Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Locked registery keys - Flashbroker


  • This topic is locked This topic is locked
9 replies to this topic

#1 semitek123

semitek123

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 04 March 2015 - 09:13 AM

Hi there -

 

Really great what you guys are doing here to help people!

 

My system with Win 7 got hit with a couple of nasty viruses that I've managed to get under control (I think).

 

Adware Cleaner looks clean

 

Junk removal tool looks clean

 

Combofix is showing the following locked registry keys relating to Flashbroker among other things....see attached below.

 

Side note - I ran ESET online AFTER the combofix log  was generated below - it snagged a few items....

 

 

 

ComboFix 15-03-01.01 - kretzschmar-admin 03/03/2015  21:29:25.8.4 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3241.2242 [GMT -6:00]
Running from: c:\users\kretzschmar-admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1425438535.bdinstall.bin
c:\programdata\ntuser.pol
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-04 to 2015-03-04  )))))))))))))))))))))))))))))))
.
.
2015-03-04 03:35 . 2015-03-04 03:35 -------- d-----w- c:\users\kretzschmar-admin\AppData\Local\temp
2015-03-04 03:35 . 2015-03-04 03:35 -------- d-----w- c:\users\gzaragoza\AppData\Local\temp
2015-03-04 03:35 . 2015-03-04 03:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-04 03:35 . 2015-03-04 03:35 -------- d-----w- c:\users\connolly\AppData\Local\temp
2015-03-04 03:35 . 2015-03-04 03:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-03-04 03:22 . 2015-03-04 03:24 -------- d-----w- C:\AdwCleaner
2015-03-04 03:09 . 2015-03-04 03:09 -------- d-----w- c:\program files\Bitdefender
2015-03-04 01:29 . 2015-03-04 01:29 -------- d-----w- c:\windows\system32\Lang
2015-03-04 01:29 . 2015-03-04 01:29 -------- d-----w- c:\program files\Common Files\postureAgent
2015-03-04 01:28 . 2009-07-21 20:40 1006104 ----a-w- c:\windows\system32\mesoludlg.exe
2015-03-04 01:28 . 2015-03-04 01:28 -------- d-----w- C:\Intel
2015-03-04 01:28 . 2015-03-04 01:28 -------- d-----w- C:\dell
2015-03-03 22:19 . 2015-03-03 22:38 -------- d-----w- c:\users\kretzschmar
2015-03-03 21:09 . 2015-03-03 22:10 -------- d-----w- c:\users\backup
2015-03-03 19:17 . 2015-03-03 19:36 -------- d-----w- c:\programdata\HitmanPro
2015-03-03 08:34 . 2015-03-03 08:34 -------- d-----w- c:\programdata\IObit
2015-03-03 08:34 . 2015-03-03 08:34 -------- d-----w- c:\program files\IObit
2015-03-03 08:10 . 2015-03-03 08:14 -------- d-----w- c:\program files\Unlocker
2015-03-03 08:02 . 2015-03-03 08:02 -------- d-----w- c:\users\kretzschmar-admin\AppData\Local\Eraser 6
2015-03-03 05:39 . 2013-04-29 15:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-03-03 04:35 . 2015-03-03 04:35 -------- d-----w- c:\users\kretzschmar-admin\AppData\Roaming\QuickScan
2015-03-03 04:15 . 2015-03-04 03:09 -------- d-----w- c:\program files\Common Files\Bitdefender
2015-03-03 02:50 . 2015-03-03 04:23 -------- d-----w- c:\users\kretzschmar-admin\AppData\Roaming\Panda Security
2015-03-03 02:47 . 2015-03-03 04:24 -------- d-----w- c:\programdata\Panda Security
2015-03-03 01:29 . 2015-03-03 01:29 -------- d-----w- c:\users\kretzschmar-admin\AppData\Local\Programs
2015-03-02 20:15 . 2015-03-02 20:26 -------- d-----w- C:\54c17b0d
2015-02-28 15:26 . 2015-02-28 15:27 -------- d-----w- c:\users\kretzschmar-admin\AppData\Local\Google
2015-02-28 15:26 . 2015-02-28 15:26 -------- d-----w- c:\users\kretzschmar-admin\AppData\Local\Deployment
2015-02-28 15:26 . 2015-02-28 15:26 -------- d-----w- c:\users\kretzschmar-admin\AppData\Local\Apps
2015-02-28 04:51 . 2015-02-28 04:51 -------- d-sh--w- c:\users\kretzschmar-admin\AppData\Local\EmieUserList
2015-02-28 04:51 . 2015-02-28 04:51 -------- d-sh--w- c:\users\kretzschmar-admin\AppData\Local\EmieSiteList
2015-02-28 04:51 . 2015-02-28 04:51 -------- d-sh--w- c:\users\kretzschmar-admin\AppData\Local\EmieBrowserModeList
2015-02-27 20:32 . 2015-02-27 20:32 -------- d-----w- c:\users\gzaragoza\AppData\Local\Programs
2015-02-12 19:59 . 2015-02-12 20:02 -------- d-----w- C:\Project_real backup of 1.57 from 0886700
2015-02-12 12:20 . 2015-02-12 12:21 -------- d-----w- C:\Project_1.58a1_0888400
2015-02-12 12:19 . 2015-02-12 12:19 -------- d-----w- C:\Install_ToolFiles
2015-02-12 12:19 . 2015-02-12 12:19 -------- d---a-w- C:\Install_1.61a2-002
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-25 16:26 . 2012-06-30 15:59 249856 ------w- c:\windows\Setup1.exe
2015-02-25 16:26 . 2012-06-30 15:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2014-12-23 06:50 . 2011-12-05 23:14 249488 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityPolicies"="c:\windows\system\x86\start-min.bat" [2012-10-04 296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2014-05-02 12117312]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"SAP_WUS_UNT"="c:\program files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe" [2011-11-10 127632]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-12-03 41360]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-12-03 840592]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"DcaTray"="c:\program files\DirectAccess Connectivity Assistant\DcaTray.exe" [2012-08-27 524288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-21 796696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableInstallerDetection"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-13 102912]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2012-08-02 48744]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2012-08-02 48744]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2014-06-11 18944]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2007-12-14 11360]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2007-12-13 11904]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2007-12-13 11896]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-07-19 11384]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2008-01-10 11360]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-01-04 62440]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [2010-05-25 24880]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2013-04-29 47632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys [2009-04-17 12952]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-05 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-07-14 20480]
R4 IObitUnlocker;IObitUnlocker;c:\program files\IObit\IObit Unlocker\IObitUnlocker.sys [2014-03-04 30216]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2007-07-11 15448]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 17904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 ccmsetup;ccmsetup;c:\windows\ccmsetup\ccmsetup.exe [2012-02-20 1052528]
S2 DcaSvc;Microsoft DirectAccess Connectivity Assistant Service;c:\program files\DirectAccess Connectivity Assistant\DcaSvc.exe [2012-08-27 128000]
S2 MBAMAgent;BitLocker Management Client Service;c:\program files\Microsoft\MDOP MBAM\MBAMAgent.exe [2014-03-05 274152]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2008-01-10 11360]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [2011-11-10 141464]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-21 2066968]
S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2011-07-22 44144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-09-11 147360]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2010-08-24 33832]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-01-04 63848]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-02 14:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://phx.asm.com
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: asmsgmcm01
Trusted Zone: audit.flexprintinc.com
Trusted Zone: asm.com\traning
Trusted Zone: audit.flexprintinc.com
TCP: DhcpNameServer = 192.168.2.1
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-98937824.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ccmsetup]
"ImagePath"="\"c:\windows\ccmsetup\ccmsetup.exe\" /runservice \"SMSSITECODE=PS1\" \"SMSSLP=10.8.0.48\" \"/mp:10.8.0.48\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-03  21:37:00
ComboFix-quarantined-files.txt  2015-03-04 03:37
ComboFix2.txt  2015-03-03 08:29
ComboFix3.txt  2015-03-03 05:14
ComboFix4.txt  2015-03-03 04:59
ComboFix5.txt  2015-03-03 18:43
.
Pre-Run: 196,023,521,280 bytes free
Post-Run: 195,962,220,544 bytes free
.
- - End Of File - - D47F721F059944B82B9BACD965155209
A36C5E4F47E84449FF07ED3517B43A31
 

 

Thanks,

Andrew

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 08 March 2015 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?

#3 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 March 2015 - 10:15 AM

Hi nasdaq,

 

Laptop "seems" to be running ok...I also updated the  BIOS from A12 -> A21.

 

Adwcleaner log below:

 

# AdwCleaner v4.111 - Logfile created 08/03/2015 at 10:08:18
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x86)
# Username : kretzschmar-admin - ASMAPLN1032
# Running from : C:\Users\kretzschmar-admin\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v

*************************

AdwCleaner[R5].txt - [624 bytes] - [08/03/2015 10:08:18]

 

 

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [682 bytes] ##########



#4 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 March 2015 - 10:36 AM

Here are farbar logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2015 02
Ran by kretzschmar-admin (administrator) on ASMAPLN1032 on 08-03-2015 10:16:09
Running from C:\Users\kretzschmar-admin\Downloads
Loaded Profiles: kretzschmar-admin (Available profiles: gzaragoza & kretzschmar & connolly & kretzschmar-admin & Administrator)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\DirectAccess Connectivity Assistant\DcaSvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(SAP AG) C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\DirectAccess Connectivity Assistant\DcaTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(SAP AG) C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\ccmsetup\ccmsetup.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM\...\Run: [SAP_WUS_UNT] => C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe [127632 2011-11-10] (SAP AG)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [DcaTray] => C:\Program Files\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2012-08-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-21] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [998760 2011-10-29] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-664886854-1017566723-3399325455-1005\...\Run: [SecurityPolicies] => C:\Windows\system\x86\start-min.bat [296 2012-10-04] ()
HKU\S-1-5-21-664886854-1017566723-3399325455-1005\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-664886854-1017566723-3399325455-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.asm.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-664886854-1017566723-3399325455-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-664886854-1017566723-3399325455-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-664886854-1017566723-3399325455-1005 -> {917F70C6-1A42-4C9C-913D-17309EE937A8} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-02] (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-02] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-664886854-1017566723-3399325455-1005 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll [2011-11-11] (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll [2011-11-11] (SAP, Walldorf)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File []
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\kretzschmar-admin\AppData\Roaming\Mozilla\Firefox\Profiles\uURNImog.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll [2014-05-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-11-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-01] ()
FF Extension: Avira Browser Safety - C:\Users\kretzschmar-admin\AppData\Roaming\Mozilla\Firefox\Profiles\uURNImog.default\Extensions\abs@avira.com [2015-03-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ccmsetup; C:\windows\ccmsetup\ccmsetup.exe [1052528 2012-02-19] (Microsoft Corporation)
R2 DcaSvc; C:\Program Files\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [274152 2014-03-04] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11720 2011-09-02] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208928 2011-09-02] (Microsoft Corporation)
R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [141464 2011-11-10] (SAP AG)
R2 O2FLASH; C:\windows\system32\DRIVERS\o2flash.exe [72296 2010-02-11] (O2Micro International)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
S3 PSEXESVC; C:\windows\PSEXESVC.exe [189792 2015-03-04] (Sysinternals)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S4 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\windows\system32\drivers\accelern.sys [44144 2011-07-22] (ST Microelectronics)
R2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [281760 2012-07-24] ()
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R2 cvintdrv; C:\windows\system32\Drivers\cvintdrv.sys [7140 2000-09-13] () [File not signed]
R3 cvusbdrv; C:\windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation)
R3 e1cexpress; C:\windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 e1kexpress; C:\windows\System32\DRIVERS\e1k6032.sys [164864 2009-07-13] (Intel Corporation)
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [30216 2014-03-04] (IObit)
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25888 2012-07-24] ()
S3 MEI; C:\windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
R1 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [165760 2011-10-05] (Microsoft Corporation)
S3 MpNWMon; C:\windows\System32\DRIVERS\MpNWMon.sys [43392 2011-10-05] (Microsoft Corporation)
S3 nidimk; C:\windows\system32\drivers\nidimkl.sys [11360 2007-12-14] (National Instruments Corporation)
S3 niorbk; C:\windows\system32\drivers\niorbkl.sys [11344 2007-12-14] (National Instruments Corporation)
S3 nipalfwedl; C:\windows\System32\drivers\nipalfwedl.sys [11904 2007-12-13] (National Instruments Corporation)
R0 NIPALK; C:\windows\System32\drivers\nipalk.sys [588376 2007-12-13] (National Instruments Corporation)
S3 nipalusbedl; C:\windows\System32\drivers\nipalusbedl.sys [11896 2007-12-13] (National Instruments Corporation)
R0 nipbcfk; C:\windows\System32\drivers\nipbcfk.sys [15448 2007-07-10] (National Instruments Corporation)
S3 NiViFWK; C:\windows\System32\drivers\NiViFWKl.sys [11384 2007-07-19] (National Instruments Corporation)
S3 NiViPciK; C:\windows\System32\drivers\NiViPciKl.sys [11360 2008-01-10] (National Instruments Corporation)
R2 NiViPxiK; C:\windows\System32\drivers\NiViPxiKl.sys [11360 2008-01-10] (National Instruments Corporation)
R3 O2MDFRDR; C:\windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
S3 O2MDRRDR; C:\windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\windows\system32\drivers\o2sdjw7.sys [63848 2011-01-04] (O2Micro )
S3 OXUDIDRV; C:\windows\system32\Drivers\OXUDIDRV_X32.sys [24880 2010-05-25] ()
S3 PSKMAD; C:\windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 stdcfltn; C:\windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 tcm; C:\windows\system32\drivers\tcm.sys [12952 2009-04-17] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-04] ()
S3 dcdbas; system32\DRIVERS\dcdbas32.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X]
S3 Ser2plx86; system32\DRIVERS\ser2pl.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U4 vsserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 10:16 - 2015-03-08 10:16 - 00018824 _____ () C:\Users\kretzschmar-admin\Downloads\FRST.txt
2015-03-08 10:16 - 2015-03-08 10:16 - 00000000 ____D () C:\FRST
2015-03-08 10:07 - 2015-03-08 10:07 - 01134592 _____ (Farbar) C:\Users\kretzschmar-admin\Downloads\FRST.exe
2015-03-08 10:03 - 2015-03-08 10:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2015-03-04 18:25 - 2015-03-08 08:30 - 00004162 __RSH () C:\Users\kretzschmar\ntuser.pol
2015-03-04 16:30 - 2015-03-04 16:32 - 02665553 _____ () C:\windows\system32\kavremvr 2015-03-04 15-30-27 (pid 2412).log
2015-03-04 14:45 - 2015-03-08 08:53 - 00192504 __RSH () C:\ProgramData\ntuser.pol
2015-03-04 14:40 - 2015-03-04 14:41 - 00000000 ____D () C:\KVRT_Data
2015-03-04 14:25 - 2015-03-04 14:25 - 00001234 _____ () C:\Users\kretzschmar-admin\Documents\cc_20150304_132536.reg
2015-03-04 14:07 - 2015-03-04 14:10 - 00189792 _____ (Sysinternals) C:\windows\PSEXESVC.exe
2015-03-04 13:31 - 2015-03-04 13:31 - 00001228 _____ () C:\Users\Administrator\Documents\3-4-2015.reg
2015-03-04 13:03 - 2015-03-04 13:03 - 00018486 _____ () C:\ComboFix.txt
2015-03-04 12:30 - 2015-03-04 12:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-04 12:30 - 2015-03-04 12:30 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-04 11:14 - 2015-03-04 11:14 - 00159488 _____ () C:\windows\system32\GDIPFONTCACHEV1.DAT
2015-03-04 11:14 - 2015-03-04 11:14 - 00008224 _____ () C:\Users\kretzschmar-admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 08:24 - 2015-03-08 10:02 - 00000672 _____ () C:\windows\setupact.log
2015-03-04 08:24 - 2015-03-04 08:24 - 00531592 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-04 08:24 - 2015-03-04 08:24 - 00000000 _____ () C:\windows\setuperr.log
2015-03-04 08:23 - 2015-03-04 16:38 - 00003322 _____ () C:\windows\PFRO.log
2015-03-04 02:03 - 2015-03-04 02:03 - 00001915 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center 2012 Endpoint Protection.lnk
2015-03-04 02:03 - 2015-03-04 02:03 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-03 22:43 - 2015-03-03 22:46 - 00001274 _____ () C:\Users\kretzschmar-admin\Desktop\New Text Document.txt
2015-03-03 21:37 - 2015-03-03 21:37 - 00003732 _____ () C:\Users\kretzschmar\Documents\WRC_Report.txt
2015-03-03 20:29 - 2015-03-03 20:29 - 00000000 ____D () C:\windows\system32\Lang
2015-03-03 20:29 - 2015-03-03 20:29 - 00000000 ____D () C:\Program Files\Common Files\postureAgent
2015-03-03 20:28 - 2015-03-03 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Management and Security
2015-03-03 20:28 - 2015-03-03 20:28 - 00000000 ____D () C:\Intel
2015-03-03 20:28 - 2015-03-03 20:28 - 00000000 ____D () C:\dell
2015-03-03 20:28 - 2009-07-21 15:40 - 01006104 _____ (Intel Corporation) C:\windows\system32\mesoludlg.exe
2015-03-03 20:20 - 2015-03-03 22:00 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Wise Registry Cleaner
2015-03-03 20:15 - 2015-03-03 20:15 - 00000000 __SHD () C:\Users\kretzschmar\AppData\Local\EmieUserList
2015-03-03 20:15 - 2015-03-03 20:15 - 00000000 __SHD () C:\Users\kretzschmar\AppData\Local\EmieSiteList
2015-03-03 20:15 - 2015-03-03 20:15 - 00000000 __SHD () C:\Users\kretzschmar\AppData\Local\EmieBrowserModeList
2015-03-03 18:14 - 2015-03-03 18:14 - 00000000 ____D () C:\Users\kretzschmar\Documents\User guide CD
2015-03-03 18:14 - 2015-03-03 18:14 - 00000000 ____D () C:\Users\kretzschmar\Documents\USB stick
2015-03-03 17:42 - 2013-11-21 12:33 - 98633040 _____ (Apple Inc.) C:\Users\kretzschmar\Downloads\iTunesSetup.exe
2015-03-03 17:42 - 2013-11-04 18:19 - 85267768 _____ () C:\Users\kretzschmar\Downloads\epson13158.exe
2015-03-03 17:42 - 2013-10-06 18:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\kretzschmar\Downloads\mbam-setup-1.75.0.1300.exe
2015-03-03 17:37 - 2013-03-19 15:00 - 00000953 _____ () C:\Users\kretzschmar\Desktop\Beyond Compare 3.lnk
2015-03-03 17:37 - 2012-08-19 07:48 - 00001831 _____ () C:\Users\kretzschmar\Desktop\FreeMind.lnk
2015-03-03 17:37 - 2009-12-01 17:01 - 00000715 _____ () C:\Users\kretzschmar\Desktop\MainEPI.lnk
2015-03-03 17:34 - 2015-03-03 17:34 - 00000000 ____D () C:\Users\kretzschmar\TOSHIBA
2015-03-03 17:34 - 2015-03-03 17:34 - 00000000 ____D () C:\Users\kretzschmar\Logitech
2015-03-03 17:34 - 2015-03-03 17:34 - 00000000 ____D () C:\Users\kretzschmar\.freemind
2015-03-03 17:34 - 2012-03-14 19:49 - 00000000 ____D () C:\Users\kretzschmar\Lync Recordings
2015-03-03 17:21 - 2015-03-03 17:21 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Epson
2015-03-03 17:19 - 2015-03-08 08:30 - 00000000 ____D () C:\Users\kretzschmar
2015-03-03 17:19 - 2015-03-04 16:56 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Adobe
2015-03-03 17:19 - 2015-03-04 16:46 - 00000000 ____D () C:\Users\kretzschmar\Tracing
2015-03-03 17:19 - 2015-03-03 17:21 - 00159488 _____ () C:\Users\kretzschmar\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-03 17:19 - 2015-03-03 17:21 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Apple Computer
2015-03-03 17:19 - 2013-03-25 22:16 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\WinRAR
2015-03-03 17:19 - 2012-03-15 21:15 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\McAfee
2015-03-03 17:19 - 2011-12-07 15:46 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-03 17:19 - 2011-12-06 17:47 - 00000000 ____D () C:\Users\kretzschmar\Documents\SAP
2015-03-03 17:19 - 2011-12-06 17:47 - 00000000 ____D () C:\Users\kretzschmar\AppData\Local\SAP
2015-03-03 17:19 - 2011-12-06 16:48 - 00017920 ___SH () C:\Users\kretzschmar\AppData\Roaming\Thumbs.db
2015-03-03 17:19 - 2011-12-06 14:44 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Macrovision
2015-03-03 17:19 - 2011-12-06 14:44 - 00000000 ____D () C:\Users\kretzschmar\AppData\Local\Sonic_Solutions
2015-03-03 17:19 - 2011-12-06 14:43 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Roxio Burn
2015-03-03 17:19 - 2011-12-06 14:43 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Roxio
2015-03-03 17:19 - 2011-12-06 14:20 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Roxio Log Files
2015-03-03 17:19 - 2011-12-06 13:47 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Creative
2015-03-03 17:19 - 2011-12-06 13:39 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\SAP
2015-03-03 17:19 - 2011-12-06 13:26 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Autodesk
2015-03-03 17:19 - 2011-12-06 13:26 - 00000000 ____D () C:\Users\kretzschmar\AppData\Local\Autodesk
2015-03-03 17:19 - 2011-12-06 13:03 - 00000000 ____D () C:\Users\kretzschmar\AppData\Roaming\Macromedia
2015-03-03 17:19 - 2011-12-06 13:00 - 00000000 ____D () C:\Users\kretzschmar\AppData\Local\Adobe
2015-03-03 17:19 - 2011-12-06 12:32 - 00000000 ____D () C:\Users\kretzschmar\AppData\Local\Microsoft Help
2015-03-03 17:19 - 2011-12-06 12:22 - 00001413 _____ () C:\Users\kretzschmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-03 17:19 - 2011-12-06 12:22 - 00000020 ___SH () C:\Users\kretzschmar\ntuser.ini
2015-03-03 17:19 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\kretzschmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-03 17:19 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\kretzschmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-03 17:10 - 2015-03-03 15:56 - 00000000 ____D () C:\Users\backup\My Video
2015-03-03 16:18 - 2015-03-03 16:18 - 00000000 ____D () C:\Users\backup\Documents\Dell WebCam Central
2015-03-03 16:18 - 2015-03-03 16:18 - 00000000 ____D () C:\Users\backup\Documents\CyberLink
2015-03-03 16:18 - 2015-03-03 16:18 - 00000000 ____D () C:\Users\backup\Documents\Corporate training
2015-03-03 16:17 - 2015-03-03 16:17 - 00000000 ____D () C:\Users\backup\Logitech
2015-03-03 16:17 - 2012-03-14 19:49 - 00000000 ____D () C:\Users\backup\Lync Recordings
2015-03-03 16:16 - 2015-01-26 17:49 - 37675279 _____ ( ) C:\Users\backup\Downloads\FreeMind-Windows-Installer-1.0.1-max.exe
2015-03-03 16:16 - 2014-04-17 13:44 - 04123101 _____ () C:\Users\backup\Downloads\PL2303_Prolific_DriverInstaller_v1.9.0.zip
2015-03-03 16:16 - 2014-02-23 12:19 - 00000220 _____ () C:\Users\backup\Downloads\WeiferMap3.5.8.txt
2015-03-03 16:16 - 2013-11-21 12:33 - 98633040 _____ (Apple Inc.) C:\Users\backup\Downloads\iTunesSetup.exe
2015-03-03 16:16 - 2013-11-04 18:19 - 85267768 _____ () C:\Users\backup\Downloads\epson13158.exe
2015-03-03 16:16 - 2013-10-07 02:31 - 04432832 _____ (TeamViewer) C:\Users\backup\Downloads\TeamviewerQS_en.exe
2015-03-03 16:16 - 2013-10-06 18:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\backup\Downloads\mbam-setup-1.75.0.1300.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 10:11 - 2009-07-13 23:34 - 00027696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-08 10:11 - 2009-07-13 23:34 - 00027696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-08 10:08 - 2010-11-20 16:01 - 00789910 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-08 10:06 - 2011-12-06 14:40 - 00000672 _____ () C:\windows\system32\config\netlogon.ftl
2015-03-08 10:03 - 2014-02-09 00:51 - 00000000 ____D () C:\Users\kretzschmar-admin\Tracing
2015-03-08 10:03 - 2011-12-06 14:24 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-08 10:02 - 2009-07-13 23:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-08 09:31 - 2013-11-02 13:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 19:05 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\NDF
2015-03-04 16:32 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2015-03-04 14:54 - 2012-03-22 20:49 - 00000000 ____D () C:\ProgramData\Skype
2015-03-04 13:02 - 2009-07-13 21:04 - 00000215 _____ () C:\windows\system.ini
2015-03-04 12:10 - 2013-01-10 12:17 - 00002280 _____ () C:\windows\epplauncher.mif
2015-03-04 12:00 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\system32\LogFiles
2015-03-04 01:33 - 2012-10-16 16:33 - 00000000 ____D () C:\EAGLabs
2015-03-04 01:33 - 2012-07-04 11:41 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-04 01:33 - 2012-03-14 18:21 - 00000000 ____D () C:\ProgramData\Email Backup Optimization
2015-03-03 20:28 - 2012-01-29 05:55 - 00000000 ____D () C:\Program Files\Intel
2015-03-03 20:28 - 2012-01-29 05:55 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-03-03 17:14 - 2011-12-06 17:15 - 00000000 ____D () C:\windows\system32\appmgmt
2015-03-03 15:03 - 2014-02-09 00:51 - 00000000 ____D () C:\Users\kretzschmar-admin\AppData\Local\Sonic_Solutions
2015-03-03 14:56 - 2011-12-06 13:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-03 12:00 - 2014-11-13 11:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-03 08:16 - 2011-12-05 18:14 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-03-03 06:36 - 2013-10-06 18:55 - 00000000 ____D () C:\windows\Microsoft Antimalware
2015-03-03 03:03 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\schemas
2015-03-03 02:14 - 2009-07-13 21:37 - 00000000 ____D () C:\windows\Help
2015-03-03 00:05 - 2009-07-13 23:53 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-03-02 20:29 - 2014-12-21 17:31 - 00000000 ____D () C:\Users\kretzschmar-admin\AppData\Roaming\Wise Registry Cleaner
2015-03-02 20:29 - 2013-10-08 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-03-02 20:27 - 2013-05-28 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-02 20:27 - 2013-05-28 11:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-02 19:11 - 2013-08-06 12:11 - 00000000 ____D () C:\windows\system32\LogSpace
2015-02-28 13:57 - 2012-03-14 18:35 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-02-28 13:57 - 2012-03-14 18:35 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-02-28 13:57 - 2012-03-14 18:35 - 00001996 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-02-27 16:45 - 2011-12-13 10:54 - 00000000 ___HD () C:\Users\Default
2015-02-27 15:36 - 2013-10-06 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 11:26 - 2012-06-30 10:59 - 00249856 ____N (Microsoft Corporation) C:\windows\Setup1.exe
2015-02-25 11:26 - 2012-06-30 10:59 - 00073216 _____ (Microsoft Corporation) C:\windows\ST6UNST.EXE
2015-02-16 19:13 - 2015-01-20 02:46 - 00000000 ____D () C:\Project
2015-02-12 07:25 - 2013-11-10 21:12 - 00000000 ____D () C:\XP4
2015-02-12 07:25 - 2013-02-08 15:39 - 00047922 _____ () C:\XP4.log

==================== Files in the root of some directories =======

2015-03-03 11:29 - 2015-03-03 11:43 - 0000115 _____ () C:\Users\kretzschmar-admin\AppData\Roaming\LogFile.txt
2014-02-09 00:51 - 2011-12-06 16:48 - 0017920 ___SH () C:\Users\kretzschmar-admin\AppData\Roaming\Thumbs.db
2014-02-09 00:51 - 2011-12-06 16:47 - 0015604 _____ () C:\Users\kretzschmar-admin\AppData\Roaming\UserTile.png
2015-03-02 15:16 - 2015-03-02 15:16 - 0045639 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-02 15:16 - 2015-03-02 15:16 - 0000292 _____ () C:\ProgramData\HELP_DECRYPT.URL

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-06 11:36

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-03-2015 02
Ran by kretzschmar-admin at 2015-03-08 10:18:11
Running from C:\Users\kretzschmar-admin\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: System Center 2012 Endpoint Protection (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: System Center 2012 Endpoint Protection (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 8.1.2 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
Dell Client System Update (HKLM\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.52 - Creative Technology Ltd)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DWG TrueView 2012 (HKLM\...\DWG TrueView 2012) (Version: 18.2.51.0 - Autodesk)
DWG TrueView 2012 (Version: 18.2.51.0 - Autodesk) Hidden
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JMP 9 (HKLM\...\{915E9EEB-7CE6-4B23-BC27-634058C55108}) (Version: 9.0 - SAS Institute Inc.)
JMP Profiler Core (HKLM\...\{E3699351-FCC8-40C1-BB00-23E555A0E87E}) (Version: 1.0.0 - SAS Institute Inc.)
JMP Profiler GUI (HKLM\...\{0BBA8AC3-ACD0-4C10-8451-0A79D14227ED}) (Version: 1.0.0 - SAS Institute Inc.)
MDOP MBAM (HKLM\...\{D369D2E5-3330-499C-8FE7-81BA660FA8BB}) (Version: 2.5.0244.0 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments Software (HKLM\...\NI Uninstaller) (Version:  - National Instruments)
NI Certificates Deployment Support (Version: 1.01.49153 - National Instruments) Hidden
NI EULA Depot (Version: 2.51.92 - National Instruments) Hidden
NI MDF Support (Version: 2.51.92 - National Instruments) Hidden
NI Uninstaller (Version: 2.51.92 - National Instruments) Hidden
NI VC2005MSMs x86 (Version: 8.01.2 - National Instruments) Hidden
NI-DIM 1.8.0f0 (Version: 1.80.49152 - National Instruments) Hidden
NI-ORB 1.8.0f0 (Version: 1.80.49152 - National Instruments) Hidden
NI-PAL 2.2.0f0 (Version: 10.30.49152 - National Instruments) Hidden
NI-RPC 3.4.1f0 (Version: 3.41.49152 - National Instruments) Hidden
NI-VISA Runtime 4.3 (Version: 4.48.768 - National Instruments) Hidden
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
PIEZOCON 2.0 (HKLM\...\{349D5ACA-FE08-4FA6-8CB7-682A3C2CE6C7}) (Version: 2.0.37 - Lorex)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
SAP Business Explorer (HKLM\...\SAPBI) (Version: 7.20 - SAP AG)
SAP GUI for Windows 7.20 (HKLM\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)
SAPSetup Automatic Workstation Update Service (HKLM\...\SAP_WUS) (Version:  - SAP AG)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SIMSview (HKLM\...\SIMSview2.0) (Version: 2.0 - EAG, LLC)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
System Center 2012 Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 2.2.903.0 - Microsoft Corporation)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Wafermap 2.3 (HKLM\...\ST6UNST #1) (Version:  - )
Windows Firewall Configuration Provider (HKLM\...\{032E702E-6313-4C33-AAF6-4522F3BE737A}) (Version: 1.2.3412.0 - Microsoft Corporation)
Wise Registry Cleaner 8.31 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
X7Magic Setup (HKLM\...\{B27010F5-EE01-4996-8DF5-E1A48CC5624C}) (Version: 7.1.4 - Dell Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-664886854-1017566723-3399325455-1005_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-664886854-1017566723-3399325455-1005_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewr.exe (Autodesk, Inc.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-03-04 13:02 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2B2F47B0-68E2-40A7-80F9-EC4A8C20081F} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-09-02] (Microsoft Corporation)
Task: {40251C65-DA28-4113-8F46-0B85FDAADD42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5472EB56-B518-4119-80CD-329B67A3E3D9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23] (Adobe Systems Incorporated)
Task: {56BE3D80-8F99-4307-82FC-3060CE317D66} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {687E4324-89BF-490F-97AD-DC0B776067F3} - \WPD\SqmUpload_S-1-5-21-664886854-1017566723-3399325455-500 No Task File <==== ATTENTION
Task: {714A1E81-9BAB-4CE2-8A98-E4C5E21E4E42} - \WPD\SqmUpload_S-1-5-21-664886854-1017566723-3399325455-1003 No Task File <==== ATTENTION
Task: {A1D5C0FD-DAED-45A9-AD75-9C62807D543F} - System32\Tasks\{785526E8-900A-4E52-84A2-F7D8797F1983} => C:\Program Files\Wafermap\Waferma2.exe [2003-10-09] (Boin GmbH)
Task: {AC206027-6BE6-42DF-B819-F63D40DA9573} - System32\Tasks\{521D123E-02E1-4DCE-B7EC-952558ADCB34} => pcalua.exe -a "C:\Users\kretzschmar\AppData\Local\Temp\Temp1_Piezocon 2.06 Setup.zip\Piezocon 2.06 Setup\Piezocon2.06\setup.exe"
Task: {BEC5BB77-19A0-4C76-8539-9D2B42930C8F} - System32\Tasks\{23295B94-EDFE-46F8-8B4F-2863775EE449} => C:\Users\kretzschmar\Desktop\wafer23.exe
Task: {F443BEC7-DB9A-48AF-AA00-16A8DA49BA57} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-31 21:13 - 2011-08-31 21:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2012-01-29 05:55 - 2011-07-25 11:43 - 00686704 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-11-17 12:35 - 2010-11-17 12:35 - 00514544 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-25 00:44 - 2010-11-25 00:44 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2015-03-03 20:28 - 2009-07-16 12:20 - 00077824 _____ () C:\Program Files\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15622940.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15622940.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-664886854-1017566723-3399325455-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\system\x86\ADMN.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 2

==================== Accounts: =============================

Administrator (S-1-5-21-664886854-1017566723-3399325455-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-664886854-1017566723-3399325455-501 - Limited - Disabled)
kretzschmar-admin (S-1-5-21-664886854-1017566723-3399325455-1005 - Administrator - Enabled) => C:\Users\kretzschmar-admin

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2015 10:03:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2015 08:58:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62338

Error: (03/06/2015 08:58:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62338

Error: (03/06/2015 08:58:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/06/2015 08:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46738

Error: (03/06/2015 08:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46738

Error: (03/06/2015 08:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/06/2015 08:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31153

Error: (03/06/2015 08:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31153

Error: (03/06/2015 08:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (03/08/2015 10:05:04 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%835

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%842

Error: (03/08/2015 10:03:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/08/2015 10:02:50 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (03/08/2015 10:02:30 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ASMPHX due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/08/2015 10:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (03/08/2015 10:01:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/08/2015 10:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (03/08/2015 10:01:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/08/2015 10:01:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (03/07/2015 06:32:33 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ASMPHX)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Microsoft Office Sessions:
=========================
Error: (03/08/2015 10:03:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2015 08:58:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62338

Error: (03/06/2015 08:58:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62338

Error: (03/06/2015 08:58:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/06/2015 08:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46738

Error: (03/06/2015 08:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46738

Error: (03/06/2015 08:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/06/2015 08:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31153

Error: (03/06/2015 08:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31153

Error: (03/06/2015 08:57:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

==================== Memory info ===========================

Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 3241.05 MB
Available physical RAM: 2252.96 MB
Total Pagefile: 6480.38 MB
Available Pagefile: 5437.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.8 GB) (Free:178.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1412C5E0)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 08 March 2015 - 10:44 AM

ATTENTION: System Restore is disabled.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-664886854-1017566723-3399325455-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File []
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S3 dcdbas; system32\DRIVERS\dcdbas32.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X]
S3 Ser2plx86; system32\DRIVERS\ser2pl.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U4 vsserv; No ImagePath
Task: {687E4324-89BF-490F-97AD-DC0B776067F3} - \WPD\SqmUpload_S-1-5-21-664886854-1017566723-3399325455-500 No Task File <==== ATTENTION
Task: {714A1E81-9BAB-4CE2-8A98-E4C5E21E4E42} - \WPD\SqmUpload_S-1-5-21-664886854-1017566723-3399325455-1003 No Task File <==== ATTENTION
AlternateDataStreams: C:\windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#6 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 March 2015 - 10:59 AM

I should also mention that the Windows Firewall is controlled over Direct Connect access when I'm logged in as a normal user (not admin).

 

Here is the log file from Security Check.

 

 Results of screen317's Security Check version 0.99.97 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
System Center 2012 Endpoint Protection  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Wise Registry Cleaner 8.31 
 Java™ 6 Update 20 
 Java™ 6 Update 31 
 Java 7 Update 45 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
  Adobe Flash Player  13.0.0.206 Flash Player out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
 Microsoft Security Client Antimalware MsMpEng.exe 
 Microsoft Security Client Antimalware NisSrv.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 08 March 2015 - 12:57 PM

Try to set it to ON.

Turn System Restore on or off - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

Using the Add/Remove programs applet delete this old versions of Java.
Java™ 6 Update 20
Java™ 6 Update 31
Java 7 Update 45

===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

How is the computer running now?

#8 semitek123

semitek123
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 08 March 2015 - 04:24 PM

Computer seems to be running fine.

 

I removed the older versions of Java and upgraded to Adobe Flash player v16.0 (from 13.0)

 

Thank you nasdaq.

 

Back to my original question - I still have locked keys in the registry - should I be concerned? How do I unlock and remove them?

 

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 09 March 2015 - 07:26 AM

No. They are required by Flash.

===

If all is well.

to learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:55 AM

Posted 15 March 2015 - 08:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users