Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost*32.exe com surrogate virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 hardie024

hardie024

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 06 November 2014 - 10:24 PM

I have a virus on my PC that will not be removed by anything I've attempted.  Malwarebytes, Super Anti Spyware, AVG Rescue Disc amongst others.  Here is the FRST logs.  Please help!! Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by lisa (administrator) on LISA-PC on 06-11-2014 22:20:20
Running from C:\Users\lisa\Downloads
Loaded Profile: lisa (Available profiles: lisa & User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Elsinore Technologies, Inc.) C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.ClientService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Elsinore Technologies, Inc.) C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.WindowsClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Elsinore Technologies, Inc.) C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.WindowsClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2009-08-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2009-08-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...\Run: [TSTimer] => C:\Program Files (x86)\Timeslips\TSTimer.exe [2408448 2005-07-26] (Sage Software SB, Inc.)
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...\Run: [bcikmao] => rundll32 "C:\Users\lisa\AppData\Local\bcikmao.dll",bcikmao <===== ATTENTION
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...\MountPoints2: {0914c30e-092c-11e1-bd92-f30ea334eb14} - E:\SETUP.EXE
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\euh8s6yz.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-10]
CHR Extension: (Google Drive) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google Search) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Gmail) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ScreenConnect Client (fac4def2006ae668); C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.ClientService.exe [53208 2014-04-29] (Elsinore Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-05] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 dgdubnuw; \??\C:\Windows\system32\drivers\dgdubnuw.sys [X]
S1 dmhxlwln; \??\C:\Windows\system32\drivers\dmhxlwln.sys [X]
S1 fkuinosv; \??\C:\Windows\system32\drivers\fkuinosv.sys [X]
S1 fmoffmci; \??\C:\Windows\system32\drivers\fmoffmci.sys [X]
S1 jqqttagt; \??\C:\Windows\system32\drivers\jqqttagt.sys [X]
S1 komirwyz; \??\C:\Windows\system32\drivers\komirwyz.sys [X]
S1 paimmcot; \??\C:\Windows\system32\drivers\paimmcot.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 22:20 - 2014-11-06 22:21 - 00010131 _____ () C:\Users\lisa\Downloads\FRST.txt
2014-11-06 22:19 - 2014-11-06 22:20 - 00000000 ____D () C:\FRST
2014-11-06 22:19 - 2014-11-06 22:19 - 02114560 _____ (Farbar) C:\Users\lisa\Downloads\FRST64.exe
2014-11-06 22:17 - 2014-11-06 22:17 - 00010584 _____ () C:\Windows\PFRO.log
2014-11-06 22:17 - 2014-11-06 22:17 - 00000056 _____ () C:\Windows\setupact.log
2014-11-06 22:17 - 2014-11-06 22:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-06 21:56 - 2014-11-06 21:56 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-06 21:54 - 2014-11-06 21:54 - 00000000 ____D () C:\SUPERDelete
2014-11-06 21:02 - 2014-11-06 21:48 - 00000274 _____ () C:\Users\lisa\AppData\Roaming\INSTALL_TOR.URL
2014-11-06 21:02 - 2014-11-06 21:48 - 00000274 _____ () C:\Users\lisa\AppData\INSTALL_TOR.URL
2014-11-06 21:01 - 2014-11-06 21:01 - 00000274 _____ () C:\Users\lisa\AppData\Local\INSTALL_TOR.URL
2014-11-06 20:57 - 2014-11-06 20:57 - 00000274 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-11-06 08:30 - 2014-11-06 08:32 - 00002114 _____ () C:\Users\User\Desktop\Rkill.txt
2014-11-06 08:25 - 2014-11-06 08:25 - 00019371 _____ () C:\ComboFix.txt
2014-11-06 08:05 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-06 08:05 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-06 08:05 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-06 08:04 - 2014-11-06 08:04 - 00110168 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 08:04 - 2014-11-06 08:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2014-11-06 08:03 - 2014-11-06 08:03 - 00001417 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-06 08:03 - 2014-11-06 08:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-11-06 08:03 - 2014-11-06 08:03 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-11-06 08:03 - 2014-11-06 08:03 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2014-11-06 07:46 - 2014-11-06 07:46 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-11-06 07:46 - 2012-04-12 02:01 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-11-06 07:46 - 2011-11-07 09:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia
2014-11-06 07:46 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-06 07:46 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-05 23:35 - 2014-11-05 23:35 - 00387584 _____ () C:\Users\lisa\Downloads\rescue2usb.exe
2014-11-05 23:33 - 2014-11-05 23:37 - 310253568 _____ () C:\Users\lisa\Downloads\kav_rescue_10.iso
2014-11-05 23:33 - 2014-11-05 23:33 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-05 22:09 - 2014-11-05 22:09 - 00003050 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2014-11-05 22:06 - 2014-11-05 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
2014-11-05 22:06 - 2014-11-05 22:06 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro
2014-11-05 18:39 - 2014-11-06 20:56 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-05 09:57 - 2014-11-05 09:57 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\lisa\Downloads\tdsskiller.exe
2014-11-05 08:18 - 2014-11-05 08:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-11-05 08:05 - 2014-11-05 08:05 - 00000000 ____D () C:\Users\lisa\Documents\ScreenConnect
2014-11-05 07:51 - 2014-11-05 08:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-05 07:49 - 2014-11-05 07:51 - 11222744 _____ (SurfRight B.V.) C:\Users\lisa\Downloads\HitmanPro_x64.exe
2014-11-05 05:58 - 2014-11-06 08:24 - 00000000 ____D () C:\Windows\erdnt
2014-11-05 05:52 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-05 05:52 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-05 05:51 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-05 01:00 - 2014-11-05 05:56 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Muotxymo
2014-11-04 18:03 - 2014-11-04 18:03 - 00000000 ____D () C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)
2014-11-04 14:12 - 2014-11-04 14:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-04 14:12 - 2014-11-04 14:12 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-04 07:10 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-04 06:58 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-04 06:58 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-04 06:58 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-04 06:58 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-04 06:58 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-04 06:58 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-04 06:58 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-04 06:58 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-04 06:58 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-04 06:58 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-04 06:58 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-04 06:58 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-04 06:58 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-04 06:58 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-04 06:57 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-04 06:57 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-04 06:57 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-04 06:57 - 2012-08-23 09:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-11-04 06:57 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-04 06:57 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-11-04 06:57 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-11-04 06:57 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-11-04 06:09 - 2014-11-06 22:20 - 00606454 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 06:04 - 2014-11-04 06:04 - 01059840 _____ () C:\Users\lisa\Downloads\MicrosoftFixit50981.msi
2014-11-04 05:52 - 2014-11-04 05:52 - 00542608 _____ () C:\Users\lisa\Documents\iereg.reg
2014-11-03 22:13 - 2014-11-03 22:13 - 00006026 _____ () C:\Users\lisa\Documents\cc_20141103_221307.reg
2014-11-03 17:56 - 2014-11-06 21:04 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\SUPERAntiSpyware.com
2014-11-03 17:55 - 2014-11-06 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-03 17:55 - 2014-11-06 20:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-03 17:55 - 2014-11-03 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-03 17:53 - 2014-11-03 17:54 - 20188024 _____ (SUPERAntiSpyware) C:\Users\lisa\Downloads\SUPERAntiSpyware.exe
2014-11-03 09:11 - 2014-11-03 09:11 - 00181894 _____ () C:\Users\lisa\Documents\cc_20141103_091122.reg
2014-11-03 09:04 - 2014-11-03 09:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-03 08:42 - 2014-11-03 08:42 - 00000000 ____D () C:\Users\lisa\AppData\Local\Deployment
2014-11-03 08:42 - 2014-11-03 08:42 - 00000000 ____D () C:\Users\lisa\AppData\Local\Apps\2.0
2014-11-03 08:40 - 2014-11-03 08:41 - 00051672 _____ () C:\Users\lisa\Downloads\Elsinore.ScreenConnect.Client.exe
2014-10-30 19:47 - 2014-11-03 08:52 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-30 19:46 - 2014-11-03 08:52 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-30 19:46 - 2014-10-30 19:46 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\FrameworkUpdate7
2014-10-30 19:45 - 2014-11-06 20:31 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-27 08:46 - 2014-11-03 15:32 - 00000368 ____H () C:\Users\lisa\Documents\maxdesk.ini2
2014-10-27 08:41 - 2014-11-03 15:32 - 00000244 ____H () C:\Users\lisa\Documents\PP11Thumbs.ptn2
2014-10-27 08:40 - 2014-11-03 15:32 - 00554731 ____H () C:\Users\lisa\Documents\PP11Thumbs.ptn
2014-10-16 01:26 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 01:26 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 01:26 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 01:26 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 01:26 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 01:26 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 01:26 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 01:26 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 01:26 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 01:26 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 01:26 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 01:26 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 01:26 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 01:26 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 01:26 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 01:26 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 01:26 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 01:26 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 01:26 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 01:26 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 01:26 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 01:26 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 01:26 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 01:26 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 01:26 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 01:26 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 01:26 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 01:26 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 01:26 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 01:26 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 01:26 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 01:26 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 01:26 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 01:26 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 01:26 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 01:26 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 01:26 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 01:26 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 01:26 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 01:26 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 01:26 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 01:26 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 01:26 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 01:26 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 01:26 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 01:26 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 01:26 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 01:26 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 01:26 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 01:26 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 01:26 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 01:26 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 01:26 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 01:26 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 01:26 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 01:26 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 01:24 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 01:23 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 01:18 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 01:18 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 01:18 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 01:18 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 01:18 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:18 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:18 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 01:18 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 01:18 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 01:18 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 01:18 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:18 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 22:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 22:11 - 2011-11-07 07:19 - 00000000 ____D () C:\Users\lisa\Documents\LISA DOCS
2014-11-06 21:55 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:55 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 21:51 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 21:46 - 2014-09-03 19:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 21:40 - 2011-11-07 08:23 - 00000000 ____D () C:\Users\lisa\Documents\Outlook Files
2014-11-06 21:04 - 2014-02-22 12:32 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\TeamViewer
2014-11-06 21:04 - 2014-01-22 15:38 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Mozilla
2014-11-06 21:02 - 2014-01-22 15:38 - 00000000 ____D () C:\Users\lisa\AppData\Local\Mozilla
2014-11-06 21:02 - 2011-11-07 13:25 - 00000000 ____D () C:\Users\lisa\AppData\Local\Microsoft Games
2014-11-06 21:02 - 2011-11-07 09:32 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Adobe
2014-11-06 21:02 - 2011-11-07 07:55 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Intuit
2014-11-06 20:59 - 2013-12-10 13:16 - 00000000 ____D () C:\Users\lisa\AppData\Local\Google
2014-11-06 20:59 - 2011-11-07 07:55 - 00000000 ____D () C:\ProgramData\Intuit
2014-11-06 17:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-06 08:23 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 23:31 - 2011-11-07 07:13 - 00110168 _____ () C:\Users\lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 23:29 - 2009-07-13 23:45 - 00410960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 23:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-11-05 22:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-05 18:52 - 2011-11-07 06:23 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-11-05 18:00 - 2010-11-21 02:16 - 00000000 ____D () C:\Windows\CSC
2014-11-05 11:40 - 2009-07-14 00:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 09:58 - 2011-12-06 09:13 - 00000000 ____D () C:\Windows\pss
2014-11-05 09:20 - 2011-11-07 07:14 - 00000000 ____D () C:\Windows\AutoKMS
2014-11-04 14:12 - 2011-11-07 09:32 - 00000000 ____D () C:\Users\lisa\AppData\Local\Adobe
2014-11-04 14:12 - 2011-11-07 09:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 14:12 - 2011-11-07 09:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-04 07:04 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-04 07:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-04 06:07 - 2014-09-03 19:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 06:07 - 2014-09-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 06:07 - 2014-09-03 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 06:03 - 2011-11-07 09:09 - 00000000 ____D () C:\Windows\Panther
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 17:56 - 2013-12-10 13:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 12:34 - 2014-01-02 14:02 - 00317728 _____ () C:\Users\lisa\Desktop\G&G 2014.xlsx
2014-10-16 02:25 - 2014-01-22 15:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 02:08 - 2011-11-07 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:05 - 2013-07-26 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:00 - 2011-11-07 06:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:28

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 hardie024

hardie024
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 06 November 2014 - 10:31 PM

I should have read better.  Here are my results from the DDS scan and attached logs.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by lisa at 22:28:39 on 2014-11-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4008.2396 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.ClientService.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.WindowsClient.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.WindowsClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TSTimer] "C:\Program Files (x86)\Timeslips\TSTimer.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [bcikmao] rundll32 "C:\Users\lisa\AppData\Local\bcikmao.dll",bcikmao
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A878C2F3-2D73-4312-845F-74D1D97572C9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A878C2F3-2D73-4312-845F-74D1D97572C9}\84F6C6C69777F6F646 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A878C2F3-2D73-4312-845F-74D1D97572C9}\E44574A484 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\euh8s6yz.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-8-27 144672]
R2 ScreenConnect Client (fac4def2006ae668);ScreenConnect Client (fac4def2006ae668);C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.ClientService.exe [2014-4-29 53208]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-11-5 43664]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-4 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-11-4 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-4 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-11-4 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-8 1255736]
.
=============== Created Last 30 ================
.
2014-11-07 03:19:46    --------    d-----w-    C:\FRST
2014-11-07 02:54:32    --------    d-----w-    C:\SUPERDelete
2014-11-06 13:25:41    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-11-06 13:25:38    --------    d-----w-    C:\Users\lisa\AppData\Local\temp
2014-11-06 13:05:35    98816    ----a-w-    C:\Windows\sed.exe
2014-11-06 13:05:35    256000    ----a-w-    C:\Windows\PEV.exe
2014-11-06 13:05:35    208896    ----a-w-    C:\Windows\MBR.exe
2014-11-06 04:33:02    43664    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-11-06 03:23:04    11627712    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D3EB7AC-3553-4977-82DD-0CBEDED3F691}\mpengine.dll
2014-11-06 03:06:42    --------    d-----w-    C:\Program Files\Microsoft IntelliType Pro
2014-11-05 23:39:05    --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
2014-11-05 13:18:15    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-11-05 12:51:52    --------    d-----w-    C:\ProgramData\HitmanPro
2014-11-05 10:52:23    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-11-05 10:52:22    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-11-05 10:51:52    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-11-05 07:26:50    11627712    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-05 06:00:10    --------    d-----w-    C:\Users\lisa\AppData\Roaming\Muotxymo
2014-11-04 23:03:36    --------    d-----w-    C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)
2014-11-04 12:10:33    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-11-04 11:57:59    855552    ----a-w-    C:\Windows\SysWow64\rdvidcrl.dll
2014-11-04 11:57:59    1057280    ----a-w-    C:\Windows\System32\rdvidcrl.dll
2014-11-04 11:57:07    30208    ----a-w-    C:\Windows\System32\drivers\TsUsbGD.sys
2014-11-04 11:57:07    29696    ----a-w-    C:\Windows\System32\drivers\terminpt.sys
2014-11-04 11:57:07    19456    ----a-w-    C:\Windows\System32\drivers\rdpvideominiport.sys
2014-11-04 11:57:04    243200    ----a-w-    C:\Windows\System32\rdpudd.dll
2014-11-04 11:57:04    192000    ----a-w-    C:\Windows\SysWow64\rdpendp_winip.dll
2014-11-04 11:57:03    228864    ----a-w-    C:\Windows\System32\rdpendp_winip.dll
2014-11-04 11:56:18    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFFFBD3C-2DCA-422C-97E8-12070F32200A}\gapaengine.dll
2014-11-03 22:56:10    --------    d-----w-    C:\Users\lisa\AppData\Roaming\SUPERAntiSpyware.com
2014-11-03 22:55:48    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-11-03 22:55:48    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-11-03 14:04:03    --------    d-----w-    C:\Program Files\CCleaner
2014-11-03 13:42:06    --------    d-----w-    C:\Users\lisa\AppData\Local\Apps
2014-11-03 13:42:05    --------    d-----w-    C:\Users\lisa\AppData\Local\Deployment
2014-10-31 00:46:27    --------    d-----w-    C:\Users\lisa\AppData\Roaming\FrameworkUpdate7
2014-10-16 06:24:04    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-16 06:23:58    73880    ----a-w-    C:\Windows\System32\mscories.dll
2014-10-16 06:23:58    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-10-16 06:23:58    156824    ----a-w-    C:\Windows\SysWow64\mscorier.dll
2014-10-16 06:23:58    156312    ----a-w-    C:\Windows\System32\mscorier.dll
2014-10-16 06:23:58    1131664    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-10-16 06:23:57    81560    ----a-w-    C:\Windows\SysWow64\mscories.dll
.
==================== Find3M  ====================
.
2014-11-07 02:46:34    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-01 16:11:26    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-10-01 16:11:16    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-25 22:32:04    2017280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02    2108416    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-23 20:45:15    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 20:45:15    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57    5829632    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12    4201472    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-19 00:18:55    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-09-13 01:40:05    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 22:29:18.34 ===============
 

 



#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:16 AM

Posted 07 November 2014 - 02:59 PM

Hi hardie024 and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 hardie024

hardie024
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 07 November 2014 - 03:00 PM

Thank you in advance for your help.  Whatever you need from me, just let me know.



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:16 AM

Posted 08 November 2014 - 08:47 AM

Hello Hardie024

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.


Step 1

 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Rootkit 1.08 Beta

Please download Malwarebytes' Anti-Rootkit 1.08 Beta and save it to your desktop.

 

  • Exit Malwarebytes Anti-Malware (MBAM) if it is running. You can do so via the notification area icon near the clock. Right click on the MBAM icon, and select Exit.
  • Unzip the File to a convenient location. (Recommend the Desktop)
  • After completing this MBAR should automatically open. If it doesnt open automatically, go into the folder you unzipped and double click MBAR
  • Select Next at the first screen
  • Select Update and then select Next
  • Make sure Drivers, Sectors and System are checked and then click Scan
  • If an infection is found select the Cleanup Button to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup Button once more and repeat the process.
  • Select Exit
  • Please go to the MBAR Folder and copy and paste the contents of System - log and Mbar - log Date and time of scan will also be shown

Step 2


We need to re-run FRST

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Edited by seedy21, 08 November 2014 - 08:47 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 hardie024

hardie024
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 08 November 2014 - 09:55 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 4202631168, free: 2192203776

Downloaded database version: v2014.11.09.01
Downloaded database version: v2014.11.08.01
=======================================
Initializing...
------------ Kernel report ------------
     11/08/2014 21:38:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\netr28ux.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004d45060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004ac5060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004d45060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004d45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004d45060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ac3520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004ac5060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 32B88CCB

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

Malwarebytes Anti-Rootkit BETA 1.08.0.1001
www.malwarebytes.org

Database version: v2014.11.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
User :: LISA-PC [administrator]

11/8/2014 9:38:10 PM
mbar-log-2014-11-08 (21-38-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 373218
Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by lisa (ATTENTION: The logged in user is not administrator) on LISA-PC on 08-11-2014 21:54:45
Running from C:\Users\lisa\Downloads
Loaded Profiles: lisa & User (Available profiles: lisa & User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sage Software SB, Inc.) C:\Program Files (x86)\Timeslips\TSTimer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Elsinore Technologies, Inc.) C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.WindowsClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\lisa\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2009-08-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2009-08-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...\Run: [TSTimer] => C:\Program Files (x86)\Timeslips\TSTimer.exe [2408448 2005-07-26] (Sage Software SB, Inc.)
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-1093111656-1839444564-1188383708-1000\...\MountPoints2: {0914c30e-092c-11e1-bd92-f30ea334eb14} - E:\SETUP.EXE

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\lisa\AppData\Roaming\Mozilla\Firefox\Profiles\euh8s6yz.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-10]
CHR Extension: (Google Drive) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-10]
CHR Extension: (YouTube) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-10]
CHR Extension: (Google Search) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Gmail) - C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 ScreenConnect Client (fac4def2006ae668); C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)\Elsinore.ScreenConnect.ClientService.exe [53208 2014-04-29] (Elsinore Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-05] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 dgdubnuw; \??\C:\Windows\system32\drivers\dgdubnuw.sys [X]
S1 dmhxlwln; \??\C:\Windows\system32\drivers\dmhxlwln.sys [X]
S1 fkuinosv; \??\C:\Windows\system32\drivers\fkuinosv.sys [X]
S1 fmoffmci; \??\C:\Windows\system32\drivers\fmoffmci.sys [X]
S1 jqqttagt; \??\C:\Windows\system32\drivers\jqqttagt.sys [X]
S1 komirwyz; \??\C:\Windows\system32\drivers\komirwyz.sys [X]
S1 paimmcot; \??\C:\Windows\system32\drivers\paimmcot.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 21:42 - 2014-11-08 21:42 - 02115584 _____ (Farbar) C:\Users\lisa\Downloads\FRST64(1).exe
2014-11-08 21:38 - 2014-11-08 21:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-08 21:37 - 2014-11-08 21:49 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-11-08 21:37 - 2014-11-08 21:37 - 14439144 _____ (Malwarebytes Corp.) C:\Users\lisa\Downloads\mbar-1.08.0.1001.exe
2014-11-07 09:46 - 2014-11-07 14:53 - 00000044 ____H () C:\Users\lisa\Documents\PP11Thumbs.ptn2
2014-11-07 00:16 - 2014-11-07 00:16 - 00783048 _____ (Kaspersky Lab ZAO) C:\Users\lisa\Downloads\rectordecryptor.exe
2014-11-06 23:17 - 2014-11-06 23:18 - 00014094 _____ () C:\Users\lisa\Downloads\ESETPoweliksCleaner.exe_20141106.231756.2540.log
2014-11-06 23:17 - 2014-11-06 23:17 - 00186568 _____ (ESET) C:\Users\lisa\Downloads\ESETPoweliksCleaner.exe
2014-11-06 23:07 - 2014-11-06 23:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-06 23:06 - 2014-11-06 23:06 - 02347384 _____ (ESET) C:\Users\lisa\Downloads\esetsmartinstaller_enu.exe
2014-11-06 22:27 - 2014-11-06 22:28 - 00688992 ____R (Swearware) C:\Users\lisa\Downloads\dds.com
2014-11-06 22:21 - 2014-11-06 22:21 - 00020569 _____ () C:\Users\lisa\Downloads\Addition.txt
2014-11-06 22:20 - 2014-11-08 21:55 - 00009684 _____ () C:\Users\lisa\Downloads\FRST.txt
2014-11-06 22:19 - 2014-11-08 21:54 - 00000000 ____D () C:\FRST
2014-11-06 22:19 - 2014-11-06 22:19 - 02114560 _____ (Farbar) C:\Users\lisa\Downloads\FRST64.exe
2014-11-06 22:17 - 2014-11-08 21:21 - 00010938 _____ () C:\Windows\PFRO.log
2014-11-06 22:17 - 2014-11-08 21:21 - 00000112 _____ () C:\Windows\setupact.log
2014-11-06 22:17 - 2014-11-06 22:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-06 21:54 - 2014-11-07 08:12 - 00000000 ____D () C:\SUPERDelete
2014-11-06 21:02 - 2014-11-06 21:48 - 00000274 _____ () C:\Users\lisa\AppData\Roaming\INSTALL_TOR.URL
2014-11-06 21:02 - 2014-11-06 21:48 - 00000274 _____ () C:\Users\lisa\AppData\INSTALL_TOR.URL
2014-11-06 21:01 - 2014-11-06 21:01 - 00000274 _____ () C:\Users\lisa\AppData\Local\INSTALL_TOR.URL
2014-11-06 20:57 - 2014-11-06 20:57 - 00000274 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-11-06 08:30 - 2014-11-06 08:32 - 00002114 _____ () C:\Users\User\Desktop\Rkill.txt
2014-11-06 08:25 - 2014-11-06 08:25 - 00019371 _____ () C:\ComboFix.txt
2014-11-06 08:05 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-06 08:05 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-06 08:05 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-06 08:05 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-06 08:04 - 2014-11-06 08:04 - 00110168 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 08:04 - 2014-11-06 08:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2014-11-06 08:03 - 2014-11-06 08:03 - 00001417 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-06 08:03 - 2014-11-06 08:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-11-06 08:03 - 2014-11-06 08:03 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-11-06 08:03 - 2014-11-06 08:03 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2014-11-06 07:46 - 2014-11-06 07:46 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-11-06 07:46 - 2012-04-12 02:01 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
2014-11-06 07:46 - 2011-11-07 09:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia
2014-11-06 07:46 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-06 07:46 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-05 23:35 - 2014-11-05 23:35 - 00387584 _____ () C:\Users\lisa\Downloads\rescue2usb.exe
2014-11-05 23:33 - 2014-11-05 23:37 - 310253568 _____ () C:\Users\lisa\Downloads\kav_rescue_10.iso
2014-11-05 23:33 - 2014-11-05 23:33 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-05 22:06 - 2014-11-05 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
2014-11-05 22:06 - 2014-11-05 22:06 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro
2014-11-05 18:39 - 2014-11-06 20:56 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-05 09:57 - 2014-11-05 09:57 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\lisa\Downloads\tdsskiller.exe
2014-11-05 08:18 - 2014-11-05 08:40 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-11-05 08:05 - 2014-11-05 08:05 - 00000000 ____D () C:\Users\lisa\Documents\ScreenConnect
2014-11-05 07:51 - 2014-11-05 08:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-05 07:49 - 2014-11-05 07:51 - 11222744 _____ (SurfRight B.V.) C:\Users\lisa\Downloads\HitmanPro_x64.exe
2014-11-05 05:58 - 2014-11-06 08:24 - 00000000 ____D () C:\Windows\erdnt
2014-11-05 05:52 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-05 05:52 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-05 05:51 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-05 01:00 - 2014-11-05 05:56 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Muotxymo
2014-11-04 18:03 - 2014-11-04 18:03 - 00000000 ____D () C:\Program Files (x86)\ScreenConnect Client (fac4def2006ae668)
2014-11-04 14:12 - 2014-11-04 14:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-04 14:12 - 2014-11-04 14:12 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-04 07:10 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-04 06:58 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-04 06:58 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-04 06:58 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-04 06:58 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-04 06:58 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-04 06:58 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-04 06:58 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-04 06:58 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-04 06:58 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-04 06:58 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-04 06:58 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-04 06:58 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-04 06:58 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-04 06:58 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-04 06:57 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-04 06:57 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-04 06:57 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-04 06:57 - 2012-08-23 09:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2014-11-04 06:57 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-04 06:57 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-11-04 06:57 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-11-04 06:57 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-11-04 06:09 - 2014-11-08 21:33 - 00874246 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 06:04 - 2014-11-04 06:04 - 01059840 _____ () C:\Users\lisa\Downloads\MicrosoftFixit50981.msi
2014-11-03 17:56 - 2014-11-06 21:04 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\SUPERAntiSpyware.com
2014-11-03 17:55 - 2014-11-06 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-03 17:55 - 2014-11-06 20:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-03 17:55 - 2014-11-03 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-03 17:53 - 2014-11-03 17:54 - 20188024 _____ (SUPERAntiSpyware) C:\Users\lisa\Downloads\SUPERAntiSpyware.exe
2014-11-03 09:04 - 2014-11-03 09:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-03 08:42 - 2014-11-03 08:42 - 00000000 ____D () C:\Users\lisa\AppData\Local\Deployment
2014-11-03 08:42 - 2014-11-03 08:42 - 00000000 ____D () C:\Users\lisa\AppData\Local\Apps\2.0
2014-11-03 08:40 - 2014-11-03 08:41 - 00051672 _____ () C:\Users\lisa\Downloads\Elsinore.ScreenConnect.Client.exe
2014-10-30 19:47 - 2014-11-03 08:52 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-30 19:46 - 2014-11-03 08:52 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-30 19:46 - 2014-10-30 19:46 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\FrameworkUpdate7
2014-10-30 19:45 - 2014-11-06 20:31 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-27 08:46 - 2014-11-07 14:53 - 00000060 ____H () C:\Users\lisa\Documents\maxdesk.ini2
2014-10-27 08:40 - 2014-11-07 14:53 - 00554731 ____H () C:\Users\lisa\Documents\PP11Thumbs.ptn
2014-10-16 01:26 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 01:26 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 01:26 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 01:26 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 01:26 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 01:26 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 01:26 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 01:26 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 01:26 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 01:26 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 01:26 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 01:26 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 01:26 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 01:26 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 01:26 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 01:26 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 01:26 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 01:26 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 01:26 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 01:26 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 01:26 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 01:26 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 01:26 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 01:26 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 01:26 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 01:26 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 01:26 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 01:26 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 01:26 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 01:26 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 01:26 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 01:26 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 01:26 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 01:26 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 01:26 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 01:26 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 01:26 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 01:26 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 01:26 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 01:26 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 01:26 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 01:26 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 01:26 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 01:26 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 01:26 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 01:26 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 01:26 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 01:26 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 01:26 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 01:26 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 01:26 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 01:26 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 01:26 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 01:26 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 01:26 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 01:26 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 01:24 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 01:23 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 01:23 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 01:18 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 01:18 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 01:18 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 01:18 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 01:18 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:18 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:18 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 01:18 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 01:18 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 01:18 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 01:18 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 01:18 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:18 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 21:38 - 2014-09-03 19:06 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 21:37 - 2014-09-03 19:06 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 21:28 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 21:28 - 2009-07-13 23:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 21:25 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 21:21 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 14:45 - 2011-11-07 08:23 - 00000000 ____D () C:\Users\lisa\Documents\Outlook Files
2014-11-08 13:26 - 2014-01-02 14:02 - 00328704 _____ () C:\Users\lisa\Desktop\G&G 2014.xlsx
2014-11-06 21:04 - 2014-02-22 12:32 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\TeamViewer
2014-11-06 21:04 - 2014-01-22 15:38 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Mozilla
2014-11-06 21:02 - 2014-01-22 15:38 - 00000000 ____D () C:\Users\lisa\AppData\Local\Mozilla
2014-11-06 21:02 - 2011-11-07 13:25 - 00000000 ____D () C:\Users\lisa\AppData\Local\Microsoft Games
2014-11-06 21:02 - 2011-11-07 09:32 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Adobe
2014-11-06 21:02 - 2011-11-07 07:55 - 00000000 ____D () C:\Users\lisa\AppData\Roaming\Intuit
2014-11-06 20:59 - 2013-12-10 13:16 - 00000000 ____D () C:\Users\lisa\AppData\Local\Google
2014-11-06 20:59 - 2011-11-07 07:55 - 00000000 ____D () C:\ProgramData\Intuit
2014-11-06 17:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-06 08:23 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 23:31 - 2011-11-07 07:13 - 00110168 _____ () C:\Users\lisa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 23:29 - 2009-07-13 23:45 - 00410960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 23:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-11-05 22:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-05 18:52 - 2011-11-07 06:23 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-11-05 18:00 - 2010-11-21 02:16 - 00000000 ____D () C:\Windows\CSC
2014-11-05 11:40 - 2009-07-14 00:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 09:58 - 2011-12-06 09:13 - 00000000 ____D () C:\Windows\pss
2014-11-05 09:20 - 2011-11-07 07:14 - 00000000 ____D () C:\Windows\AutoKMS
2014-11-04 14:12 - 2011-11-07 09:32 - 00000000 ____D () C:\Users\lisa\AppData\Local\Adobe
2014-11-04 14:12 - 2011-11-07 09:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-04 14:12 - 2011-11-07 09:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-04 07:04 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-04 07:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-04 06:07 - 2014-09-03 19:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 06:07 - 2014-09-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 06:07 - 2014-09-03 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 06:03 - 2011-11-07 09:09 - 00000000 ____D () C:\Windows\Panther
2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 17:56 - 2013-12-10 13:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-24 09:15 - 2011-11-07 07:19 - 00000000 ____D () C:\Users\lisa\Documents\LISA DOCS
2014-10-16 02:25 - 2014-01-22 15:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 02:08 - 2011-11-07 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:05 - 2013-07-26 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:00 - 2011-11-07 06:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by lisa at 2014-11-08 21:55:11
Running from C:\Users\lisa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MB4x0 Twain Driver for 64 Bit Operating System (HKLM-x32\...\{5900F63D-4D59-4F9A-B304-89C827893246}) (Version: 1.00.0000 - OKI® Printing Solutions)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{245FCF81-55BA-4AB9-A7C1-37411595676D}) (Version: 12.0.0000 - Nuance Communications, Inc.)
OKI MB400 Series Scanner (HKLM-x32\...\InstallShield_{E8193183-54C9-40BA-8CD4-0CD7EC7A779E}) (Version: 1.0.1 - Oki Data Corporation)
OKI MC361/561 Scanner (HKLM-x32\...\InstallShield_{44801C11-F5B2-487D-9096-D961D8D96782}) (Version: 1.0.2.0 - Oki Data Corporation)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
ScannerDriver (Version: 1.0.1 - Oki Data Corporation) Hidden
ScannerDriver (Version: 1.0.2.0 - Oki Data Corporation) Hidden
ScreenConnect Client (fac4def2006ae668) (HKLM-x32\...\{C4453BD0-1AB0-43A0-B18C-11E89F153821}) (Version: 4.3.6563.5232 - Elsinore Technologies, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Timeslips 2006 (HKLM-x32\...\{538F9F2E-095B-46B4-B650-96DE41DDDFBA}) (Version: 14.0.0.0 - Sage Software SB, Inc.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-06 08:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:01C66DD9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (fac4def2006ae668) => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-1093111656-1839444564-1188383708-500 - Administrator - Disabled)
Guest (S-1-5-21-1093111656-1839444564-1188383708-501 - Limited - Disabled)
lisa (S-1-5-21-1093111656-1839444564-1188383708-1000 - Limited - Enabled) => C:\Users\lisa
User (S-1-5-21-1093111656-1839444564-1188383708-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 09:47:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/08/2014 09:31:41 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location \\STORAGE\Backups\Lisa\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/08/2014 09:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2014 01:07:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/07/2014 01:48:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/06/2014 11:07:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/06/2014 11:06:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/06/2014 10:18:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 10:10:32 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Word failed to start correctly last time.  Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Word in safe mode?.
Accepted Safe Mode action : Microsoft Word.

Error: (11/06/2014 09:46:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/08/2014 09:21:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:15:46 PM on ‎11/‎8/‎2014 was unexpected.

Error: (11/06/2014 10:19:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 09:49:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/06/2014 09:45:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 09:45:15 PM) (Source: DCOM) (EventID: 10016) (User: lisa-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}lisa-PClisaS-1-5-21-1093111656-1839444564-1188383708-1000LocalHost (Using LRPC)

Error: (11/06/2014 09:45:15 PM) (Source: DCOM) (EventID: 10016) (User: lisa-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}lisa-PClisaS-1-5-21-1093111656-1839444564-1188383708-1000LocalHost (Using LRPC)

Error: (11/06/2014 09:40:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/06/2014 08:32:04 PM) (Source: DCOM) (EventID: 10016) (User: lisa-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}lisa-PClisaS-1-5-21-1093111656-1839444564-1188383708-1000LocalHost (Using LRPC)

Error: (11/06/2014 08:32:04 PM) (Source: DCOM) (EventID: 10016) (User: lisa-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}lisa-PClisaS-1-5-21-1093111656-1839444564-1188383708-1000LocalHost (Using LRPC)

Error: (11/06/2014 08:59:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (11/08/2014 09:47:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\lisa\Downloads\esetsmartinstaller_enu.exe

Error: (11/08/2014 09:31:41 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: \\STORAGE\Backups\Lisa\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/08/2014 09:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/08/2014 01:07:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (11/07/2014 01:48:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (11/06/2014 11:07:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\lisa\Downloads\esetsmartinstaller_enu.exe

Error: (11/06/2014 11:06:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\lisa\Downloads\esetsmartinstaller_enu.exe

Error: (11/06/2014 10:18:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 10:10:32 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft WordWord failed to start correctly last time.  Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Word in safe mode?

Error: (11/06/2014 09:46:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-11-06 08:18:51.564
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-06 08:18:51.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 4007.94 MB
Available physical RAM: 2458.99 MB
Total Pagefile: 10016.12 MB
Available Pagefile: 8416.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:402.92 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

 



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:16 AM

Posted 09 November 2014 - 12:00 PM

Hi hardie024

 


Something has gone wrong with your account.

Can you log into the account called User

If so I will need to do the following: -

Open User Accounts by clicking the Start button , clicking Control Panel, clicking User Accounts and Family Safety, clicking User Accounts, and then clicking Manage another account. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Click Lisa , and then click Change the account type.

Select the account type to be an Administrator, and then click Change Account Type.

Please log out of User and then Log in as Lisa


We need to re-run FRST
 

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

I also would like to see the following:-

 

C:\Combofix.txt
C:\Users\lisa\Downloads\ESETPoweliksCleaner.exe


Edited by seedy21, 09 November 2014 - 12:12 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:16 AM

Posted 11 November 2014 - 04:08 PM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:16 AM

Posted 04 December 2014 - 12:21 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users