Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe Com Surrogate multiple processes running website blocks every 5 sec


  • This topic is locked This topic is locked
6 replies to this topic

#1 pcbmelton

pcbmelton

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 09 November 2014 - 04:18 AM

My computer began setting off the Eset antivirus program with popups advising of website blocks and IP address blocks.  This continued every 7 seconds until I turned the computer off.  The outbound file is always C:\windows\system32\dllhost.exe.  When task manager is ran, dllhost.exe COM Surrogate is running multiple times up to 5 using anywhere between 6,000k up to 76,000k of memory.  My computer is running super slow.  A lot of files freeze. Internet will stop working and needs to be refreshed multiple times before it works again.  TrendMicro was removed from this computer tonight.  TrendMirco was acting the same as the dllhost.exe.  Virus scan from ESET is negative and Malwarebytes is negative.  I need help correcting this issue.  Thank you in advance.  The following is my computer information and the requested .txt file.

Windows 7 Professional Service Pack 1

32-bit OS

I am not in any other forum for this issue.  I have not downloaded and ran anything but the DDS file.

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 09/30/2013 2:51:15 PM

System Uptime: 11/09/2014 1:40:20 AM (0 hours ago)

.

Motherboard: Dell Inc. |  | 05GRXT

Processor: Intel® Core™ i5-3340M CPU @ 2.70GHz | SOCKET 0 | 2701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 282 GiB total, 138.361 GiB free.

D: is CDROM (CDFS)

P: is NetworkDisk (NTFS) - 7247 GiB total, 5911.979 GiB free.

Z: is NetworkDisk (NTFS) - 7247 GiB total, 5911.979 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP125: 10/23/2014 5:44:51 PM - Windows Update

RP126: 10/28/2014 7:22:22 PM - Windows Update

RP127: 10/31/2014 10:04:58 PM - Windows Update

RP128: 11/07/2014 1:20:09 PM - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Acrobat XI Standard

Adobe Flash Player 15 ActiveX

Adobe Form Client Filler 5.0

AuthenTec WinBio FingerPrint Software 32-bit

BDE Information Utility

Broadcom NetXtreme-I Netlink Driver and Management Installer

Canon IJ Scan Utility

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MG2200 series MP Drivers

Canon MG2200 series On-screen Manual

Canon MG2200 series User Registration

Canon My Image Garden

Canon My Image Garden Design Files

Canon My Printer

Canon Quick Menu

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Custom

D3DX10

Dell Backup and Recovery Manager

Dell Client System Update

Dell Data Protection | Access

Dell Edoc Viewer

Dell Feature Enhancement Pack

Dell Touchpad

DellAccess

DriverTuner 3.5.0.1

DW WLAN Card Utility

Easy Street Draw 3

EMBASSY Client Core

ERAS Connector

ESET NOD32 Antivirus

Gemalto

GemPcCCID

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Customer 2.2.0.758

HP Deskjet 1000 J110 series Basic Device Software

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Junk Mail filter update

Malwarebytes Anti-Malware version 2.0.3.1025

Map Data

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office 2010 Primary Interop Assemblies

Microsoft Office Professional 2013 - en-us

Microsoft Silverlight

Microsoft Speech SDK 5.1

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

MobileFile IMS eReporting Version 7

MobileFile IMS eTicketing Version 7

Movie Maker

MSVCRT

MSVCRT110

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

O2Micro OZ776 SCR Driver

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

OmniForm 5.1

Open It!

PANTECH UML290

PBA Driver-x86

Photo Common

Photo Gallery

Preboot Manager

Private Information Manager

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

SI TSS

SPBA (WBF) 5.9

ST Microelectronics 3 Axis Digital Accelerometer Solution

Trusted Drive Manager

Update for Zip Opener

USA Crystal XI Runtime

USA MobileFile eTicket V7

Verizon Wireless UML290 Firmware Updates

Visual DataFlex 2009 Client Engine 15.1

VLC media player

VZAccess Manager

Wave Crypto Runtime 2.0.9.0 x86

Wave Infrastructure Installer

Wave Support Software Installer

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

11/09/2014 1:40:40 AM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

11/09/2014 1:40:38 AM, Error: Service Control Manager [7001]  - The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

11/09/2014 1:40:38 AM, Error: Service Control Manager [7001]  - The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

11/09/2014 1:40:38 AM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain PCBPD due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

11/09/2014 1:16:28 AM, Error: Microsoft-Windows-GroupPolicy [1030]  - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

11/09/2014 1:11:22 AM, Error: Microsoft-Windows-GroupPolicy [1054]  - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

11/08/2014 5:25:27 PM, Error: Service Control Manager [7034]  - The Trend Micro Client/Server Security Agent Proxy Service service terminated unexpectedly.  It has done this 2 time(s).

11/08/2014 5:25:23 PM, Error: Service Control Manager [7034]  - The Trend Micro Client/Server Security Agent Personal Firewall service terminated unexpectedly.  It has done this 2 time(s).

11/08/2014 5:25:19 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent Listener service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 900000 milliseconds: Restart the service.

11/08/2014 5:25:08 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent RealTime Scan service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 900000 milliseconds: Restart the service.

11/08/2014 4:54:50 PM, Error: Service Control Manager [7034]  - The Trend Micro Client/Server Security Agent Personal Firewall service terminated unexpectedly.  It has done this 1 time(s).

11/08/2014 4:54:46 PM, Error: Service Control Manager [7031]  - The Trend Micro Client/Server Security Agent Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 900000 milliseconds: Restart the service.

11/08/2014 4:54:41 PM, Error: Service Control Manager [7034]  - The Trend Micro Client/Server Security Agent Proxy Service service terminated unexpectedly.  It has done this 1 time(s).

.

==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 AM

Posted 11 November 2014 - 01:00 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 pcbmelton

pcbmelton
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 11 November 2014 - 07:38 PM

[2014.11.11 18:12:28.129] - Begin
[2014.11.11 18:12:28.129] - 
[2014.11.11 18:12:28.129] -     ....................................
[2014.11.11 18:12:28.129] -   ..::::::::::::::::::....................
[2014.11.11 18:12:28.129] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.11 18:12:28.129] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.11 18:12:28.129] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.11 18:12:28.129] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.11 18:12:28.129] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.11 18:12:28.129] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.11 18:12:28.129] -     ....................................
[2014.11.11 18:12:28.129] - 
[2014.11.11 18:12:28.129] - --------------------------------------------------------------------------------
[2014.11.11 18:12:28.129] - 
[2014.11.11 18:12:28.129] - INFO: OS: 6.1.7601 SP1
[2014.11.11 18:12:28.129] - INFO: Product Type: Workstation
[2014.11.11 18:12:28.129] - INFO: WoW64: False
[2014.11.11 18:12:28.129] - INFO: Machine guid: 833FA4B8-F7C1-43FF-A626-6BDF70327306 
[2014.11.11 18:12:28.129] - 
[2014.11.11 18:12:30.147] - INFO: Scanning for system infection...
[2014.11.11 18:12:30.163] - --------------------------------------------------------------------------------
[2014.11.11 18:12:30.163] - 
[2014.11.11 18:12:30.163] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.11 18:12:30.163] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.11 18:12:30.163] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.11 18:12:30.163] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.11 18:12:30.163] - INFO: Processing classes...
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{0653471F-1D95-4116-8D9B-5FE96A951A33}]
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{48E91C7B-55A7-41EC-9B71-62DC43E2315F}]
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.11 18:12:30.163] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{0653471F-1D95-4116-8D9B-5FE96A951A33}]
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{48E91C7B-55A7-41EC-9B71-62DC43E2315F}]
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.11 18:12:30.163] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.11 18:12:30.163] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
[2014.11.11 18:12:30.163] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 18:12:30.163] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:30.163] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:30.163] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 18:12:30.163] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:30.163] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:30.163] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:30.163] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:30.163] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 18:12:30.163] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.11 18:12:30.178] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.11 18:12:30.178] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.11 18:12:30.178] - INFO: Win32/Poweliks found
[2014.11.11 18:12:39.647] - INFO: process: dllhost.exe, pid 5872, parent 5036
[2014.11.11 18:12:39.647] - INFO: Terminated process pid = 5872
[2014.11.11 18:12:39.647] - INFO: process: dllhost.exe, pid 5016, parent 5872
[2014.11.11 18:12:39.647] - INFO: Terminated process pid = 5016
[2014.11.11 18:12:39.663] - INFO: process: dllhost.exe, pid 5364, parent 5016
[2014.11.11 18:12:39.663] - INFO: Terminated process pid = 5364
[2014.11.11 18:12:39.663] - INFO: process: dllhost.exe, pid 1076, parent 5016
[2014.11.11 18:12:39.663] - INFO: Terminated process pid = 1076
[2014.11.11 18:12:39.663] - INFO: process: dllhost.exe, pid 5676, parent 5016
[2014.11.11 18:12:39.663] - INFO: Terminated process pid = 5676
[2014.11.11 18:12:39.663] - INFO: process: dllhost.exe, pid 1160, parent 5016
[2014.11.11 18:12:39.663] - INFO: Terminated process pid = 1160
[2014.11.11 18:12:39.679] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.11 18:12:39.679] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.11 18:12:39.679] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.11 18:12:39.679] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.11 18:12:39.679] - INFO: Processing classes...
[2014.11.11 18:12:39.679] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{0653471F-1D95-4116-8D9B-5FE96A951A33}]
[2014.11.11 18:12:39.679] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{48E91C7B-55A7-41EC-9B71-62DC43E2315F}]
[2014.11.11 18:12:39.679] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.11 18:12:39.679] - INFO: Deleted classid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.11 18:12:39.679] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
[2014.11.11 18:12:39.679] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{0653471F-1D95-4116-8D9B-5FE96A951A33}]
[2014.11.11 18:12:39.679] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{48E91C7B-55A7-41EC-9B71-62DC43E2315F}]
[2014.11.11 18:12:39.679] - INFO: Processing clsid [\Registry\User\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}]
[2014.11.11 18:12:39.679] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 18:12:39.679] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:39.679] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:39.679] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 18:12:39.679] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:39.679] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:39.679] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:39.679] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.11 18:12:39.679] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.11 18:12:39.679] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.11 18:12:39.679] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.11 18:12:39.679] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.11 18:12:39.679] - INFO: Cleaning status: 0
[2014.11.11 18:12:45.638] - End
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by smelton (administrator) on PCBPDLP-0213 on 11-11-2014 18:16:19
Running from C:\Users\smelton\Downloads
Loaded Profile: smelton (Available profiles: smelton & POLICE)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi32\pbadrvsvc.exe
(DEVGURU Co., LTD) C:\Windows\System32\ptumlcmsvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_comm_customer.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_system_customer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_user_customer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1704028 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6802432 2012-01-18] (Dell Inc.)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [316752 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [6306872 2012-08-15] (Dell Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2010-11-04] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [OmniForm OFPA] => C:\Program Files\ScanSoft\OmniForm 5.1\OFPA.exe [40960 2003-05-20] (ScanSoft, Inc.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogon.dll (Citrix Online, LLC)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-1218504766-2780461749-949115886-1261\...\Run: [Adobe Acrobat Synchronizer] => c:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-1218504766-2780461749-949115886-1261\...\MountPoints2: {659993dd-0f54-11e3-9d21-806e6f6e6963} - D:\Acrobat\reader\AcroRd32.exe start.pdf
HKU\S-1-5-21-1218504766-2780461749-949115886-1261\...\MountPoints2: {cf4df21e-5593-11e3-8c38-f01faf37759a} - E:\LaunchU3.exe -a
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\POLICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\POLICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\POLICE.PCBPDLP-0213\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Tcpip\..\Interfaces\{1C7E9CD7-96A7-4A19-A671-D8598C4953C8}: [NameServer] 192.168.1.1,4.2.2.2
Tcpip\..\Interfaces\{5EED06A1-D35D-40E8-90EA-357930C629AD}: [NameServer] 10.0.1.11 69.1.30.51
Tcpip\..\Interfaces\{9FA5E64A-4ED4-425B-9822-EE0CE7836DF6}: [NameServer] 10.0.1.11 69.1.30.51
Tcpip\..\Interfaces\{D3E4E40B-69F6-419E-A2A5-FED7F7D06F6B}: [NameServer] 10.0.1.11,4.2.2.2
Tcpip\..\Interfaces\{DDB688D8-E145-418A-AB22-5188F54E9CD2}: [NameServer] 10.0.1.10 69.1.30.51
Tcpip\..\Interfaces\{F6C6472B-11F6-4A35-9D35-68E37FF5892A}: [NameServer] 10.0.1.10 69.1.30.51
 
FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-09-30]
 
Chrome: 
=======
CHR Profile: C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Drive) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-21]
CHR Extension: (Google Search) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR Extension: (Gmail) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [131072 2011-11-30] (Broadcom Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1669296 2014-09-25] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-04-25] (Intel Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [1569336 2012-08-15] (Dell Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-11-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-11-04] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [190320 2013-03-11] ()
R2 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-26] (Citrix Online, LLC)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PbaDrvSvc; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi32\pbadrvsvc.exe [17920 2013-01-21] (Dell, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc.exe [143360 2012-09-21] (DEVGURU Co., LTD) [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1555304 2013-02-01] (Wave Systems Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2013-02-05] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [3639120 2013-03-05] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1263616 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5512192 2012-01-18] (Dell Inc.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [171880 2013-03-08] (Wave Systems Corp.)
S2 SecurityCenterServer2487516396; "C:\Windows\system32\itwuwu.exe" -service "C:\Users\smelton\AppData\Roaming\Peafityp\egcywym.exe"
S2 SecurityCenterServer4206024471; "C:\Windows\system32\diuxosc.exe" -service "C:\Users\smelton\AppData\Roaming\Weufni\zoesryn.exe"
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2012-01-18] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [105984 2011-12-19] (Broadcom Corporation)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2012-09-23] (Dell Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-09-03] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-12] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [64056 2012-04-25] (O2Micro )
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [88632 2012-09-21] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [279864 2012-09-21] (DEVGURU Co., LTD.)
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [169656 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59704 2012-09-21] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [59888 2012-05-21] (STMicroelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 18:16 - 2014-11-11 18:17 - 00023572 _____ () C:\Users\smelton\Downloads\FRST.txt
2014-11-11 18:15 - 2014-11-11 18:16 - 00000000 ____D () C:\FRST
2014-11-11 18:14 - 2014-11-11 18:14 - 01107968 _____ (Farbar) C:\Users\smelton\Downloads\FRST.exe
2014-11-11 18:12 - 2014-11-11 18:12 - 00186568 _____ (ESET) C:\Users\smelton\Downloads\ESETPoweliksCleaner.exe
2014-11-11 18:12 - 2014-11-11 18:12 - 00019220 _____ () C:\Users\smelton\Desktop\ESETPoweliksCleaner.exe_20141111.181228.5936.log
2014-11-09 20:47 - 2014-11-09 22:30 - 00000000 ____D () C:\Users\smelton\AppData\Roaming\Weufni
2014-11-09 20:47 - 2014-11-09 22:30 - 00000000 ____D () C:\Users\smelton\AppData\Roaming\Peafityp
2014-11-09 20:42 - 2014-11-11 02:46 - 00000000 ____D () C:\ProgramData\XedidOcofe
2014-11-09 20:42 - 2014-11-11 02:46 - 00000000 ____D () C:\ProgramData\LuhvUgfe
2014-11-09 01:58 - 2014-11-09 01:58 - 00021722 _____ () C:\Users\smelton\Desktop\dds.txt
2014-11-09 01:58 - 2014-11-09 01:58 - 00008762 _____ () C:\Users\smelton\Desktop\attach.txt
2014-11-09 01:55 - 2014-11-09 01:55 - 00688992 ____R (Swearware) C:\Users\smelton\Downloads\dds.com
2014-11-09 00:31 - 2014-11-09 00:33 - 09734144 _____ () C:\Users\smelton\Documents\CQB Presentation.ppt
2014-11-08 14:25 - 2014-11-11 18:09 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 14:25 - 2014-11-08 14:25 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-08 14:25 - 2014-11-08 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-08 14:25 - 2014-11-08 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 14:25 - 2014-11-08 14:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-08 14:25 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 14:25 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-08 14:25 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-08 04:09 - 2014-11-08 04:09 - 08908288 _____ () C:\Users\smelton\Documents\Patrol Procedures 112104.ppt
2014-11-08 04:04 - 2014-11-08 04:05 - 04081664 _____ () C:\Users\smelton\Documents\Reduced Light Combat Instructor.ppt
2014-11-08 02:54 - 2014-11-08 02:56 - 10854912 _____ () C:\Users\smelton\Documents\movement - Stairwells.ppt
2014-11-07 13:12 - 2014-11-11 05:19 - 00000000 ____D () C:\Users\smelton\Desktop\Canine
2014-11-02 15:18 - 2014-11-02 15:50 - 996259510 _____ () C:\Users\smelton\Desktop\zombie 5k.mp4
2014-11-01 23:46 - 2014-11-07 13:14 - 00000000 ____D () C:\Users\smelton\Desktop\Quotes
2014-11-01 20:27 - 2014-11-02 15:57 - 00180542 _____ () C:\Users\smelton\Desktop\zombie 5k.wlmp
2014-11-01 03:07 - 2014-11-01 15:04 - 00033545 _____ () C:\Users\smelton\Desktop\My Movie.wlmp
2014-10-29 13:29 - 2014-10-29 13:30 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-10-29 11:14 - 2014-10-29 11:14 - 00203037 _____ () C:\Users\smelton\Downloads\1381604502wpdm_1.zip
2014-10-14 21:09 - 2014-10-14 23:06 - 00100147 _____ () C:\Users\smelton\Desktop\NEW SCHEDULE BOOK (2).xlsx
2014-10-14 20:47 - 2014-10-09 19:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-14 20:47 - 2014-10-09 19:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-14 20:47 - 2014-10-09 19:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-14 20:47 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 20:47 - 2014-09-28 18:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 20:47 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 20:47 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 20:47 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 20:47 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 20:47 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 20:47 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 20:47 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 20:47 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 20:47 - 2014-09-18 19:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 20:47 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 20:47 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 20:47 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 20:47 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 20:47 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 20:47 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 20:47 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 20:47 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 20:47 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 20:47 - 2014-09-18 18:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 20:47 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 20:47 - 2014-09-18 18:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 20:47 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 20:47 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 20:47 - 2014-09-18 18:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 20:47 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 20:47 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 20:47 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 20:47 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 20:47 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 20:47 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 20:44 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 20:44 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 20:44 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 20:44 - 2014-08-28 19:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 20:44 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 20:44 - 2014-08-18 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 20:44 - 2014-08-18 20:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 20:44 - 2014-08-18 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 20:44 - 2014-08-18 20:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 20:44 - 2014-08-18 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 20:44 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 20:44 - 2014-07-16 19:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 20:44 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 20:44 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 20:44 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 20:44 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 20:44 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 20:44 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 20:44 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 20:44 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 20:44 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 20:44 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 20:44 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-14 20:44 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 20:44 - 2014-07-06 19:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 20:44 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 20:44 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 20:44 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 20:44 - 2014-07-06 19:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 20:44 - 2014-06-27 18:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 20:44 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 20:44 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 20:44 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 20:44 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 20:44 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 18:16 - 2010-11-20 15:01 - 00817330 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 18:11 - 2013-08-27 12:14 - 01055538 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 18:09 - 2013-12-14 21:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 18:08 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-11 18:08 - 2009-07-13 22:39 - 00071673 _____ () C:\Windows\setupact.log
2014-11-11 05:52 - 2013-12-14 21:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 05:41 - 2014-09-10 01:54 - 00000000 ____D () C:\Users\smelton\Desktop\bum booking sheets
2014-11-11 05:31 - 2013-08-27 12:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 05:12 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 05:12 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 05:05 - 2014-02-03 14:01 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-09 23:16 - 2014-02-05 14:17 - 00000000 ____D () C:\Users\smelton\Documents\Outlook Files
2014-11-09 13:34 - 2014-01-14 23:52 - 00000000 ____D () C:\Program Files\Canon
2014-11-09 13:28 - 2014-01-15 00:03 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-09 13:28 - 2014-01-14 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-11-08 23:20 - 2010-11-20 15:48 - 00468698 _____ () C:\Windows\PFRO.log
2014-11-08 22:47 - 2014-05-31 19:15 - 00000000 ____D () C:\Users\smelton\Desktop\converted forms
2014-11-08 17:29 - 2014-05-18 13:36 - 00001232 _____ () C:\Windows\TMFilter.log
2014-11-08 17:10 - 2013-08-27 12:35 - 00000031 _____ () C:\tmuninst.ini
2014-11-08 14:49 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Speech
2014-11-08 14:48 - 2014-02-15 19:23 - 00000000 ____D () C:\Users\smelton\AppData\Roaming\DigitalSites
2014-11-02 03:03 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-01 23:51 - 2013-09-30 14:54 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Standard.lnk
2014-11-01 23:51 - 2013-09-30 14:54 - 00002021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-11-01 17:36 - 2014-05-04 08:46 - 00000000 ____D () C:\Users\smelton\AppData\Local\Windows Live
2014-11-01 17:30 - 2010-11-20 18:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-30 10:10 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-30 09:33 - 2014-02-04 16:26 - 00000000 ____D () C:\Users\smelton\Desktop\My Stuff
2014-10-29 13:29 - 2014-02-04 16:26 - 00000000 ____D () C:\Users\smelton\AppData\Roaming\Canon
2014-10-28 05:35 - 2013-09-30 14:10 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 16:34 - 2013-10-01 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 17:11 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-20 20:49 - 2014-02-04 16:26 - 00000000 ____D () C:\Users\smelton\Desktop\Tac Team
2014-10-18 21:17 - 2014-10-10 16:21 - 00000000 ____D () C:\Users\smelton\Desktop\Building Search FTO
2014-10-16 12:00 - 2013-08-27 12:25 - 00002794 __RSH () C:\ProgramData\ntuser.pol
2014-10-15 15:32 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2014-10-15 13:30 - 2009-07-13 22:33 - 00436320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 13:29 - 2014-05-11 04:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 23:19 - 2013-09-30 14:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 23:13 - 2013-09-30 14:02 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Files to move or delete:
====================
C:\ProgramData\UserProfileMigrationService.exe
 
 
Some content of TEMP:
====================
C:\Users\POLICE\AppData\Local\Temp\MSETUP4.EXE
C:\Users\POLICE\AppData\Local\Temp\OfficeSetup.exe
C:\Users\POLICE\AppData\Local\Temp\SetupProfessionalRetail.x86.en-US_ProfessionalRetail_J8WP4-9N7HF-M9T37-M84J4-4X6V9_act_1_.exe
C:\Users\POLICE\AppData\Local\Temp\UsrPerm.exe
C:\Users\smelton\AppData\Local\Temp\conhost.exe
C:\Users\smelton\AppData\Local\Temp\kqo.dll
C:\Users\smelton\AppData\Local\Temp\UpdateFlashPlayer_09234a81.exe
C:\Users\smelton\AppData\Local\Temp\UpdateFlashPlayer_7f622062.exe
C:\Users\smelton\AppData\Local\Temp\UpdateFlashPlayer_8a8acc2e.exe
C:\Users\smelton\AppData\Local\Temp\UpdateFlashPlayer_e93eeefb.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-07 13:03
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014
Ran by smelton at 2014-11-11 18:17:26
Running from C:\Users\smelton\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Standard (HKLM\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Form Client Filler 5.0 (HKLM\...\{2EF36FEF-42D5-4D72-A4DB-D11F9CD60185}) (Version: 5.0.0.0000 - Adobe Systems, Inc.)
AuthenTec WinBio FingerPrint Software 32-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
BDE Information Utility (HKLM\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG2200 series User Registration (HKLM\...\Canon MG2200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{B7FB9195-E9FC-4316-930E-D799D5D712F7}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.071 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
DriverTuner 3.5.0.1 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)
Easy Street Draw 3 (HKLM\...\{D8E80883-C928-4571-B6C8-467FE58EE80B}) (Version:  - )
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
ESET NOD32 Antivirus (HKLM\...\{640BE6CD-9B4E-4FA4-98BC-E6975A30DC4F}) (Version: 4.2.67.10 - ESET, spol. s r.o.)
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.758 (HKLM\...\GoToAssist Express Customer) (Version: 2.2.0.758 - Citrix Online)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Map Data (HKLM\...\{4A235706-D949-4F27-9C0E-84F167A262B8}) (Version: 1.00.0000 - Map Data)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Speech SDK 5.1 (HKLM\...\{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}) (Version: 5.1.4324.0 - Microsoft)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileFile IMS eReporting Version 7 (HKLM\...\InstallShield_{FD7DD3DF-1533-4FAF-84B4-B2270D8455D2}) (Version: 7.0 - USA Software, Inc.)
MobileFile IMS eReporting Version 7 (Version: 7.0 - USA Software, Inc.) Hidden
MobileFile IMS eTicketing Version 7 (HKLM\...\{B57A2C8A-C7D8-445A-B503-64DE11F630E5}) (Version: 7.00.0000 - USA Software, Inc.)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro OZ776 SCR Driver (Version: 2.1.4.223GS - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
OmniForm 5.1 (HKLM\...\{89DD6626-F35B-4989-9703-699E75129D0E}) (Version: 5.10.0000 - ScanSoft, Inc.)
Open It! (HKLM\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
PANTECH UML290 (HKLM\...\{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}) (Version: 4.11.2.0 - PANTECH CO., LTD)
PBA Driver-x86 (Version: 1.0.1.8 - Dell Inc.) Hidden
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
USA Crystal XI Runtime (HKLM\...\InstallShield_{5600DD59-14A8-41C2-843B-A125FDB74B4E}) (Version: 7.00.0000 - USA Software, Inc.)
USA Crystal XI Runtime (Version: 7.00.0000 - USA Software, Inc.) Hidden
USA MobileFile eTicket V7 (HKLM\...\InstallShield_{BD8C21DA-506E-4585-80D5-0FD2CA160D7A}) (Version: 7.00.0000 - USA Software, Inc.)
USA MobileFile eTicket V7 (Version: 7.00.0000 - USA Software, Inc.) Hidden
Verizon Wireless UML290 Firmware Updates (HKLM\...\{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}) (Version: 1.0.11 - Smith Micro Software, Inc.)
Visual DataFlex 2009 Client Engine 15.1 (HKLM\...\Visual DataFlex 2009 Client Engine 15.1) (Version: 15.1.29.4 Client - Data Access Worldwide)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VZAccess Manager (HKLM\...\{FF35BA14-9CF3-41DD-9BC3-7C2A0763B4F3}) (Version: 7.9.1.0 - Smith Micro Software Inc.)
Wave Crypto Runtime 2.0.9.0 x86 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.06.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-10-2014 22:44:51 Windows Update
29-10-2014 00:22:22 Windows Update
01-11-2014 03:04:58 Windows Update
07-11-2014 19:20:09 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07B5A137-2480-4B4C-BC32-6A9A898D0B74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-14] (Google Inc.)
Task: {13F903BA-0C24-486D-BF35-EFBA95AA933F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PCBPD-smelton PCBPDLP-0213.PCBPD.LOCAL => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {26ABE2A1-02BE-4A7A-9245-1F37DCAD7972} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {3D3111C0-14FD-4F24-BFE7-32519D3E6BFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-14] (Google Inc.)
Task: {4225A978-22AB-4BC0-BD09-AA2B4E1022A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {7095B3AF-9780-44D6-ACB7-B1DDE112E5EE} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {F054D838-DC2A-47F1-AB0A-C684A6F90C3B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {1f9fae77-994e-498b-b085-10c46dc92e46} PCBPDLP-0213.PCBPD.LOCAL => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-05-11 08:47 - 2012-05-11 08:47 - 00003072 _____ () C:\Program Files\Security Innovation\SI TSS\bin\TspPopup_ENU.dll
2014-03-20 13:58 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2013-03-11 09:03 - 2013-03-11 09:03 - 00190320 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2013-03-11 09:03 - 2013-03-11 09:03 - 00031088 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2014-01-15 00:05 - 2011-09-06 05:02 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2014-10-15 13:37 - 2014-10-15 13:37 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2013-08-27 12:21 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-08-27 12:19 - 2013-01-14 14:25 - 01200088 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-30 10:42 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-30 10:42 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-30 10:42 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-30 10:42 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-830363417-2353412543-2920554794-500 - Administrator - Disabled)
Guest (S-1-5-21-830363417-2353412543-2920554794-501 - Limited - Disabled)
POLICE (S-1-5-21-830363417-2353412543-2920554794-1000 - Administrator - Enabled) => C:\Users\POLICE.PCBPDLP-0213
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2014 06:09:35 PM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
 
Error: (11/11/2014 06:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 05:06:27 AM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
 
Error: (11/11/2014 05:05:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 00:42:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/11/2014 00:37:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/10/2014 09:29:20 PM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
 
Error: (11/10/2014 09:29:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2014 10:58:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x1f54
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/09/2014 10:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0xac4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
 
System errors:
=============
Error: (11/11/2014 06:10:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/11/2014 06:09:29 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: PCBPD)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/11/2014 06:08:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 4206024471 service failed to start due to the following error: 
%%2
 
Error: (11/11/2014 06:08:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 2487516396 service failed to start due to the following error: 
%%2
 
Error: (11/11/2014 06:08:47 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/11/2014 06:08:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (11/11/2014 06:08:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (11/11/2014 06:08:45 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PCBPD due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/11/2014 05:20:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/11/2014 05:05:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Security Center Server - 4206024471 service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (11/11/2014 06:09:35 PM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
 
Error: (11/11/2014 06:09:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 05:06:27 AM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
 
Error: (11/11/2014 05:05:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 00:42:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\drivertuner\DPInst64.exe
 
Error: (11/11/2014 00:37:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 1000 J110 series\DriverStore\Pipeline\amd64\hpinkins8811.exe
 
Error: (11/10/2014 09:29:20 PM) (Source: Wave Platform Security) (EventID: 1008) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM
 
Error: (11/10/2014 09:29:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/09/2014 10:58:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c911f5401cffca21a11ee1bC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll252eced8-6896-11e4-9dc8-f01faf37759a
 
Error: (11/09/2014 10:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbfac401cffc9f3ff1e63eC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll410b8bc7-6893-11e4-9dc8-f01faf37759a
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 50%
Total physical RAM: 3495.96 MB
Available physical RAM: 1744.49 MB
Total Pagefile: 6990.22 MB
Available Pagefile: 4974.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.05 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:282.48 GB) (Free:138.99 GB) NTFS
Drive d: (081015_1155) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: EA4995A5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 AM

Posted 12 November 2014 - 06:40 AM

Hi,
 
warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   2.58KB   4 downloads

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Step 3

emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif


Step 4

Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 pcbmelton

pcbmelton
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 November 2014 - 02:12 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by smelton at 2014-11-12 10:02:22 Run:1
Running from C:\Users\smelton\Downloads
Loaded Profile: smelton (Available profiles: smelton & POLICE)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S2 SecurityCenterServer2487516396; "C:\Windows\system32\itwuwu.exe" -service "C:\Users\smelton\AppData\Roaming\Peafityp\egcywym.exe"
S2 SecurityCenterServer4206024471; "C:\Windows\system32\diuxosc.exe" -service "C:\Users\smelton\AppData\Roaming\Weufni\zoesryn.exe"
C:\Windows\system32\itwuwu.exe
C:\Users\smelton\AppData\Roaming\Peafityp
C:\Windows\system32\diuxosc.exe
C:\Users\smelton\AppData\Roaming\Weufni
2014-11-09 20:42 - 2014-11-11 02:46 - 00000000 ____D () C:\ProgramData\XedidOcofe
2014-11-09 20:42 - 2014-11-11 02:46 - 00000000 ____D () C:\ProgramData\LuhvUgfe
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8405B49-EFEC-4D15-8BC6-A46878355E13}" => Key deleted successfully.
"HKCR\CLSID\{A8405B49-EFEC-4D15-8BC6-A46878355E13}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8405B49-EFEC-4D15-8BC6-A46878355E13}" => Key deleted successfully.
"HKCR\CLSID\{A8405B49-EFEC-4D15-8BC6-A46878355E13}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
SecurityCenterServer2487516396 => Service deleted successfully.
SecurityCenterServer4206024471 => Service deleted successfully.
"C:\Windows\system32\itwuwu.exe" => File/Directory not found.
C:\Users\smelton\AppData\Roaming\Peafityp => Moved successfully.
"C:\Windows\system32\diuxosc.exe" => File/Directory not found.
C:\Users\smelton\AppData\Roaming\Weufni => Moved successfully.
C:\ProgramData\XedidOcofe => Moved successfully.
C:\ProgramData\LuhvUgfe => Moved successfully.
EmptyTemp: => Removed 9.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014
Ran by smelton (administrator) on PCBPDLP-0213 on 12-11-2014 10:35:30
Running from C:\Users\smelton\Downloads
Loaded Profile: smelton (Available profiles: smelton & POLICE)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi32\pbadrvsvc.exe
(DEVGURU Co., LTD) C:\Windows\System32\ptumlcmsvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_comm_customer.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_system_customer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Citrix Online, LLC) C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_user_customer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniForm 5.1\OFPA.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1704028 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6802432 2012-01-18] (Dell Inc.)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [316752 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [6306872 2012-08-15] (Dell Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2010-11-04] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [OmniForm OFPA] => C:\Program Files\ScanSoft\OmniForm 5.1\OFPA.exe [40960 2003-05-20] (ScanSoft, Inc.)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogon.dll (Citrix Online, LLC)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-1218504766-2780461749-949115886-1261\...\Run: [Adobe Acrobat Synchronizer] => c:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [759712 2014-09-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-1218504766-2780461749-949115886-1261\...\MountPoints2: {659993dd-0f54-11e3-9d21-806e6f6e6963} - D:\Acrobat\reader\AcroRd32.exe start.pdf
HKU\S-1-5-21-1218504766-2780461749-949115886-1261\...\MountPoints2: {cf4df21e-5593-11e3-8c38-f01faf37759a} - E:\LaunchU3.exe -a
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\POLICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\POLICE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\POLICE.PCBPDLP-0213\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Tcpip\..\Interfaces\{1C7E9CD7-96A7-4A19-A671-D8598C4953C8}: [NameServer] 192.168.1.1,4.2.2.2
Tcpip\..\Interfaces\{5EED06A1-D35D-40E8-90EA-357930C629AD}: [NameServer] 10.0.1.11 69.1.30.51
Tcpip\..\Interfaces\{9FA5E64A-4ED4-425B-9822-EE0CE7836DF6}: [NameServer] 10.0.1.11 69.1.30.51
Tcpip\..\Interfaces\{D3E4E40B-69F6-419E-A2A5-FED7F7D06F6B}: [NameServer] 10.0.1.11,4.2.2.2
Tcpip\..\Interfaces\{DDB688D8-E145-418A-AB22-5188F54E9CD2}: [NameServer] 10.0.1.10 69.1.30.51
Tcpip\..\Interfaces\{F6C6472B-11F6-4A35-9D35-68E37FF5892A}: [NameServer] 10.0.1.10 69.1.30.51
 
FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-09-30]
 
Chrome: 
=======
CHR Profile: C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Drive) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-21]
CHR Extension: (Google Search) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR Extension: (Gmail) - C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [131072 2011-11-30] (Broadcom Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1669296 2014-09-25] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-04-25] (Intel Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [1569336 2012-08-15] (Dell Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-11-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-11-04] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [190320 2013-03-11] ()
R2 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-26] (Citrix Online, LLC)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [583680 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [627744 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PbaDrvSvc; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi32\pbadrvsvc.exe [17920 2013-01-21] (Dell, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc.exe [143360 2012-09-21] (DEVGURU Co., LTD) [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1555304 2013-02-01] (Wave Systems Corp.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [307282 2013-02-05] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [3639120 2013-03-05] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1263616 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5512192 2012-01-18] (Dell Inc.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [171880 2013-03-08] (Wave Systems Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2012-01-18] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [105984 2011-12-19] (Broadcom Corporation)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas32.sys [32872 2012-09-23] (Dell Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-09-03] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-02-22] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [796656 2013-02-22] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-12] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [64056 2012-04-25] (O2Micro )
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [88632 2012-09-21] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [279864 2012-09-21] (DEVGURU Co., LTD.)
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [169656 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59704 2012-09-21] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [59888 2012-05-21] (STMicroelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 18:23 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 18:22 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 18:22 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 18:22 - 2014-11-05 21:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 18:22 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 18:22 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 18:22 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 18:22 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 18:22 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 18:22 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 18:22 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 18:22 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 18:22 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 18:22 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 18:22 - 2014-11-05 20:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 18:22 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 18:22 - 2014-11-05 20:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 18:22 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 18:22 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 18:22 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 18:22 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 18:22 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 18:22 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 18:22 - 2014-11-05 20:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 18:22 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 18:22 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 18:22 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 18:22 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 18:22 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 18:22 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 18:22 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 18:22 - 2014-11-05 11:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 18:22 - 2014-11-05 11:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 18:22 - 2014-11-05 11:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 18:22 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 18:22 - 2014-10-13 19:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:22 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 18:22 - 2014-10-13 19:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 18:22 - 2014-10-13 19:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 18:22 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 18:22 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 18:22 - 2014-10-09 18:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 18:22 - 2014-10-02 19:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 18:22 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 18:22 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 18:22 - 2014-10-02 19:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 18:22 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 18:22 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 18:22 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 18:22 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 18:22 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 18:22 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 18:22 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 18:22 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 18:22 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 18:22 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 18:22 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 18:17 - 2014-11-11 18:17 - 00026052 _____ () C:\Users\smelton\Downloads\Addition.txt
2014-11-11 18:16 - 2014-11-12 10:35 - 00022916 _____ () C:\Users\smelton\Downloads\FRST.txt
2014-11-11 18:15 - 2014-11-12 10:35 - 00000000 ____D () C:\FRST
2014-11-11 18:14 - 2014-11-11 18:14 - 01107968 _____ (Farbar) C:\Users\smelton\Downloads\FRST.exe
2014-11-11 18:12 - 2014-11-11 18:12 - 00186568 _____ (ESET) C:\Users\smelton\Downloads\ESETPoweliksCleaner.exe
2014-11-11 18:12 - 2014-11-11 18:12 - 00019220 _____ () C:\Users\smelton\Desktop\ESETPoweliksCleaner.exe_20141111.181228.5936.log
2014-11-09 01:58 - 2014-11-09 01:58 - 00021722 _____ () C:\Users\smelton\Desktop\dds.txt
2014-11-09 01:58 - 2014-11-09 01:58 - 00008762 _____ () C:\Users\smelton\Desktop\attach.txt
2014-11-09 01:55 - 2014-11-09 01:55 - 00688992 ____R (Swearware) C:\Users\smelton\Downloads\dds.com
2014-11-09 00:31 - 2014-11-09 00:33 - 09734144 _____ () C:\Users\smelton\Documents\CQB Presentation.ppt
2014-11-08 14:25 - 2014-11-12 10:32 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 14:25 - 2014-11-08 14:25 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-08 14:25 - 2014-11-08 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-08 14:25 - 2014-11-08 14:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-08 14:25 - 2014-11-08 14:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-08 14:25 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-08 14:25 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-08 14:25 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-08 04:09 - 2014-11-08 04:09 - 08908288 _____ () C:\Users\smelton\Documents\Patrol Procedures 112104.ppt
2014-11-08 04:04 - 2014-11-08 04:05 - 04081664 _____ () C:\Users\smelton\Documents\Reduced Light Combat Instructor.ppt
2014-11-08 02:54 - 2014-11-08 02:56 - 10854912 _____ () C:\Users\smelton\Documents\movement - Stairwells.ppt
2014-11-07 13:12 - 2014-11-11 05:19 - 00000000 ____D () C:\Users\smelton\Desktop\Canine
2014-11-02 15:18 - 2014-11-02 15:50 - 996259510 _____ () C:\Users\smelton\Desktop\zombie 5k.mp4
2014-11-01 23:46 - 2014-11-07 13:14 - 00000000 ____D () C:\Users\smelton\Desktop\Quotes
2014-11-01 20:27 - 2014-11-02 15:57 - 00180542 _____ () C:\Users\smelton\Desktop\zombie 5k.wlmp
2014-11-01 03:07 - 2014-11-01 15:04 - 00033545 _____ () C:\Users\smelton\Desktop\My Movie.wlmp
2014-10-29 13:29 - 2014-10-29 13:30 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-10-29 11:14 - 2014-10-29 11:14 - 00203037 _____ () C:\Users\smelton\Downloads\1381604502wpdm_1.zip
2014-10-14 21:09 - 2014-10-14 23:06 - 00100147 _____ () C:\Users\smelton\Desktop\NEW SCHEDULE BOOK (2).xlsx
2014-10-14 20:47 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 20:44 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 20:44 - 2014-08-28 19:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 20:44 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 20:44 - 2014-08-18 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 20:44 - 2014-08-18 20:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 20:44 - 2014-08-18 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 20:44 - 2014-08-18 20:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 20:44 - 2014-08-18 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 20:44 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 20:44 - 2014-07-16 19:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 20:44 - 2014-07-16 19:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 20:44 - 2014-07-16 19:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 20:44 - 2014-07-16 19:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-14 20:44 - 2014-07-08 19:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-14 20:44 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-14 20:44 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 20:44 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 20:44 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 20:44 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 20:44 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-14 20:44 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 20:44 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 20:44 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 20:44 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 20:44 - 2014-07-06 19:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 20:44 - 2014-06-27 18:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 20:44 - 2014-06-27 18:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 20:44 - 2014-06-27 18:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 20:44 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 20:44 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 20:44 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 10:35 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 10:35 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 10:32 - 2013-12-14 21:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 10:31 - 2013-08-27 12:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 10:31 - 2013-08-27 12:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 10:31 - 2013-08-27 12:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 10:30 - 2014-02-03 14:01 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-12 10:30 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 10:30 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 10:29 - 2010-11-20 15:48 - 00469632 _____ () C:\Windows\PFRO.log
2014-11-12 10:29 - 2009-07-13 22:39 - 00071785 _____ () C:\Windows\setupact.log
2014-11-12 10:29 - 2009-07-13 22:33 - 00436320 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 10:28 - 2014-05-11 04:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:28 - 2013-08-27 12:14 - 01198996 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 09:52 - 2013-12-14 21:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 09:51 - 2010-11-20 15:01 - 00817330 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 09:48 - 2013-09-30 14:02 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 09:48 - 2013-09-30 14:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:47 - 2014-02-05 14:17 - 00000000 ____D () C:\Users\smelton\Documents\Outlook Files
2014-11-11 05:41 - 2014-09-10 01:54 - 00000000 ____D () C:\Users\smelton\Desktop\bum booking sheets
2014-11-09 13:34 - 2014-01-14 23:52 - 00000000 ____D () C:\Program Files\Canon
2014-11-09 13:28 - 2014-01-15 00:03 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-09 13:28 - 2014-01-14 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-11-08 22:47 - 2014-05-31 19:15 - 00000000 ____D () C:\Users\smelton\Desktop\converted forms
2014-11-08 17:29 - 2014-05-18 13:36 - 00001232 _____ () C:\Windows\TMFilter.log
2014-11-08 17:10 - 2013-08-27 12:35 - 00000031 _____ () C:\tmuninst.ini
2014-11-08 14:49 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Speech
2014-11-08 14:48 - 2014-02-15 19:23 - 00000000 ____D () C:\Users\smelton\AppData\Roaming\DigitalSites
2014-11-02 03:03 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-01 23:51 - 2013-09-30 14:54 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Standard.lnk
2014-11-01 23:51 - 2013-09-30 14:54 - 00002021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-11-01 17:36 - 2014-05-04 08:46 - 00000000 ____D () C:\Users\smelton\AppData\Local\Windows Live
2014-11-01 17:30 - 2010-11-20 18:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-30 09:33 - 2014-02-04 16:26 - 00000000 ____D () C:\Users\smelton\Desktop\My Stuff
2014-10-29 13:29 - 2014-02-04 16:26 - 00000000 ____D () C:\Users\smelton\AppData\Roaming\Canon
2014-10-28 05:35 - 2013-09-30 14:10 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 16:34 - 2013-10-01 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-24 17:11 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-20 20:49 - 2014-02-04 16:26 - 00000000 ____D () C:\Users\smelton\Desktop\Tac Team
2014-10-18 21:17 - 2014-10-10 16:21 - 00000000 ____D () C:\Users\smelton\Desktop\Building Search FTO
2014-10-16 12:00 - 2013-08-27 12:25 - 00002794 __RSH () C:\ProgramData\ntuser.pol
2014-10-15 15:32 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
 
Files to move or delete:
====================
C:\ProgramData\UserProfileMigrationService.exe
 
 
Some content of TEMP:
====================
C:\Users\POLICE\AppData\Local\Temp\MSETUP4.EXE
C:\Users\POLICE\AppData\Local\Temp\OfficeSetup.exe
C:\Users\POLICE\AppData\Local\Temp\SetupProfessionalRetail.x86.en-US_ProfessionalRetail_J8WP4-9N7HF-M9T37-M84J4-4X6V9_act_1_.exe
C:\Users\POLICE\AppData\Local\Temp\UsrPerm.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-07 13:03
 
==================== End Of Log ============================
 
Emsisoft Emergency Kit - Version 9.0
Last update: 11/12/2014 11:02:29 AM
User account: PCBPD\smelton
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/12/2014 11:03:46 AM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!  detected: Application.AdStart (A)
C:\Program Files\openit  detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1  detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OPENIT OPEN IT!  detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\DSITEPRODUCTS  detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\INSTALLCORE  detected: Application.Win32.InstallAd (A)
C:\Windows\Installer\{32CF9A2E-710E-4F21-8AE4-394F04D1E065}\msiexec.exe  detected: Trojan.GenericKDZ.26333 (B)
C:\Windows\Installer\{8A9DD8C1-1A7A-4062-A568-4DDB72647632}\msiexec.exe  detected: Trojan.GenericKDZ.26333 (B)
 
Scanned 207424
Found 9
 
Scan end: 11/12/2014 12:05:45 PM
Scan time: 1:01:59
 
C:\Windows\Installer\{8A9DD8C1-1A7A-4062-A568-4DDB72647632}\msiexec.exe Quarantined Trojan.GenericKDZ.26333 (B)
C:\Windows\Installer\{32CF9A2E-710E-4F21-8AE4-394F04D1E065}\msiexec.exe Quarantined Trojan.GenericKDZ.26333 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\INSTALLCORE Quarantined Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1218504766-2780461749-949115886-1261\SOFTWARE\DSITEPRODUCTS Quarantined Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OPENIT OPEN IT! Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1 Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO Quarantined Application.AdReg (A)
C:\Program Files\openit Quarantined Application.AppInstall (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! Quarantined Application.AdStart (A)
 
Quarantined 9
 
HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : PCBPDLP-0213
   Windows . . . . . . . : 6.1.1.7601.X86/4
   User name . . . . . . : PCBPD\smelton
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-11-12 12:19:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 33m 55s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 4
 
   Objects scanned . . . : 1,484,040
   Files scanned . . . . : 28,520
   Remnants scanned  . . : 690,843 files / 764,677 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\smelton\Downloads\FRST.exe
      Size . . . . . . . : 1,107,968 bytes
      Age  . . . . . . . : 0.8 days (2014-11-11 18:14:51)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : BF04F57C4244A7A2291220E058DDBD2051C0CF0E75D57F6CC2FFCA44459C02CE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-1218504766-2780461749-949115886-1261\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\smelton\Downloads\FRST.exe
 
 
Cookies _____________________________________________________________________
 
   C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\smelton\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
 
 
 
 
I am not experiencing any problems at this point.
 


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 AM

Posted 12 November 2014 - 02:25 PM

I am not experiencing any problems at this point.


It's good to hear that your problems appear to be solved. :)

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:11 AM

Posted 13 November 2014 - 03:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users