Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with unknown virus, trojan, spyware, or malware


  • This topic is locked This topic is locked
29 replies to this topic

#1 mjb2066

mjb2066

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 28 April 2014 - 02:04 PM

Hello,

 

My computer is infected with something that is causing multiple (anywhere from 18 to 32) dllhost.exe*32 com surrogate processes to be running at any time.  The infection also seems to be flooding my computer with temporary internet files, which has stalled every scan I have attempted (with the exception of avast!), regardless of whether or not I even have a single window of Internet Explorer open.

 

Any help would be greatly appreciated!  Here is my DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16545
Run by matt.baun at 14:48:24 on 2014-04-28
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3977.2012 [GMT -4:00]
.
AV: System Center 2012 Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: System Center 2012 Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\vVX6000.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\syswow64\dllhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uRun: [QCDsoft Update] regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
mRun: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\8dc257cb-71ad-41fb-97de-85a5b7f6c34f.exe /check
StartupFolder: C:\Users\MATT~1.BAU\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
mPolicies-Windows\System: UserPolicyMode = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxp://mi-srv8/crystalreportviewers/activeXViewer/activexviewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0A283A64-CDC3-49D0-A3B3-4050FCB831A5} : DHCPNameServer = 10.0.32.19 10.0.32.7
TCP: Interfaces\{2BD1B057-AF00-4318-B4D2-895B919D511B} : DHCPNameServer = 10.0.32.7 10.0.32.19
TCP: Interfaces\{4B133B4A-4D29-4068-89F7-69B2F3913C93} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4B133B4A-4D29-4068-89F7-69B2F3913C93}\14E4E4D275C414E413 : DHCPNameServer = 10.0.32.7 10.0.32.19
TCP: Interfaces\{4B133B4A-4D29-4068-89F7-69B2F3913C93}\755626562737 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{4B133B4A-4D29-4068-89F7-69B2F3913C93}\8686F6E6F62737 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [VX6000] C:\Windows\vVX6000.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-4-15 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-4-15 208928]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-24 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-24 28216]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-12-4 22128]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-4-15 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-4-15 423240]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 189424]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-4-15 79184]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-7-6 27760]
R3 AppvStrm;AppvStrm;C:\Windows\System32\drivers\AppvStrm.sys [2013-3-29 104616]
R3 AppvVemgr;AppvVemgr;C:\Windows\System32\drivers\AppvVemgr.sys [2013-3-29 175256]
R3 AppvVfs;AppvVfs;C:\Windows\System32\drivers\AppvVfs.sys [2013-3-29 141480]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-4-15 84816]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-7-6 348712]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-6 39464]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2013-9-24 47752]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-9-24 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-11 25928]
R3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-1-3 72808]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-9-24 84712]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-7-7 71168]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-10-5 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-10-5 84864]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-1-3 74984]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-17 19456]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-7-7 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-4-17 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-17 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-17 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-7-7 117248]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2010-5-20 2143600]
.
=============== Created Last 30 ================
.
2014-04-28 18:35:23 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09A62321-BEC1-479F-A4A1-4D8684B06AFE}\mpengine.dll
2014-04-23 19:59:49 -------- d-----w- C:\Program Files\CCleaner
2014-04-16 02:39:38 -------- d-----w- C:\Users\matt.baun\AppData\Roaming\AVAST Software
2014-04-16 02:38:07 -------- d-----w- C:\Users\matt.baun\AppData\Local\Google
2014-04-16 02:38:01 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-04-16 02:38:01 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-04-16 02:38:01 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-04-16 02:38:01 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-16 02:38:00 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-04-16 02:38:00 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-04-16 02:37:55 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-16 02:37:43 -------- d-----w- C:\Program Files\AVAST Software
2014-04-16 02:37:01 -------- d-----w- C:\ProgramData\AVAST Software
2014-04-15 11:37:19 -------- d-----w- C:\Users\matt.baun\AppData\Roaming\WirelessManager
2014-04-15 10:02:20 -------- d-----w- C:\Windows\ERUNT
2014-04-14 17:41:27 -------- d-----w- C:\AdwCleaner
2014-04-12 16:17:14 -------- d-----w- C:\Program Files\Speccy
2014-04-11 16:47:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-11 16:47:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-10 16:10:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-10 16:10:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-10 16:10:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-10 16:10:19 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-10 16:10:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-10 16:10:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-10 16:10:19 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-10 16:10:18 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-10 16:10:18 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-09 12:07:49 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-08 02:28:16 -------- d-----w- C:\ComboFix
2014-04-07 19:26:19 98816 ----a-w- C:\Windows\sed.exe
2014-04-07 19:26:19 256000 ----a-w- C:\Windows\PEV.exe
2014-04-07 19:26:19 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M  ====================
.
2014-04-25 18:28:58 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2014-04-25 18:28:56 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2014-04-18 03:30:30 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-18 03:30:30 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-08 03:49:45 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-08 03:40:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-03-08 03:39:34 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-08 03:34:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-08 03:33:45 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-08 03:29:50 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-07 23:12:00 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-07 22:52:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
.
============= FINISH: 14:50:21.16 ===============

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 PM

Posted 28 April 2014 - 03:02 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 28 April 2014 - 03:18 PM

Thanks Georgi!

 

Here are the logs created by the Farbar Recovery Scan Tool:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by matt.baun (administrator) on H5WZCS1 on 28-04-2014 16:09:53
Running from C:\Users\matt.baun\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(O2Micro International) C:\Windows\system32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\sysWOW64\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [681880 2013-06-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1437064 2011-10-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [VX6000] => C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14848 2007-12-11] (IBM Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\8dc257cb-71ad-41fb-97de-85a5b7f6c34f.exe /check [181136 2014-04-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-418261387-2898494671-325862144-34710\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\S-1-5-21-418261387-2898494671-325862144-34710\...\Run: [QCDsoft Update] => regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll
HKU\S-1-5-21-418261387-2898494671-325862144-34710\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-418261387-2898494671-325862144-34710\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-418261387-2898494671-325862144-34710\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\matt.baun\AppData\Local\Temp\suknvyv\sptiiuq\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\matt.baun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {2DEF4530-8CE6-41C9-84B6-A54536C90213} http://mi-srv8/crystalreportviewers/activeXViewer/activexviewer.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\matt.baun\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software)
S3 Cwbrxd; C:\Windows\cwbrxd.exe [94208 2007-12-11] (IBM Corporation)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12768 2011-09-02] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288256 2011-09-02] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2013-03-21] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 AppvStrm; C:\Windows\System32\DRIVERS\appvStrm.sys [104616 2013-03-29] (Microsoft Corporation)
R3 AppvVemgr; C:\Windows\System32\DRIVERS\AppvVemgr.sys [175256 2013-03-29] (Microsoft Corporation)
R3 AppvVfs; C:\Windows\System32\DRIVERS\AppvVfs.sys [141480 2013-03-29] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] ()
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2013-06-11] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189424 2011-10-05] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-10-05] (Microsoft Corporation)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-28 16:09 - 2014-04-28 16:10 - 00017468 _____ () C:\Users\matt.baun\Desktop\FRST.txt
2014-04-28 16:09 - 2014-04-28 16:09 - 00000000 ____D () C:\FRST
2014-04-28 16:08 - 2014-04-28 16:07 - 02061824 _____ (Farbar) C:\Users\matt.baun\Desktop\FRST64.exe
2014-04-28 14:50 - 2014-04-28 14:50 - 00020849 _____ () C:\Users\matt.baun\Desktop\dds.txt
2014-04-28 14:50 - 2014-04-28 14:50 - 00017873 _____ () C:\Users\matt.baun\Desktop\attach.txt
2014-04-28 14:47 - 2014-04-28 14:45 - 00688992 ____R (Swearware) C:\Users\matt.baun\Desktop\dds.com
2014-04-25 14:28 - 2014-04-25 14:28 - 00000056 _____ () C:\Windows\setupact.log
2014-04-25 14:28 - 2014-04-25 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 11:43 - 2014-04-25 11:42 - 01365865 _____ () C:\Users\matt.baun\Desktop\AdwCleaner.exe
2014-04-25 11:35 - 2014-04-25 11:35 - 00000635 _____ () C:\Users\matt.baun\Desktop\JRT.txt
2014-04-25 11:11 - 2014-04-25 11:15 - 00002436 _____ () C:\Users\matt.baun\Desktop\Rkill.txt
2014-04-23 15:59 - 2014-04-23 15:59 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-23 15:59 - 2014-04-23 15:59 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-23 15:59 - 2014-04-23 15:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 15:48 - 2014-04-23 15:45 - 04787368 _____ (Piriform Ltd) C:\Users\matt.baun\Desktop\ccsetup412.exe
2014-04-22 18:34 - 2014-03-07 23:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 18:34 - 2014-03-07 23:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-22 18:34 - 2014-03-07 23:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 18:34 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 18:34 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 18:34 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 18:34 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-22 18:33 - 2014-03-08 00:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 18:33 - 2014-03-08 00:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 18:33 - 2014-03-07 23:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 18:33 - 2014-03-07 23:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 18:33 - 2014-03-07 23:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 18:33 - 2014-03-07 23:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 18:33 - 2014-03-07 23:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-22 18:33 - 2014-03-07 23:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 18:33 - 2014-03-07 23:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-22 18:33 - 2014-03-07 23:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 18:33 - 2014-03-07 23:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 18:33 - 2014-03-07 23:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 18:33 - 2014-03-07 23:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 18:33 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 18:33 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 18:33 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 18:33 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 18:33 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 18:33 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 18:33 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-22 18:33 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 18:33 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-22 18:33 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 18:33 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 18:33 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 22:39 - 2014-04-15 22:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-15 22:39 - 2014-04-15 22:39 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-15 22:39 - 2014-04-15 22:39 - 00000000 ____D () C:\Users\matt.baun\AppData\Roaming\AVAST Software
2014-04-15 22:39 - 2014-04-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-15 22:38 - 2014-04-15 22:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 22:38 - 2014-04-15 22:38 - 00000000 ____D () C:\Users\matt.baun\AppData\Local\Google
2014-04-15 22:38 - 2014-04-15 22:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-15 22:38 - 2014-04-15 22:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-15 22:38 - 2014-04-15 22:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-15 22:38 - 2014-04-15 22:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-15 22:38 - 2014-04-15 22:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-15 22:38 - 2014-04-15 22:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-15 22:38 - 2014-04-15 22:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-15 22:37 - 2014-04-15 22:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-15 22:37 - 2014-04-15 22:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-15 22:37 - 2014-04-15 22:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-15 22:37 - 2014-04-15 22:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-15 22:36 - 2014-04-15 22:32 - 88551496 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-04-15 22:36 - 2014-04-15 22:32 - 88551496 _____ (AVAST Software) C:\Users\matt.baun\Desktop\avast_free_antivirus_setup.exe
2014-04-15 07:37 - 2014-04-15 07:37 - 00000000 ____D () C:\Users\matt.baun\AppData\Roaming\WirelessManager
2014-04-15 06:02 - 2014-04-15 06:02 - 00000000 ____D () C:\Windows\ERUNT
2014-04-15 06:01 - 2014-04-15 05:59 - 01016261 _____ (Thisisu) C:\Users\matt.baun\Desktop\JRT.exe
2014-04-14 21:47 - 2014-04-14 21:37 - 00448512 _____ (OldTimer Tools) C:\Users\matt.baun\Desktop\TFC.exe
2014-04-14 13:41 - 2014-04-25 11:51 - 00000000 ____D () C:\AdwCleaner
2014-04-13 19:01 - 2014-04-11 16:08 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\matt.baun\Desktop\rkill.exe
2014-04-12 12:30 - 2014-04-12 12:24 - 00982016 _____ (Farbar) C:\Users\matt.baun\Desktop\MiniToolBox.exe
2014-04-12 12:17 - 2014-04-12 12:17 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 ____D () C:\Program Files\Speccy
2014-04-12 12:17 - 2014-04-12 12:13 - 04845384 _____ (Piriform Ltd) C:\Users\matt.baun\Desktop\spsetup125.exe
2014-04-11 18:40 - 2014-04-10 13:03 - 02347384 _____ (ESET) C:\Users\matt.baun\Desktop\esetsmartinstaller_enu.exe
2014-04-11 12:47 - 2014-04-11 12:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 12:47 - 2014-04-11 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-11 12:47 - 2014-04-11 12:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-11 12:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-10 12:10 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 12:10 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 12:10 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 12:10 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 12:10 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 12:10 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 12:10 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 12:10 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 12:10 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 12:10 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 12:10 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 01:05 - 2014-04-08 01:05 - 00142836 _____ () C:\ComboFix.txt
2014-04-07 22:28 - 2014-04-08 01:05 - 00000000 ____D () C:\ComboFix
2014-04-07 15:26 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-07 15:26 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-07 15:26 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-07 15:26 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-07 15:26 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-07 15:26 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-07 15:26 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-07 15:26 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-07 15:22 - 2014-04-08 01:06 - 00000000 ____D () C:\Qoobox
2014-04-07 15:20 - 2014-04-07 22:50 - 00000000 ____D () C:\Windows\erdnt

==================== One Month Modified Files and Folders =======

2014-04-28 16:10 - 2014-04-28 16:09 - 00017468 _____ () C:\Users\matt.baun\Desktop\FRST.txt
2014-04-28 16:09 - 2014-04-28 16:09 - 00000000 ____D () C:\FRST
2014-04-28 16:07 - 2014-04-28 16:08 - 02061824 _____ (Farbar) C:\Users\matt.baun\Desktop\FRST64.exe
2014-04-28 16:00 - 2013-12-04 16:25 - 02037103 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 15:51 - 2013-04-17 09:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 15:12 - 2014-02-04 10:04 - 00000546 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-418261387-2898494671-325862144-34710.job
2014-04-28 14:50 - 2014-04-28 14:50 - 00020849 _____ () C:\Users\matt.baun\Desktop\dds.txt
2014-04-28 14:50 - 2014-04-28 14:50 - 00017873 _____ () C:\Users\matt.baun\Desktop\attach.txt
2014-04-28 14:50 - 2011-07-06 18:20 - 00432644 _____ () C:\Windows\system32\perfh012.dat
2014-04-28 14:50 - 2011-07-06 18:20 - 00421050 _____ () C:\Windows\system32\perfh011.dat
2014-04-28 14:50 - 2011-07-06 18:20 - 00405476 _____ () C:\Windows\system32\prfh0404.dat
2014-04-28 14:50 - 2011-07-06 18:20 - 00388374 _____ () C:\Windows\system32\prfh0804.dat
2014-04-28 14:50 - 2011-07-06 18:20 - 00123352 _____ () C:\Windows\system32\perfc011.dat
2014-04-28 14:50 - 2011-07-06 18:20 - 00121640 _____ () C:\Windows\system32\perfc012.dat
2014-04-28 14:50 - 2011-07-06 18:20 - 00121212 _____ () C:\Windows\system32\prfc0804.dat
2014-04-28 14:50 - 2011-07-06 18:20 - 00116298 _____ () C:\Windows\system32\prfc0404.dat
2014-04-28 14:50 - 2009-07-14 01:13 - 02881456 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-28 14:45 - 2014-04-28 14:47 - 00688992 ____R (Swearware) C:\Users\matt.baun\Desktop\dds.com
2014-04-28 09:40 - 2014-03-24 16:37 - 00010225 _____ () C:\Users\matt.baun\Documents\NEWSOFT
2014-04-28 06:38 - 2009-07-14 00:45 - 00012272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 06:38 - 2009-07-14 00:45 - 00012272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-25 14:34 - 2013-12-12 16:40 - 00000000 ____D () C:\Users\matt.baun\Tracing
2014-04-25 14:28 - 2014-04-25 14:28 - 00000056 _____ () C:\Windows\setupact.log
2014-04-25 14:28 - 2014-04-25 14:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-25 14:28 - 2012-02-02 09:14 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-04-25 14:28 - 2012-01-26 08:56 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-04-25 14:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-25 12:15 - 2013-04-17 09:08 - 00000157 __RSH () C:\ProgramData\3002.xml
2014-04-25 11:51 - 2014-04-14 13:41 - 00000000 ____D () C:\AdwCleaner
2014-04-25 11:42 - 2014-04-25 11:43 - 01365865 _____ () C:\Users\matt.baun\Desktop\AdwCleaner.exe
2014-04-25 11:35 - 2014-04-25 11:35 - 00000635 _____ () C:\Users\matt.baun\Desktop\JRT.txt
2014-04-25 11:15 - 2014-04-25 11:11 - 00002436 _____ () C:\Users\matt.baun\Desktop\Rkill.txt
2014-04-24 12:15 - 2011-07-07 09:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-24 12:14 - 2013-08-14 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-04-23 15:59 - 2014-04-23 15:59 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-23 15:59 - 2014-04-23 15:59 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-23 15:59 - 2014-04-23 15:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-23 15:45 - 2014-04-23 15:48 - 04787368 _____ (Piriform Ltd) C:\Users\matt.baun\Desktop\ccsetup412.exe
2014-04-17 23:30 - 2013-04-17 09:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-17 23:30 - 2013-04-17 09:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-17 23:30 - 2011-12-08 08:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-17 13:32 - 2013-12-14 21:52 - 00000000 ____D () C:\Users\matt.baun\Documents\THI Laptop Backup - 12-December-2013
2014-04-15 22:39 - 2014-04-15 22:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-15 22:39 - 2014-04-15 22:39 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-15 22:39 - 2014-04-15 22:39 - 00000000 ____D () C:\Users\matt.baun\AppData\Roaming\AVAST Software
2014-04-15 22:39 - 2014-04-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-15 22:39 - 2014-04-15 22:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 22:38 - 2014-04-15 22:38 - 00000000 ____D () C:\Users\matt.baun\AppData\Local\Google
2014-04-15 22:37 - 2014-04-15 22:38 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-15 22:37 - 2014-04-15 22:38 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-15 22:37 - 2014-04-15 22:38 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-15 22:37 - 2014-04-15 22:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-15 22:37 - 2014-04-15 22:38 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-15 22:37 - 2014-04-15 22:38 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-15 22:37 - 2014-04-15 22:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-15 22:37 - 2014-04-15 22:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-15 22:37 - 2014-04-15 22:37 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-15 22:37 - 2014-04-15 22:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-15 22:37 - 2014-04-15 22:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-15 22:32 - 2014-04-15 22:36 - 88551496 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup.exe
2014-04-15 22:32 - 2014-04-15 22:36 - 88551496 _____ (AVAST Software) C:\Users\matt.baun\Desktop\avast_free_antivirus_setup.exe
2014-04-15 07:37 - 2014-04-15 07:37 - 00000000 ____D () C:\Users\matt.baun\AppData\Roaming\WirelessManager
2014-04-15 06:02 - 2014-04-15 06:02 - 00000000 ____D () C:\Windows\ERUNT
2014-04-15 05:59 - 2014-04-15 06:01 - 01016261 _____ (Thisisu) C:\Users\matt.baun\Desktop\JRT.exe
2014-04-14 21:37 - 2014-04-14 21:47 - 00448512 _____ (OldTimer Tools) C:\Users\matt.baun\Desktop\TFC.exe
2014-04-14 10:23 - 2014-01-07 14:17 - 00000000 ____D () C:\Users\matt.baun\AppData\Roaming\Canon
2014-04-12 12:24 - 2014-04-12 12:30 - 00982016 _____ (Farbar) C:\Users\matt.baun\Desktop\MiniToolBox.exe
2014-04-12 12:17 - 2014-04-12 12:17 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-04-12 12:17 - 2014-04-12 12:17 - 00000000 ____D () C:\Program Files\Speccy
2014-04-12 12:15 - 2013-12-12 16:39 - 00000000 ___RD () C:\Users\matt.baun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-12 12:13 - 2014-04-12 12:17 - 04845384 _____ (Piriform Ltd) C:\Users\matt.baun\Desktop\spsetup125.exe
2014-04-12 12:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-11 16:08 - 2014-04-13 19:01 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\matt.baun\Desktop\rkill.exe
2014-04-11 12:48 - 2014-04-11 12:47 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 12:48 - 2014-04-11 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-04-11 12:48 - 2014-04-11 12:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-10 13:03 - 2014-04-11 18:40 - 02347384 _____ (ESET) C:\Users\matt.baun\Desktop\esetsmartinstaller_enu.exe
2014-04-09 08:57 - 2013-12-12 16:40 - 00111944 _____ () C:\Users\matt.baun\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 08:49 - 2009-07-14 00:45 - 00435136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 01:06 - 2014-04-07 15:22 - 00000000 ____D () C:\Qoobox
2014-04-08 01:05 - 2014-04-08 01:05 - 00142836 _____ () C:\ComboFix.txt
2014-04-08 01:05 - 2014-04-07 22:28 - 00000000 ____D () C:\ComboFix
2014-04-07 22:50 - 2014-04-07 15:20 - 00000000 ____D () C:\Windows\erdnt
2014-04-07 22:39 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini

Alureon:
C:\Users\matt.baun\AppData\Local\Temp\suknvyv\sptiiuq\wow.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-19 00:14

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by matt.baun at 2014-04-28 16:11:31
Running from C:\Users\matt.baun\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: System Center 2012 Endpoint Protection (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: System Center 2012 Endpoint Protection (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon MP Navigator 2.2 (HKLM-x32\...\MP Navigator 2.2) (Version:  - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Computrace (HKLM-x32\...\{BB3E4A6C-7355-4A22-BED5-E43DEFFB5FFF}) (Version: 8.0.893 - Absolute Software Inc.)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9D8D67FD-8FAB-4B98-A121-4CFA10380058}) (Version:  - Microsoft)
Dell Client System Update (HKLM-x32\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.3 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}) (Version: 2.0.20.159 - Broadcom Corporation)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.3.3.2 - Dell)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.112 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GoToMeeting 6.2.0.1350 (HKCU\...\GoToMeeting) (Version: 6.2.0.1350 - CitrixOnline)
IBM System i Access for Windows V6R1M0 (HKLM\...\{164EB883-354E-4290-AD76-67CEE65403A3}) (Version: 06.01.0001 - IBM)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MATLAB® Compiler Runtime 7.10 (HKLM-x32\...\{A4FEEED3-51B4-4BBA-ACB2-8820EED93C52}) (Version: 7.10 - The MathWorks)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8410.2 - Microsoft Corporation) Hidden
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 (HKLM-x32\...\{6a7351d4-99b9-4be8-99a6-f70b825c119e}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 x64 (HKLM\...\{FD8A2518-A9D7-449E-ADA0-33F2F7FA83AA}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft Application Virtualization Client en-US Language Pack x64 (HKLM\...\{DB175F28-FD1E-4C26-A073-8264FC77103F}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft Conferencing Add-in for Microsoft Office Outlook (HKLM-x32\...\{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 2.2.0903.0 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{BE66348A-E83F-4982-941F-DFF2F742B851}) (Version: 8.0.6362.143 - Microsoft Corporation)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.2.0903.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Presto! PageManager (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Center 2012 Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 2.2.903.0 - Microsoft Corporation)
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (HKLM-x32\...\{90150000-0015-0409-0000-0000000FF1CE}_Office15.PROPLUS_{104D0AEE-BC85-4FFB-8BD8-D95A850D7A4D}) (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FB31ABE4-BB41-4E9A-A252-1A4BC9DC8C43}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90060D4D-6BB2-4B29-B804-3C23563EEA6B}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F15AA550-A0B9-44AD-9067-2294CCA51F1C}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{AC57CF13-C24E-4C00-969F-5394DAE589C5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6764E50D-D076-41BC-B069-08DD488AE88B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6764E50D-D076-41BC-B069-08DD488AE88B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E9F5EDF4-654C-40A3-8181-D558AD8EFFE6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4F307363-49DA-4AE7-9D9D-DAA1FF59274F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6E6B2968-B9D7-40C9-9FC2-8E729DDBB39C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4F8AD68D-9F41-446E-AA81-C43BF88671BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BCD0EA38-A8FB-4F3D-B04E-DFFB38BC7849}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9E03AB38-EF60-4DE6-92FB-656E23403BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E58009CD-D950-4CAE-89B4-E97C3B78319B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{03FC8649-9511-4FB1-BE34-67A442505DCF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{A07ABCD5-4CAF-4493-A591-A6233EF13C7F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B9A3A7A7-8B5B-4D07-9816-80EE2EA5B9B7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{670559E6-5725-4B84-A16C-0859771F25DE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5EFADE14-CE0B-43BF-ADD2-850FCB79485F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BC369230-B0E0-4BB0-82D6-E93196060BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{2D355F71-076A-42AD-8747-6132105441F4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{2D355F71-076A-42AD-8747-6132105441F4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E458713D-E208-4098-A155-EA1152F9B301}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E458713D-E208-4098-A155-EA1152F9B301}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FD782270-0456-4B87-AC5E-C6EE2D063C48}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{C5CF8938-646A-41A5-A4E6-6EEE4205CBA4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F75F8521-118D-4DE2-927F-073BE7B6DC7F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{E11A0DDD-9F6D-49C6-8F02-850D44DD7639}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{E6D73E98-906E-4520-99B6-FA1647EC2DAE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96754DD8-5AF9-4CF8-A5A9-19770CD9AFBC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8AEAF88E-A488-4C1E-B10D-F00143BA650F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4E47A3B9-D863-4CE7-9488-847F2981361B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4E47A3B9-D863-4CE7-9488-847F2981361B}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{48D4C003-065C-460C-A864-BB18A159F3D6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6022B459-32A4-4318-A9A4-815C0BCEF977}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{84AA6F34-E9B5-46EC-BFE6-AFB45509AF40}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA8215E2-4E68-4BCA-BBEB-D4ED8140F037}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA8215E2-4E68-4BCA-BBEB-D4ED8140F037}) (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DFC72135-28F1-48CD-B39A-AD28ED0AFEF5}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{696ACAB0-DCE3-4050-849A-629CE94A9E3A}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{166909FC-6736-4EE5-9491-1BF9A4EE84E7}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2863909) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FF3BD143-BA46-4948-A71F-5B07AA1706BB}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

==================== Restore Points  =========================

27-04-2014 18:34:28 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16525FC3-4967-4483-9482-011FF50B2F2D} - System32\Tasks\G2MUpdateTask-S-1-5-21-418261387-2898494671-325862144-34710 => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-03-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {440D9CEC-313D-48D4-B1B8-4F3111F37CE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {45E69765-5B64-4756-939F-2989453116D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {57E2AD4A-4CD3-44C5-8D83-C4EE0E362D3A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {6639E353-EE97-4FD6-9A6E-F0F3A92EB334} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {80406281-5675-413F-A456-8A7D4AD57D49} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-09-02] (Microsoft Corporation)
Task: {997CAA43-6F31-4FFB-9F39-2A5C48495AC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C28B2F7C-C18A-4A2D-B706-55467F817793} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-15] (AVAST Software)
Task: {D19C648C-A40A-460E-A4C0-085A06573C35} - System32\Tasks\{77836D4A-5AFA-4F65-A6D1-A6A9FA119F59} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {D91B6C7F-B957-4D83-89C1-D68C5D7463FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-17] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-418261387-2898494671-325862144-34710.job => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-01-07 15:13 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2014-01-07 15:14 - 2012-09-18 16:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-01-07 15:13 - 2012-09-18 16:27 - 03162624 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2014-01-07 15:13 - 2012-09-18 16:27 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2012-01-17 07:45 - 2012-01-17 07:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 07:45 - 2012-01-17 07:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-08 22:56 - 2011-10-08 22:56 - 00003072 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-11-07 07:55 - 2011-11-07 07:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-08 15:42 - 2012-07-05 12:15 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-08 15:41 - 2012-07-05 12:15 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2011-07-06 19:44 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2014-03-12 20:07 - 2014-03-12 20:07 - 08884904 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-10-15 19:08 - 2010-10-15 19:08 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-06 21:25 - 2011-07-25 10:43 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-07 12:41 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2014-01-07 12:41 - 2006-09-19 17:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2014-04-25 05:51 - 2014-04-25 05:51 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042500\algo.dll
2014-04-25 14:29 - 2014-04-25 14:29 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042501\algo.dll
2014-04-28 06:54 - 2014-04-28 06:54 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042800\algo.dll
2014-04-15 22:37 - 2014-04-15 22:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-19 13:56 - 2013-07-19 13:56 - 01027240 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 20:32 - 2012-10-01 20:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2014 02:34:02 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/28/2014 06:33:58 AM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/27/2014 10:33:56 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/27/2014 02:33:56 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/27/2014 06:33:57 AM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/26/2014 10:33:52 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/26/2014 02:33:52 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/26/2014 06:33:51 AM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/25/2014 10:33:49 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/25/2014 02:33:51 PM) (Source: AutoEnrollment) (User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

System errors:
=============
Error: (04/28/2014 03:50:09 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (04/28/2014 02:38:49 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/28/2014 02:33:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.173.757.0

 Update Source: %NT AUTHORITY49

 Update Stage: 3.0.8410.00

 Source Path: 3.0.8410.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (04/28/2014 10:38:23 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/28/2014 06:37:52 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/28/2014 06:33:44 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.173.727.0

 Update Source: %NT AUTHORITY49

 Update Stage: 3.0.8410.00

 Source Path: 3.0.8410.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (04/28/2014 02:37:27 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/27/2014 10:36:59 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/27/2014 10:33:41 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.173.700.0

 Update Source: %NT AUTHORITY49

 Update Stage: 3.0.8410.00

 Source Path: 3.0.8410.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (04/27/2014 06:36:24 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Microsoft Office Sessions:
=========================
Error: (04/28/2014 02:34:02 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/28/2014 06:33:58 AM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/27/2014 10:33:56 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/27/2014 02:33:56 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/27/2014 06:33:57 AM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/26/2014 10:33:52 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/26/2014 02:33:52 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/26/2014 06:33:51 AM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/25/2014 10:33:49 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

Error: (04/25/2014 02:33:51 PM) (Source: AutoEnrollment)(User: )
Description: US\matt.baun0x8007003aThe specified server cannot perform the requested operation.

==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 3976.9 MB
Available physical RAM: 1507.28 MB
Total Pagefile: 7951.98 MB
Available Pagefile: 4402.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.32 GB) (Free:108.54 GB) NTFS
Drive e: (VCR2007) (Removable) (Total:0.47 GB) (Free:0.13 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 13C9CC37)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 481 MB) (Disk ID: 00440208)
Partition 1: (Active) - (Size=481 MB) - (Type=06)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 PM

Posted 28 April 2014 - 03:28 PM

Hi,
 
 
Please download the following file => [attachment=149857:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#5 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 29 April 2014 - 12:14 PM

Hi Georgi,

 

For some reason, my computer, the website, or a combination of the two, is seizing up everytime I try to post the Fixlog.  It is a pretty substantial text file (8644 KB).  I even tried posting it using a different PC, to no avail.  Any suggestions?

 

Thanks,

 

Matt



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 PM

Posted 29 April 2014 - 11:49 PM

Hello Matt,

 

Try to upload the log here => http://www.filedropper.com/ and then post the link to the log in your next reply. :)

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#7 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 30 April 2014 - 06:30 AM

Thank again, Georgi!

 

Let me know if this works.  Here is the link:

 

http://www.filedropper.com/fixlog

 

Matt



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 PM

Posted 01 May 2014 - 07:41 AM

Hi Matt,

 

Unfortunately the link to the log has expired... Can you please try upload it again?

 

Thank you! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 01 May 2014 - 10:56 AM

So File Dropper wasn't providing me with a link after the upload.  So, I tried a similar website called Bayfiles.

 

Let me know if this works.  Here is the link:

 

http://bayfiles.net/file/1d4m1/nqUViy/Fixlog.txt

 

Matt



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 PM

Posted 01 May 2014 - 02:37 PM

Hi Matt,

 

Nice work! We managed to clean the remnants from the infection. :)

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.1.1004.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 01 May 2014 - 08:53 PM

Thanks Georgi!

 

Here is the Rkill log:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/01/2014 09:45:00 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\srvany.exe (PID: 2872) [WD-HEUR]
* C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (PID: 4632) [WD-HEUR]
* C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (PID: 4664) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 05/01/2014 09:46:44 PM
Execution time: 0 hours(s), 1 minute(s), and 44 seconds(s)



#12 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 01 May 2014 - 09:00 PM

Here is the RogueKillerX64 report:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : matt.baun [Admin rights]
Mode : Scan -- Date : 05/01/2014 21:55:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : QCDsoft Update (regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll [7][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-418261387-2898494671-325862144-34710\[...]\Run : QCDsoft Update (regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll [7][x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume3\Users\matt.baun\AppData\Local\Temp\suknvyv\sptiiuq\wow.dll [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94438A0)
[Address] EAT @explorer.exe (WlanConnect) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446D10)
[Address] EAT @explorer.exe (WlanDisconnect) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94457E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9443A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448394)
[Address] EAT @explorer.exe (WlanFreeMemory) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445268)
[Address] EAT @explorer.exe (WlanGetProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94499D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94494D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94491EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94492A4)
[Address] EAT @explorer.exe (WlanIhvControl) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9441960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9443EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94487D0)
[Address] EAT @explorer.exe (WlanScan) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9443D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444470)
[Address] EAT @explorer.exe (WlanSetProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94478A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94471A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94481B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HTS723232A7A364 +++++
--- User ---
[MBR] b84040e1ed23c9501743e67b66f5c6f8
[BSP] 9bf78d591300e12dde2bb1d5a4ea6d03 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 752 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1622016 | Size: 304452 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Flash Disk USB Device +++++
--- User ---
[MBR] 70bce030d66d257a20e45643538c64c3
[BSP] e5b0575171a5b5a008de814ee70112ba : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 480 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05012014_215558.txt >>

 

 



#13 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 02 May 2014 - 06:48 AM

Hey Georgi!

 

When RogueKillerX64 finished, it says, "Scan finished.  Please look at the different tabs and delete items with the buttons."  How do I know what I should and shouldn't delete?

 

Thanks,

 

Matt



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:25 PM

Posted 03 May 2014 - 05:12 PM

Hello Matt,

 

Sorry for the delay. There was a massive electric storm and I had to keep my computer turned off.

 

Please re-run RogueKiller.
Wait until Prescan has finished.
Click on Scan.
Now click the Registry tab and locate this:
 

[RUN][SUSP PATH] HKCU\[...]\Run : QCDsoft Update (regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll [7][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-418261387-2898494671-325862144-34710\[...]\Run : QCDsoft Update (regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll [7][x]) -> FOUND
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume3\Users\matt.baun\AppData\Local\Temp\suknvyv\sptiiuq\wow.dll [x]) -> FOUND

Place a checkmark on it, leave the others unchecked.
Now press the Delete button.
If asked to restart the computer, please do so immediately.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Post the log in your next reply.
 

 

Regards,

Georgi


cXfZ4wS.png


#15 mjb2066

mjb2066
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 03 May 2014 - 09:37 PM

No worries Georgi!  Thanks for all of your help!

 

Here is the next RogueKillerX64 report:

 

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : matt.baun [Admin rights]
Mode : Remove -- Date : 05/03/2014 22:33:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : QCDsoft Update (regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll [7][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-418261387-2898494671-325862144-34710\[...]\Run : QCDsoft Update (regsvr32.exe C:\Users\matt.baun\AppData\Local\QCDsoft\prl_umdd.dll [7][x]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NOT SELECTED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NOT SELECTED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
[HJ INPROC][SUSP PATH] HKCR\[...]\InprocServer32 :  (\\?\globalroot\Device\HarddiskVolume3\Users\matt.baun\AppData\Local\Temp\suknvyv\sptiiuq\wow.dll [x]) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (WlanAllocateMemory) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448AC8)
[Address] EAT @explorer.exe (WlanCloseHandle) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94438A0)
[Address] EAT @explorer.exe (WlanConnect) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445558)
[Address] EAT @explorer.exe (WlanDeleteProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446D10)
[Address] EAT @explorer.exe (WlanDisconnect) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94457E8)
[Address] EAT @explorer.exe (WlanEnumInterfaces) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9443A80)
[Address] EAT @explorer.exe (WlanExtractPsdIEDataList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448394)
[Address] EAT @explorer.exe (WlanFreeMemory) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944A5A0)
[Address] EAT @explorer.exe (WlanGetAvailableNetworkList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444F88)
[Address] EAT @explorer.exe (WlanGetFilterList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447F9C)
[Address] EAT @explorer.exe (WlanGetInterfaceCapability) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444188)
[Address] EAT @explorer.exe (WlanGetNetworkBssList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445268)
[Address] EAT @explorer.exe (WlanGetProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446A20)
[Address] EAT @explorer.exe (WlanGetProfileCustomUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447B1C)
[Address] EAT @explorer.exe (WlanGetProfileList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447404)
[Address] EAT @explorer.exe (WlanGetSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448D88)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStart) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944935C)
[Address] EAT @explorer.exe (WlanHostedNetworkForceStop) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449418)
[Address] EAT @explorer.exe (WlanHostedNetworkInitSettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94499D8)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryProperty) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94494D4)
[Address] EAT @explorer.exe (WlanHostedNetworkQuerySecondaryKey) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944A020)
[Address] EAT @explorer.exe (WlanHostedNetworkQueryStatus) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449B50)
[Address] EAT @explorer.exe (WlanHostedNetworkRefreshSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449A94)
[Address] EAT @explorer.exe (WlanHostedNetworkSetProperty) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449744)
[Address] EAT @explorer.exe (WlanHostedNetworkSetSecondaryKey) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9449D78)
[Address] EAT @explorer.exe (WlanHostedNetworkStartUsing) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94491EC)
[Address] EAT @explorer.exe (WlanHostedNetworkStopUsing) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94492A4)
[Address] EAT @explorer.exe (WlanIhvControl) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444A00)
[Address] EAT @explorer.exe (WlanOpenHandle) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9441960)
[Address] EAT @explorer.exe (WlanQueryAutoConfigParameter) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9443EE8)
[Address] EAT @explorer.exe (WlanQueryInterface) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444668)
[Address] EAT @explorer.exe (WlanReasonCodeToString) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448A54)
[Address] EAT @explorer.exe (WlanRegisterNotification) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445A08)
[Address] EAT @explorer.exe (WlanRegisterVirtualStationNotification) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF944A358)
[Address] EAT @explorer.exe (WlanRenameProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446F4C)
[Address] EAT @explorer.exe (WlanSaveTemporaryProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94487D0)
[Address] EAT @explorer.exe (WlanScan) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444D40)
[Address] EAT @explorer.exe (WlanSetAutoConfigParameter) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9443D10)
[Address] EAT @explorer.exe (WlanSetFilterList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447DCC)
[Address] EAT @explorer.exe (WlanSetInterface) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9444470)
[Address] EAT @explorer.exe (WlanSetProfile) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9446760)
[Address] EAT @explorer.exe (WlanSetProfileCustomUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94478A4)
[Address] EAT @explorer.exe (WlanSetProfileEapUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445CC4)
[Address] EAT @explorer.exe (WlanSetProfileEapXmlUserData) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9445F9C)
[Address] EAT @explorer.exe (WlanSetProfileList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94471A8)
[Address] EAT @explorer.exe (WlanSetProfilePosition) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9447644)
[Address] EAT @explorer.exe (WlanSetPsdIEDataList) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF94481B0)
[Address] EAT @explorer.exe (WlanSetSecuritySettings) : wlanutil.dll -> HOOKED (C:\Windows\system32\Wlanapi.dll @ 0xF9448B58)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HTS723232A7A364 +++++
--- User ---
[MBR] b84040e1ed23c9501743e67b66f5c6f8
[BSP] 9bf78d591300e12dde2bb1d5a4ea6d03 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 752 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1622016 | Size: 304452 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Flash Disk USB Device +++++
--- User ---
[MBR] 70bce030d66d257a20e45643538c64c3
[BSP] e5b0575171a5b5a008de814ee70112ba : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 480 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_05032014_223335.txt >>
RKreport[0]_S_05012014_215558.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users