Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rpcss.dll Malware detected and blocked Malwarebytes


  • This topic is locked This topic is locked
3 replies to this topic

#1 arrdvarks

arrdvarks

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 12 August 2014 - 08:37 PM

Trojan.Zekos.Patched. I believe this may be the same issue as this topic. http://www.bleepingcomputer.com/forums/t/530706/rpcssdll-infected-with-virus-system-randomly-broadcasts-ads/

 

Any advice would be greatly appreciated. 

***********************************************************

****************First Scan******************************

***********************************************************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by user (administrator) on APR2012-TABLET on 12-08-2014 21:03:07
Running from C:\Users\user\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Softex Inc.) C:\Program Files\Softex\OmniPass\OmniServ.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
( ) C:\Windows\System32\dkabcoms.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
(Sonix) C:\Windows\vsnp2uvc.exe
() C:\Windows\snuvcdsm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
(Softex Inc.) C:\Program Files\Softex\OmniPass\scureapp.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Softex\OmniPass\Hook\OpHook32BitProcess.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(Fujitsu America, Inc.) C:\Program Files\Fujitsu\Utils\FjDspMon.exe
(Fujitsu America, Inc.) C:\Program Files\Fujitsu\Utils\FjEvents.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Fujitsu America, Inc.) C:\Program Files\Fujitsu\Utils\FjLidMon.exe
(Fujitsu Computer Systems Corporation) C:\Program Files\Fujitsu\Utils\fjmnuico.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files\Softex\OmniPass\opvapp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Managed Antivirus) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(GFI Software) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Wacom Technology, Inc) C:\Program Files\Tablet\CalibrationAssistant.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [73840 2011-03-11] (FUJITSU LIMITED)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [200552 2011-01-12] (FUJITSU LIMITED)
HKLM\...\Run: [FJBATAID2] => C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe [124776 2010-10-29] (FUJITSU LIMITED)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [FjStrtAp] => C:\Program Files\Fujitsu\Utils\FjStrtAp.exe [19800 2010-12-09] (Fujitsu America, Inc..)
HKLM\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM\...\Run: [SNUVCDSM] => C:\windows\snuvcdsm.exe [24576 2011-02-17] ()
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-03-30] (Intel® Corporation)
HKLM\...\Run: [ATSwpNav] => "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
HKLM\...\Run: [OmniPass] => C:\Program Files\Softex\OmniPass\scureapp.exe [4213248 2011-02-16] (Softex Inc.)
HKLM\...\Run: [FJAutoR] => C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe [87912 2010-08-31] (FUJITSU LIMITED)
HKLM\...\Run: [SSUtility] => C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe [273256 2010-08-16] (FUJITSU LIMITED)
HKLM\...\Run: [FJUPDNV_Chitose] => C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe [157184 2010-01-13] (FUJITSU LIMITED)
HKLM\...\Run: [SonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2010-06-22] (SonicWALL Inc.)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)
HKLM-x32\...\Run: [StartFujitsuPointingDeviceUtility] => C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [85104 2011-02-02] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-02-02] (Intel Corporation)
HKLM-x32\...\Run: [snp2uvc] => C:\windows\vsnp2uvc.exe [662016 2009-08-13] (Sonix)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-03-04] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-03-04] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe [1627504 2011-10-12] (Managed Antivirus)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-29] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe [531848 2014-03-12] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.us.fujitsu.com/support
BHO: TicToaCoupon -> {5EF89D71-D502-4499-4ADA-4C815161CDCC} -> C:\ProgramData\TicToaCoupon\enu64FdP.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://webvpn.childrensdayton.org/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://webvpn.childrensdayton.org/+CSCOL+/relayp.cab
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://pbsiemr.caropeds.com:4433/NELX.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [2155520 2012-11-21] (Remote Monitoring) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [515072 2010-11-20] (Microsoft Corporation) [File not signed]
R2 dkab_device; C:\windows\system32\DKabcoms.exe [1055040 2010-08-03] ( )
R2 dkab_device; C:\windows\SysWOW64\DKabcoms.exe [603456 2010-08-03] ( )
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [73840 2011-03-11] (FUJITSU LIMITED)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe [118640 2012-07-17] (GFI Software Development Ltd.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-03-30] ()
R2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [42496 2011-02-16] (Softex Inc.) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
R2 RpcSs; C:\Windows\system32\rpcss.dll [515072 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe [2804312 2011-10-12] (GFI Software)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [498560 2010-06-22] (SonicWALL Inc.)
R2 TabletServiceISD; C:\Program Files\Tablet\ISD\ISD_Tablet.exe [5640048 2011-02-23] (Wacom Technology, Corp.)
R2 UpdateNaviInstallService; C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [14336 2009-09-30] (FUJITSU LIMITED) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [131112 2010-10-04] (Broadcom Corporation.)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 Fjbtndrv; C:\Windows\system32\drivers\FjBtnDrv.sys [23040 2009-08-27] (Fujitsu America, Inc.)
R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [15208 2010-09-28] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2009-10-21] (SonicWALL Inc.)
R1 SBRE; C:\windows\SysWOW64\drivers\SBREdrv.sys [101624 2011-08-30] (GFI Software)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1801216 2010-10-09] ()
S3 swg3kflt03; C:\Windows\system32\drivers\swg3kflt03.sys [34304 2011-03-08] (Sierra Wireless Incorporated)
S3 swg3knmea03; C:\Windows\system32\drivers\swg3knmea03.sys [256384 2011-03-08] (Sierra Wireless Incorporated)
S3 swg3kser03; C:\Windows\system32\drivers\swg3kser03.sys [256384 2011-03-08] (Sierra Wireless Incorporated)
S3 swibus03; C:\Windows\system32\drivers\swibus03.sys [73216 2011-03-08] (Sierra Wireless Inc.)
S3 swibusflt03; C:\Windows\system32\drivers\swibusflt03.sys [73216 2011-03-08] (Sierra Wireless Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 21:03 - 2014-08-12 21:03 - 00018396 _____ () C:\Users\user\Desktop\FRST.txt
2014-08-12 21:02 - 2014-08-12 21:03 - 00000000 ____D () C:\FRST
2014-08-12 21:02 - 2014-08-12 20:48 - 02100224 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-08-12 20:42 - 2014-08-12 20:43 - 00001666 _____ () C:\Users\user\Desktop\Rkill.txt
2014-08-12 20:34 - 2014-08-12 21:03 - 00054272 _____ () C:\windows\system32\iejb.bvj
2014-08-12 20:15 - 2014-08-12 20:51 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 20:14 - 2014-08-12 20:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 20:14 - 2014-08-12 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 20:14 - 2014-08-12 20:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 20:14 - 2014-08-12 20:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 20:14 - 2014-05-12 07:35 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-12 20:14 - 2014-05-12 07:35 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-12 20:14 - 2014-05-12 07:35 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-12 20:09 - 2014-08-12 20:09 - 00001059 _____ () C:\Users\user\Desktop\JRT.txt
2014-08-12 20:02 - 2014-08-12 20:02 - 00000000 ____D () C:\windows\ERUNT
2014-08-12 19:50 - 2014-08-12 20:46 - 00000000 ____D () C:\AdwCleaner
2014-08-12 12:14 - 2014-08-12 12:14 - 00001682 _____ () C:\windows\SysWOW64\EmailAVConfig.xml
2014-08-06 14:25 - 2014-08-06 14:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\Managed Antivirus
2014-08-06 14:25 - 2014-08-06 14:25 - 00000000 ____D () C:\ProgramData\Managed Antivirus
2014-08-06 14:25 - 2011-10-12 12:29 - 00045936 _____ (GFI Software) C:\windows\system32\sbbd.exe
2014-08-06 14:25 - 2011-08-30 06:56 - 00055416 _____ (GFI Software) C:\windows\system32\Drivers\sbredrv.sys
2014-08-06 13:57 - 2014-08-12 11:56 - 00000000 ____D () C:\windows\Patches
2014-08-06 13:27 - 2014-08-06 13:27 - 00000000 ____D () C:\ProgramData\GFI
2014-08-04 13:01 - 2014-08-12 20:37 - 00000000 ____D () C:\ProgramData\TicToaCoupon
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 21:03 - 2014-08-12 21:03 - 00018396 _____ () C:\Users\user\Desktop\FRST.txt
2014-08-12 21:03 - 2014-08-12 21:02 - 00000000 ____D () C:\FRST
2014-08-12 21:03 - 2014-08-12 20:34 - 00054272 _____ () C:\windows\system32\iejb.bvj
2014-08-12 21:03 - 2014-04-17 09:23 - 00000316 _____ () C:\windows\system32\kugl.pdt
2014-08-12 20:58 - 2014-04-17 09:34 - 00000075 _____ () C:\windows\system32\ukazrn.khh
2014-08-12 20:57 - 2009-07-14 00:45 - 00017616 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 20:57 - 2009-07-14 00:45 - 00017616 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 20:54 - 2013-02-26 13:09 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent
2014-08-12 20:54 - 2012-04-12 16:13 - 01058780 _____ () C:\windows\WindowsUpdate.log
2014-08-12 20:53 - 2009-07-14 01:13 - 00786598 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-12 20:51 - 2014-08-12 20:15 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 20:48 - 2014-08-12 21:02 - 02100224 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-08-12 20:48 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-12 20:48 - 2009-07-14 00:51 - 00049615 _____ () C:\windows\setupact.log
2014-08-12 20:47 - 2012-04-12 16:19 - 00000000 ____D () C:\Program Files\Google
2014-08-12 20:47 - 2011-05-09 03:29 - 00321182 _____ () C:\windows\PFRO.log
2014-08-12 20:46 - 2014-08-12 19:50 - 00000000 ____D () C:\AdwCleaner
2014-08-12 20:44 - 2013-07-24 12:16 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 20:43 - 2014-08-12 20:42 - 00001666 _____ () C:\Users\user\Desktop\Rkill.txt
2014-08-12 20:37 - 2014-08-04 13:01 - 00000000 ____D () C:\ProgramData\TicToaCoupon
2014-08-12 20:34 - 2012-04-12 16:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 20:33 - 2012-04-12 16:19 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-08-12 20:33 - 2012-04-12 16:19 - 00000000 ____D () C:\ProgramData\Google
2014-08-12 20:23 - 2009-07-14 01:08 - 00032572 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-12 20:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system
2014-08-12 20:14 - 2014-08-12 20:14 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 20:14 - 2014-08-12 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 20:14 - 2014-08-12 20:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-12 20:14 - 2014-08-12 20:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 20:09 - 2014-08-12 20:09 - 00001059 _____ () C:\Users\user\Desktop\JRT.txt
2014-08-12 20:02 - 2014-08-12 20:02 - 00000000 ____D () C:\windows\ERUNT
2014-08-12 12:14 - 2014-08-12 12:14 - 00001682 _____ () C:\windows\SysWOW64\EmailAVConfig.xml
2014-08-12 11:56 - 2014-08-06 13:57 - 00000000 ____D () C:\windows\Patches
2014-08-06 14:25 - 2014-08-06 14:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\Managed Antivirus
2014-08-06 14:25 - 2014-08-06 14:25 - 00000000 ____D () C:\ProgramData\Managed Antivirus
2014-08-06 13:27 - 2014-08-06 13:27 - 00000000 ____D () C:\ProgramData\GFI
2014-08-04 13:01 - 2014-03-31 09:16 - 00000000 ____D () C:\ProgramData\a1a7f71acc938d34
2014-07-31 09:48 - 2014-02-26 10:04 - 00800096 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\1cerber.exe
C:\Users\user\AppData\Local\Temp\BackupSetup.exe
C:\Users\user\AppData\Local\Temp\csvrelay32.dll
C:\Users\user\AppData\Local\Temp\csvrelay64.dll
C:\Users\user\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\Relay.dll
C:\Users\user\AppData\Local\Temp\RelayL.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2012-04-18 12:00] - [2010-11-20 09:27] - 0515072 ____N (Microsoft Corporation) 14C74D086638904F600D326D9E5B42B7
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-12 11:46
 
==================== End Of Log ============================
 
 
*******************************************************
**************Addition*******************************
*******************************************************
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by user at 2014-08-12 21:03:51
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Managed Antivirus Managed Antivirus (Enabled - Up to date) {445B48C3-0FA4-6B16-8F07-6506F305D800}
AS: Managed Antivirus Managed Antivirus (Enabled - Up to date) {FF3AA927-299E-6498-B5B7-5E74888292BD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Advanced Monitoring Agent (HKLM-x32\...\Advanced Monitoring Agent_is1) (Version:  - )
Anytime USB Charge Utility (HKLM-x32\...\{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}) (Version: 1.00.00.001 - FUJITSU LIMITED)
AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.8.35 - AuthenTec, Inc.)
Auto Rotation Utility (HKLM-x32\...\InstallShield_{9D90DF69-ABFF-4A8D-8B0D-27FA46509DE3}) (Version: 1.01.00.000 - FUJITSU LIMITED)
Auto Rotation Utility (Version: 1.01.00.000 - FUJITSU LIMITED) Hidden
Battery Utility (HKLM-x32\...\{D6C5A4CA-1EE8-4C73-9679-0BC2946D1353}) (Version: 3.01.14.006 - FUJITSU LIMITED)
ClickFoOrSale (HKLM-x32\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version:  - CllickFForiSalle) <==== ATTENTION
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
couupOnpeeaek (HKLM-x32\...\{7C28DF4D-53DB-2913-830C-A43B46EAC005}) (Version:  - CoiuponpEak) <==== ATTENTION
CyberLink MakeDisc (HKLM-x32\...\InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}) (Version: 4.0.3016 - CyberLink Corp.)
CyberLink MakeDisc (x32 Version: 4.0.3016 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3622 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.3622 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3609.02 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3609.02 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3904 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3904 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Printer Software Uninstall (HKLM\...\Dell_HostCD) (Version:  - Dell, Inc.)
EXtraShopper (HKLM-x32\...\{7BCAC0EB-3993-2416-0531-848C39DF8B65}) (Version:  - ExxtraShhOpPeer)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52019.0 - Sonix)
Fujitsu Battery Swap Utility (HKLM\...\{BF925467-9E3A-492F-B80D-D8E88A282E67}) (Version: 1.0.315.2011 - Fujitsu America, Inc.)
Fujitsu Button Utilities (HKLM\...\{ED6D1938-2629-4298-9B31-8A75F7CEC8A0}) (Version: 7.05.0409.2011 - Fujitsu America, Inc.)
Fujitsu Driver Update (HKLM\...\{47BC37A3-35C8-484A-8CBD-851914EB095E}) (Version: 1.3.0012 - FUJITSU LIMITED)
Fujitsu Fingerprint Authentication Library (HKLM\...\{04724488-A91A-4638-836A-FE3913A1281D}) (Version: 1.00.49.1 - Fujitsu Limited)
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 3.01.00.001 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.001 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.2.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.4.2.0 - FUJITSU LIMITED) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeneXus Web Start Client (HKLM-x32\...\GeneXus Web Start Client) (Version:  - )
GFI LanGuard 11 Agent (x32 Version: 11.0.2012.0717 - GFI Software Ltd) Hidden
Inst5672 (Version: 7.00.61 - Softex Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2287 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{B95CFA6A-E0E0-4437-A2F0-BE0948B68946}) (Version: 14.01.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
ISD Tablet (HKLM\...\ISD Tablet Driver) (Version: 7.0.2-17 - Wacom Technology Corp.)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LiveUpdate (HKLM-x32\...\LiveUpdate) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 5.0.4464 - Managed Antivirus)
Managed Antivirus (x32 Version: 5.0.4464 - Managed Antivirus) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5CB9660D-919E-421A-AE17-DD6C925E1AF3}) (Version: 3.1.00.18 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.1.00.18 - O2Micro International LTD.) Hidden
OmniPass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 7.00.61(x64) - Softex Inc.)
OmniPass (Version: 7.00.61(x64) - Softex Inc.) Hidden
PBSIEMR (HKLM-x32\...\PBSIEMR) (Version:  - )
Pointing Device Utility (HKLM-x32\...\InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 1.0.1.0 - FUJITSU LIMITED)
Pointing Device Utility (x32 Version: 1.0.1.0 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.029 - FUJITSU LIMITED)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Creator LJ (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.1.4.8 - Roxio)
Roxio Creator LJ (x32 Version: 1.0.511 - Roxio) Hidden
Roxio Creator LJ (x32 Version: 5.0.0 - Roxio) Hidden
Security Panel Application (HKLM-x32\...\InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}) (Version: 2.5.1.0 - FUJITSU LIMITED)
Security Panel Application (x32 Version: 2.5.1.0 - FUJITSU LIMITED) Hidden
Security Panel Application for Supervisor (HKLM-x32\...\InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}) (Version: 2.5.1.0 - FUJITSU LIMITED)
Security Panel Application for Supervisor (x32 Version: 2.5.1.0 - FUJITSU LIMITED) Hidden
Shock Sensor Utility (HKLM-x32\...\InstallShield_{F33CFF0E-6684-43A8-AF99-2F1191B67152}) (Version: 4.01.32.002 - FUJITSU LIMITED)
Shock Sensor Utility (Version: 4.01.32.002 - FUJITSU LIMITED) Hidden
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\SonicWALL SSL-VPN NetExtender) (Version: 4.0.138 - SonicWALL, Inc.)
Symantec Procomm Plus (HKLM-x32\...\Procomm Plus) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TicToaCoupon (HKLM-x32\...\{E370F69F-ED3F-925F-31FC-14D1329A713B}) (Version:  - TTicTaCoupON) <==== ATTENTION
Update for Microsoft Office 2010 (KB2202188) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}) (Version:  - Microsoft)
Visual C++ 8.0 x64 Runtime Setup Package (x32 Version: 1.0.0.0 - McAfee Inc.) Hidden
Visual C++ 8.0 x86 Runtime Setup Package (x32 Version: 1.0.0.0 - McAfee Inc.) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation)
Windows Driver Package - Fujitsu America, Inc. (FjBtnDrv) HIDClass  (08/27/2009 4.2.0827.2009) (HKLM\...\C1556C282D8A9FB37C3F3925E582B76545A344EF) (Version: 08/27/2009 4.2.0827.2009 - Fujitsu America, Inc.)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
30-07-2014 21:14:56 Windows Update
31-07-2014 21:39:44 Windows Update
01-08-2014 17:50:04 Windows Update
04-08-2014 20:19:56 Windows Update
05-08-2014 21:48:16 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1FF90C8C-E326-4C4F-BA66-CDB9D5DC2B47} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {50456DCD-933C-4C11-8775-5C505BC62886} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-16 11:00 - 2011-02-16 11:00 - 00034816 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll
2011-02-16 11:00 - 2011-02-16 11:00 - 00052736 _____ () C:\Program Files\Softex\OmniPass\RandomPass.dll
2011-02-16 11:00 - 2011-02-16 11:00 - 00022016 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll
2011-02-16 11:07 - 2011-02-16 11:07 - 00640000 _____ () C:\Program Files\Softex\OmniPass\cachedrv.dll
2011-03-30 07:15 - 2011-03-30 07:15 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-02-16 11:02 - 2011-02-16 11:02 - 00065536 _____ () C:\Program Files\Softex\OmniPass\SCUREDLL.dll
2011-05-09 02:37 - 2011-01-20 14:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-09 02:36 - 2011-02-03 22:56 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-04-12 16:01 - 2011-02-17 19:10 - 00024576 _____ () C:\Windows\snuvcdsm.exe
2011-03-30 07:15 - 2011-03-30 07:15 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-10-15 19:08 - 2010-10-15 19:08 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-02-16 11:03 - 2011-02-16 11:03 - 00065536 _____ () C:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exe
2011-02-16 11:03 - 2011-02-16 11:03 - 00062976 _____ () C:\Program Files\Softex\OmniPass\opvapp.exe
2011-02-16 11:00 - 2011-02-16 11:00 - 00022016 _____ () C:\Program Files\Softex\OmniPass\Cryptodll.dll
2012-04-12 16:42 - 2009-07-06 21:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-04-12 16:46 - 2011-02-23 17:11 - 01182576 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2012-07-17 17:20 - 2012-07-17 17:20 - 00305520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\apistrings.dll
2012-07-17 17:24 - 2012-07-17 17:24 - 00159600 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\modlop.dll
2012-07-23 08:32 - 2012-07-23 08:32 - 00099184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\httpserverattplugin.dll
2013-05-23 10:05 - 2013-05-23 10:05 - 02021240 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\crmimodule.dll
2012-07-17 17:29 - 2012-07-17 17:29 - 00208752 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\patchautodownload.dll
2014-07-17 10:37 - 2014-07-17 10:37 - 00422000 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\remediationattplugin.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-21 08:05 - 2013-01-21 08:05 - 00183672 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\scanmngsys.dll
2012-07-17 17:29 - 2012-07-17 17:29 - 00049520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\schedcompactdb.dll
2012-07-17 17:29 - 2012-07-17 17:29 - 00054640 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\schedupdates.dll
2011-02-16 10:08 - 2011-02-16 10:08 - 00061440 _____ () C:\Program Files\Softex\OmniPass\hook\SCUREDLL.dll
2011-05-09 02:36 - 2011-02-03 22:56 - 00066856 _____ () C:\windows\SysWOW64\SynTPEnhPS.dll
2011-01-19 11:20 - 2011-01-19 11:20 - 00308560 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\vipre.dll
2014-08-06 14:51 - 2014-06-20 06:08 - 00192376 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libBase64.dll
2014-08-06 14:51 - 2014-06-20 06:08 - 00180088 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libMachoUniv.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (08/12/2014 08:48:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (08/12/2014 08:24:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (08/12/2014 08:23:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:22:26 PM on ‎8/‎12/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 54%
Total physical RAM: 3983.17 MB
Available physical RAM: 1818.41 MB
Total Pagefile: 7964.52 MB
Available Pagefile: 5331.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:186.34 GB) (Free:106.27 GB) NTFS
Drive d: () (Fixed) (Total:30.34 GB) (Free:30.25 GB) NTFS
Drive f: (AD-STICK) (Removable) (Total:0.49 GB) (Free:0.33 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 32CAB2FA)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 498 MB) (Disk ID: 002C64BF)
Partition 1: (Active) - (Size=498 MB) - (Type=06)
 
==================== End Of Log ============================
 
 
********************************************************
****************Search*******************************
********************************************************
 
 
Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by user at 2014-08-12 21:24:25
Running from C:\Users\user\Desktop
Boot Mode: Normal
 
================== Search Files: "rpcss.dll
" =============

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:40 AM

Posted 13 August 2014 - 06:35 AM




Hello arrdvarks

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:40 AM

Posted 17 August 2014 - 06:07 AM


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:40 AM

Posted 20 August 2014 - 06:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users