running from C:\Users\Van\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PF0RWIXJ
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Acrobat  8 Standard (Version: 8.3.1 - Adobe Systems) Hidden
Adobe Acrobat 8.3.1 - CPSID_83708 (HKLM\...\Adobe Acrobat  8 Standard_831) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Standard (HKLM\...\Adobe Acrobat  8 Standard) (Version: 8.3.1 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Ancestry World Archives Project - Keying Tool (HKLM\...\{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}) (Version: 1.1.0102 - Ancestry.com)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppliedOnline Install (HKLM\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 32 bit (HKLM\...\{AD7802A1-E925-4F56-9C2E-35FECC53AE5D}) (Version: 1.0.2 - Applied Systems, Inc.)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.9.0.73 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix online plug-in (Web) (HKLM\...\{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine  (HKLM\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.)
Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Easy Clocking Basic (HKLM\...\{209AB621-A313-4FC1-8CFC-99FA6053C53C}) (Version: 1.0.0 - Easy Clocking Inc.)
EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden
Encompass Insurance - 1  (HKCU\...\f2e99d9a857b362b) (Version: 3.0.4.27 - Encompass Insurance)
Encompass Optimization Install (HKLM\...\{1448F57C-23C6-4E84-9A5C-DAE7CE09A740}) (Version: 2.0.0 - EncompassInsurance)
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.917 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 5.9.0.1216 (HKCU\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)
Intel® Network Connections 15.2.89.0 (Version: 15.2.89.0 - Dell) Hidden
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
Inter-Tel Collaboration Client 2.0 (HKLM\...\{04f6ffea-6702-11dc-8314-0800200c9a66}) (Version: 4.2.2.0 - Inter-Tel (Delaware), Inc.)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LogMeIn (HKLM\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden
Progressive Downloader Plus (HKCU\...\cf8ca50d45e159d3) (Version: 3.0.0.2 - Progressive Insurance)
Progressive Policy Downloader (HKLM\...\{F80DC289-20BE-4C34-8F49-693393E15463}) (Version: 1.2.3 - Progressive Insurance)
QuickBooks (Version: 24.0.4005.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4004.2403 - Intuit Inc.)
Quicksilver (HKLM\...\{6E6B8160-B2C8-4F87-B4ED-0851C2001E09}) (Version: 1.2.24 - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Radio TV 1.4 Toolbar (HKLM\...\Radio_TV_1.4 Toolbar) (Version: 6.3.1.12 - Radio TV 1.4)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
ScrewDrivers Client v4 (HKLM\...\{B9870305-5241-4A5F-90CD-EC24F81BEC8C}) (Version: 4.7.02 - triCerat, Inc.)
Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden
Travelers AgentBrowserConfiguration (HKLM\...\{F3FCCEEF-4EE8-4676-B999-F811928B3B41}) (Version: 1.0.0.0 - Travelers, Inc.)
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
TypeC305 TWAIN Driver Ver.4 (HKLM\...\{88C48BE6-84A3-4772-B073-9333543E4596}) (Version: 4.42.01 - )
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
VChannelClient (HKLM\...\{245B4BB9-D643-4A87-968D-6C856FF1706A}) (Version: 5.04 - Applied Systems)
Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

19-03-2014 10:00:10 Windows Update
22-03-2014 16:13:17 Windows Update
26-03-2014 16:13:49 Windows Update
29-03-2014 19:51:34 Windows Update
01-04-2014 21:34:22 Windows Update
03-04-2014 10:00:10 Windows Update
07-04-2014 10:27:49 Windows Update
10-04-2014 10:00:20 Windows Update
11-04-2014 16:53:05 Restore Operation
11-04-2014 17:16:46 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F0F38EF-A449-4A51-84F0-E378BD0C47C8} - System32\Tasks\{E2058D00-80AD-4364-8DA3-B0AD151964E8} => C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {2693A0E1-AE36-4C3D-89BB-CE4D502D68A4} - System32\Tasks\hpUrlLauncher.exe_{30D8A7B7-B66A-4F26-A410-13E49FA4CA40} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {455FACD2-2430-46F6-9B6E-5796942132B2} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {45E45294-2C07-4027-B482-1009A0C520B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {4C05CE9C-5D24-4725-9867-C4D1219D7C9D} - System32\Tasks\{F40451BD-7412-4AB8-9D9F-CBFC71A2C942} => C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {5411CC23-2CF9-4DF6-BC65-2373F3A892CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1051332755-2411500937-872377124-1000Core => C:\Users\Van\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {5AF9A1A6-4327-46FF-BBE9-737B4EA133F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {86EC894C-3C27-49B0-A4C0-A6C2688FE65F} - System32\Tasks\Progressive Downloader Plus Scheduled Task => Iexplore.exe https://www.foragentsonly.com/agentpublic/pdp/external/PPDClient.application?silent=y
Task: {98C3152C-60FE-4CD0-8873-7E55AE4A5E55} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {9B10BEFD-8972-4CAB-A462-88C6A5992E89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1051332755-2411500937-872377124-1000UA => C:\Users\Van\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26] (Google Inc.)
Task: {9F0190F1-F340-4E66-865E-187D23019327} - System32\Tasks\{04BBC361-EA61-49C0-A246-B937E8096968} => C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {A29AB111-4BB9-4D50-BE0D-1D0EFC273066} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D2D21E10-E544-402C-BD6B-FDFD2906DF65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {DB4B33DE-9B01-4E6F-B196-3D801B738B9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051332755-2411500937-872377124-1000Core.job => C:\Users\Van\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1051332755-2411500937-872377124-1000UA.job => C:\Users\Van\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Progressive Downloader Plus Scheduled Task.job => C:\Program Files\Internet Explorer\iexplore.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-13 04:31 - 2014-02-13 04:31 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2010-10-13 07:21 - 2010-03-03 17:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-10-13 07:22 - 2010-02-18 12:18 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2010-01-19 09:44 - 2010-01-19 09:44 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2010-03-02 09:46 - 2010-03-02 09:46 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 10:24 - 2008-11-12 10:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2007-05-10 13:33 - 2007-05-10 13:33 - 00196608 _____ () C:\Program Files\Progressive Insurance\Progressive Policy Downloader\SCHEDSRV.exe
2014-02-27 14:58 - 2014-02-27 14:58 - 00623432 _____ () C:\Program Files\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-02-27 14:58 - 2014-02-27 14:58 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBCompressor.dll
2013-12-02 15:27 - 2013-12-02 15:27 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2014\zlib1.dll
2014-02-27 14:58 - 2014-02-27 14:58 - 00149320 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2014-02-27 14:58 - 2014-02-27 14:58 - 00247112 _____ () C:\Program Files\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-02-27 14:58 - 2014-02-27 14:58 - 00623944 _____ () C:\Program Files\Intuit\QuickBooks 2014\FtuEngine.dll
2014-02-27 14:58 - 2014-02-27 14:58 - 00581960 _____ () C:\Program Files\Intuit\QuickBooks 2014\BackupLib.dll
2014-02-27 14:59 - 2014-02-27 14:59 - 00142664 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-02-27 14:58 - 2014-02-27 14:58 - 00778056 _____ () C:\Program Files\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-02-27 14:58 - 2014-02-27 14:58 - 00043848 _____ () C:\Program Files\Intuit\QuickBooks 2014\mbpopup.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2014 10:22:54 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (04/11/2014 10:16:18 AM) (Source: Application Hang) (User: )
Description: The program aim.exe version 7.5.14.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1078

Start Time: 01cf55a9ab9a7429

Termination Time: 0

Application Path: C:\Program Files\AIM\aim.exe

Report Id: ef7d1642-c19c-11e3-b0b0-f04da22ae49b

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (04/11/2014 09:37:22 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:20 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (04/11/2014 09:37:20 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (04/11/2014 10:14:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/11/2014 10:12:51 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/11/2014 10:12:47 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (04/11/2014 10:01:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/11/2014 10:00:01 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/11/2014 09:59:58 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (04/11/2014 09:52:25 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (04/11/2014 09:49:56 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/11/2014 09:48:46 AM) (Source: BugCheck) (User: )
Description: 0x0000007f (0x0000000d, 0x00000000, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP041114-17815-01

Error: (04/11/2014 09:48:40 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:47:20 AM on ‎4/‎11/‎2014 was unexpected.

Microsoft Office Sessions:
=========================
Error: (04/11/2014 10:22:54 AM) (Source: Windows Backup)(User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (04/11/2014 10:16:18 AM) (Source: Application Hang)(User: )
Description: aim.exe7.5.14.8107801cf55a9ab9a74290C:\Program Files\AIM\aim.exeef7d1642-c19c-11e3-b0b0-f04da22ae49b

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/11/2014 09:37:25 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (04/11/2014 09:37:22 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (04/11/2014 09:37:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (04/11/2014 09:37:20 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
1100

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3547.59 MB
Available physical RAM: 1781.45 MB
Total Pagefile: 7093.48 MB
Available Pagefile: 5048.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:290.05 GB) (Free:229.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)
Partition 2: (Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Please let me know the next step.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 11 April 2014 - 01:09 PM

Symptoms, cant run or remove Microsoft essentials. Says its blocked by group policy.



#3 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 11 April 2014 - 01:54 PM

Ran tdsskiller, fixed nothing.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:32 PM

Posted 16 April 2014 - 01:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530729 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 PM

Posted 16 April 2014 - 01:24 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [rymxuw] - regsvr32.exe "C:\ProgramData\rymxuw.dat"
URLSearchHook: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask.com/redirect?client=ie&tb=DGY&o=&src=crm&q={searchTerms}&locale=
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {5C7A731B-1D17-4EDE-A051-76BD91A2C857} URL =
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13053&gct=&gc=1&q={searchTerms}&crm=1
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
BHO: Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
Toolbar: HKCU - Radio TV 1.4 Toolbar - {F7E4B48A-9940-48D8-A732-246A2FDB7B40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://updates.mercuryinsurance.com/PP14.1.7_HO14.0.16_CO3.2.16/setup.exe
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#6 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 16 April 2014 - 01:27 PM

yes I still need help. I was able to remove Microsoft security essentials now I can't download Microsoft security essentials. Do you need the attach.txt log also?

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by Van at 11:19:11 on 2014-04-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3548.1706 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Progressive Insurance\Progressive Policy Downloader\SCHEDSRV.exe
C:\Program Files\Progressive Insurance\Progressive Policy Downloader\schedmon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\PROGRA~1\INTUIT\QUICKB~2\QBDBMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN281BWH8705KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe" -startup
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [EncMove] c:\program files\encompassinsurance\encompass optimization install\EncompassMove.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [AlreadyRebooted] TRUE
mRun: [Progressive Scheduler] c:\program files\progressive insurance\progressive policy downloader\schedsrv.exe /Autostart /Systemstart
mRun: [Progressive Scheduler Monitor] c:\program files\progressive insurance\progressive policy downloader\schedmon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ScrewDrivers RDP Plugin] c:\program files\tricerat\simplify printing\screwdrivers client v4\install_rdp.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\users\van\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\van\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2014\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: allstate.com
Trusted Zone: allstate.com
Trusted Zone: allstatehelp.com
Trusted Zone: billerwebb.com
Trusted Zone: deerbrook.com
Trusted Zone: deerbrook.com
Trusted Zone: encompassinsurance.com
Trusted Zone: encompassinsurance.com
Trusted Zone: farmersinsurance.com
Trusted Zone: foremostproducers.com
Trusted Zone: foremoststar.com
Trusted Zone: gotoassist.com
Trusted Zone: gulfinsurance.com
Trusted Zone: interlinkhelp.com
Trusted Zone: internet
Trusted Zone: msbexpress.net
Trusted Zone: stpaultravelers.com
Trusted Zone: tamcentral.net
Trusted Zone: travelers.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelerspc.com
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://quicksilver.mercuryinsurance.com/engine/isetup.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://updates.mercuryinsurance.com/PP14.1.7_HO14.0.16_CO3.2.16/setup.exe
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://chubb.webex.com/client/T27L10NSP25/nbr/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{701AFC26-5EAA-4F31-B382-8EE250ECE472} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - c:\program files\intuit\quickbooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\917\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-6-22 133944]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-10-13 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-1-4 47640]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104264]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2014-2-27 1248256]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-10-13 2066968]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-10-13 224424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-14 108032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-28 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-26 1343400]
.
=============== Created Last 30 ================
.
2014-04-16 18:14:10 -------- d-sh--w- c:\users\van\appdata\local\EmieUserList
2014-04-16 18:14:10 -------- d-sh--w- c:\users\van\appdata\local\EmieSiteList
2014-04-14 22:41:55 -------- d-----w- C:\AdwCleaner
2014-04-14 22:38:09 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{89023b62-9c44-4b06-b2d5-2cea85ea8896}\mpengine.dll
2014-04-11 21:15:12 -------- d-----w- c:\users\van\appdata\local\ElevatedDiagnostics
2014-04-11 20:26:23 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-11 20:24:54 -------- d-----w- c:\users\van\appdata\local\temp
2014-04-11 20:18:40 98816 ----a-w- c:\windows\sed.exe
2014-04-11 20:18:40 256000 ----a-w- c:\windows\PEV.exe
2014-04-11 20:18:40 208896 ----a-w- c:\windows\MBR.exe
2014-04-11 17:44:41 -------- d-----w- C:\FRST
2014-04-11 17:34:21 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fca0140e-cc64-4d89-aabd-4bec3992baa5}\gapaengine.dll
2014-04-11 17:34:06 7969936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-04-11 17:20:27 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-11 17:20:27 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-11 17:20:27 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-11 17:20:27 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-11 17:20:21 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-11 16:02:20 -------- d-----w- c:\users\van\appdata\roaming\Malwarebytes
2014-04-11 16:00:22 -------- d-----w- c:\programdata\Malwarebytes
2014-04-11 15:09:57 -------- d-----w- c:\programdata\HitmanPro
2014-04-11 14:33:54 -------- d-----w- C:\TDSSKiller_Quarantine
2014-04-10 23:32:02 -------- d-----w- c:\users\van\appdata\roaming\Roxio Log Files
2014-04-10 22:16:27 -------- d-----w- c:\windows\ERUNT
.
==================== Find3M  ====================
.
2014-03-12 02:23:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 02:23:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 16:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 08:32:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-02-14 00:44:58 712704 ----a-w- c:\windows\system32\AL3IMP.dll
2014-02-14 00:44:58 1003520 ----a-w- c:\windows\system32\Al3Export.dll
2014-02-14 00:44:54 6574080 ----a-w- c:\windows\system32\sfsPrint.dll
2014-02-14 00:44:30 786432 ----a-w- c:\windows\system32\sfsSave.dll
2014-02-14 00:44:30 200704 ----a-w- c:\windows\system32\PrinterWrapper.ocx
2014-02-14 00:43:00 905216 ----a-w- c:\windows\system32\PolicyObj.dll
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- c:\windows\system32\wer.dll
2014-01-28 02:07:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-25 08:19:42 231960 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 11:20:05.93 ===============



#7 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 16 April 2014 - 01:48 PM

start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [rymxuw] - regsvr32.exe "C:\ProgramData\rymxuw.dat"
URLSearchHook: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask.com/redirect?client=ie&tb=DGY&o=&src=crm&q={searchTerms}&locale=
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {5C7A731B-1D17-4EDE-A051-76BD91A2C857} URL =
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13053&gct=&gc=1&q={searchTerms}&crm=1
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
BHO: Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
Toolbar: HKCU - Radio TV 1.4 Toolbar - {F7E4B48A-9940-48D8-A732-246A2FDB7B40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://updates.mercuryinsurance.com/PP14.1.7_HO14.0.16_CO3.2.16/setup.exe
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

End



#8 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 16 April 2014 - 01:57 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/16/2014
Scan Time: 11:55:30 AM
Logfile: MBAM log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.16.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Van

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286018
Time Elapsed: 11 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1051332755-2411500937-872377124-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [6c948a76be42a25e555696e0679b2cd4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#9 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 16 April 2014 - 02:00 PM

# AdwCleaner v3.023 - Report created 16/04/2014 at 11:59:07
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Van - VAN-PC
# Running from : C:\Users\Van\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S2RZ1KB\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

*************************

AdwCleaner[R0].txt - [3666 octets] - [14/04/2014 15:41:57]
AdwCleaner[R1].txt - [732 octets] - [16/04/2014 11:34:06]
AdwCleaner[R2].txt - [681 octets] - [16/04/2014 11:59:07]
AdwCleaner[S0].txt - [3795 octets] - [14/04/2014 15:42:59]
AdwCleaner[S1].txt - [792 octets] - [16/04/2014 11:34:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [859 octets] ##########



#10 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 16 April 2014 - 02:04 PM

tried downloading MSE, getting error code:0x8004ff91



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 PM

Posted 17 April 2014 - 08:25 AM

My instructions.

The tool will create a log (Fixlog.txt) please post it to your reply.

Can you please post the Fixlog.txt content for my review.

p.s. if the Restrictions were not removed then that may be the problem re-installing MSE.
===

tried downloading MSE, getting error code:0x8004ff91

http://windows.microsoft.com/en-us/windows/i-cant-install-microsoft-security-essentials

Follow the instructions, do not try the fix for windows XP.

On the page above you will also have a link to this download page.

http://windows.microsoft.com/en-us/windows/security-essentials-all-versions

Keep me posted.

#12 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 17 April 2014 - 09:41 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by Van at 2014-04-16 11:31:56 Run:1
Running from E:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\...\Run: [rymxuw] - regsvr32.exe "C:\ProgramData\rymxuw.dat"
URLSearchHook: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://tbsearch.ask.com/redirect?client=ie&tb=DGY&o=&src=crm&q={searchTerms}&locale=
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {5C7A731B-1D17-4EDE-A051-76BD91A2C857} URL =
SearchScopes: HKCU - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13053&gct=&gc=1&q={searchTerms}&crm=1
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
BHO: Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Radio TV 1.4 Toolbar - {f7e4b48a-9940-48d8-a732-246a2fdb7b40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
Toolbar: HKLM - Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll (Conduit Ltd.)
Toolbar: HKCU - Radio TV 1.4 Toolbar - {F7E4B48A-9940-48D8-A732-246A2FDB7B40} - C:\Program Files\Radio_TV_1.4\prxtbRad0.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://updates.mercuryinsurance.com/PP14.1.7_HO14.0.16_CO3.2.16/setup.exe
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

End
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-1051332755-2411500937-872377124-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rymxuw => Value not found.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f7e4b48a-9940-48d8-a732-246a2fdb7b40} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f7e4b48a-9940-48d8-a732-246a2fdb7b40} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found.
HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C7A731B-1D17-4EDE-A051-76BD91A2C857} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C7A731B-1D17-4EDE-A051-76BD91A2C857} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKCR\Wow6432Node\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7e4b48a-9940-48d8-a732-246a2fdb7b40} => Key not found.
HKCR\CLSID\{f7e4b48a-9940-48d8-a732-246a2fdb7b40} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{f7e4b48a-9940-48d8-a732-246a2fdb7b40} => Value not found.
HKCR\CLSID\{f7e4b48a-9940-48d8-a732-246a2fdb7b40} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value not found.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F7E4B48A-9940-48D8-A732-246A2FDB7B40} => Value not found.
HKCR\CLSID\{F7E4B48A-9940-48D8-A732-246A2FDB7B40} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} => Key deleted successfully.
HKCR\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => Key deleted successfully.

==== End of Fixlog ====



#13 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 17 April 2014 - 10:36 AM

I followed all the steps, keeping getting the same error when trying to install.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 PM

Posted 18 April 2014 - 07:10 AM

Can you download your version of MSE for your Operating system and run the application locally>

http://windows.microsoft.com/en-us/windows/security-essentials-all-versions

If the download is not possible run this tool.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#15 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 18 April 2014 - 09:45 AM

Farbar Service Scanner Version: 25-02-2014
Ran by Van (administrator) on 18-04-2014 at 07:44:52
Running from "C:\Users\Van\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GF65RI53"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-09 02:06] - [2013-09-13 17:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-09 02:06] - [2013-09-07 19:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 02:18] - [2013-07-08 21:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-09 22:22] - [2013-05-26 21:57] - 0680960 ____A (Microsoft Corporation) 082CF481F659FAE0DE51AD060881EB47

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users