Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a Windows 7 tablet that will not connect to the web. Virus suspected.


  • This topic is locked This topic is locked
16 replies to this topic

#1 irishitguy

irishitguy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 23 March 2015 - 05:14 PM

Hello guys,

 

I am new here but heard about you guys and how awesome you all are.  I am having issues with a DT300CT tablet running windows 7.  It has some sort of virus deeply rooted and it will not connect to the net at all.  I have run several Malware removal and detection sw programs and nothing has found any issue, Hence why I am posting here.  I have a hijack this log and a combo fix log.  Please advise me on what I should do since the forum rules asked that I not post those scan logs yet :)



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 25 March 2015 - 09:46 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please post the ComboFix log.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 irishitguy

irishitguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 25 March 2015 - 04:47 PM

HI Mach,

 

I have posted the appropriate scan logs for you to carouse.  Thanks for all of your help in this matter!

 

~IribleepGuy

Attached Files



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 25 March 2015 - 05:30 PM

Hey,
Can you please post all logs directly into the thread rather than attaching them? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 irishitguy

irishitguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 25 March 2015 - 06:10 PM

I sure can, sorry about that!

~Irish

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by rhcc-746 (administrator) on RHCC-746-TAB on 25-03-2015 11:37:09
Running from E:\
Loaded Profiles: rhcc-746 (Available profiles: rhcc-746)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell Inc.) C:\Program Files\Dell\KACE\AMPAgent.exe
(DT Research) C:\Program Files\Utilities\Button Manager\BMService.exe
(DT Research) C:\Program Files\Utilities\MobilityTileExtension\MTEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(DT Research) C:\Program Files\DT Research\ClientAgent\CAService.exe
() C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(DT Research) C:\Program Files\Utilities\Button Manager\BMConfig.exe
(DT Research) C:\Windows\System32\KeyEventExe.exe
(DT Research) C:\Program Files\DT Research\ClientAgent\CAConfig.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(DT Research) C:\Program Files\Utilities\KeyboardWedge\KWControl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
() C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
(eMailSignature) C:\Users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilWinPfwCtrlHelper.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-10-24] (Realtek Semiconductor)
HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-08-16] ()
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [BMConfig] => C:\Program Files\Utilities\Button Manager\BMConfig.exe [245760 2013-03-06] (DT Research)
HKLM\...\Run: [KeyEventExe] => C:\Windows\system32\KeyEventExe.exe [49152 2013-03-06] (DT Research)
HKLM\...\Run: [KWControl.exe] => C:\Program Files\Utilities\KeyboardWedge\KWControl.exe [405504 2013-03-05] (DT Research)
HKLM\...\Run: [CAConfig] => C:\Program Files\DT Research\ClientAgent\CAConfig.exe [774144 2013-03-11] (DT Research)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1950744 2013-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [646144 2014-06-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PenMount Monitor.lnk
ShortcutTarget: PenMount Monitor.lnk -> C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe ()
Startup: C:\Users\pgarrity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk
ShortcutTarget: SonicWALL Global VPN Client.lnk -> C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe (SonicWALL, Inc.)
Startup: C:\Users\rhcc-746\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eMailSignature 365.lnk
ShortcutTarget: eMailSignature 365.lnk -> C:\Users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe (eMailSignature)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Winsock: Catalog9 54  File Not found ()
Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION.
Tcpip\Parameters: [DhcpNameServer] 172.26.38.1 172.26.38.2

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2014-10-24]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-01-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMPAgent; C:\Program Files\Dell\KACE\AMPAgent.exe [2872424 2013-08-23] (Dell Inc.) [File not signed]
S2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509456 2012-07-18] (Intel Corporation)
R2 BMService; C:\Program Files\Utilities\Button Manager\BMService.exe [155648 2013-03-06] (DT Research) [File not signed]
S2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-08-23] (Intel® Corporation)
R2 DTMobilityTileExtension; C:\Program Files\Utilities\MobilityTileExtension\MTEService.exe [61440 2012-03-26] (DT Research) [File not signed]
R2 GobiQDLService; C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [312688 2011-11-25] (Sierra Wireless, Inc.)
S2 KeyboardWedge; C:\Program Files\Utilities\KeyboardWedge\KWService.exe [348160 2013-03-05] (DT Research) [File not signed]
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242480 2012-08-23] ()
S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1298880 2013-10-06] (Trend Micro Inc.)
R2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50200 2013-09-25] (Trend Micro Inc.)
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [228824 2012-04-03] (SonicWALL, Inc.)
R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2012-02-01] (Sierra Wireless, Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-04-12] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1477328 2013-08-14] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)
R2 WebDT CA Service; C:\Program Files\DT Research\ClientAgent\CAService.exe [909312 2013-03-11] (DT Research) [File not signed]
R2 WebDT CA Watchdog; C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe [180224 2013-03-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPISIM; C:\Windows\System32\drivers\ACPISIM.sys [15272 2012-07-13] (DT Research, Inc)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-07-18] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-07-18] (Windows ® Win 7 DDK provider)
S2 cpcecont; C:\Windows\system32\drivers\cpcecont.sys [24560 2010-11-08] (EMS Dr. Thomas Wuensche)
S2 cpcppnt; C:\Windows\system32\drivers\cpcppnt.sys [23560 2010-11-08] (EMS Dr. Thomas Wuensche)
S3 cpcusb; C:\Windows\System32\DRIVERS\cpcusbxp.sys [50968 2010-11-08] (EMS Dr. Thomas Wuensche)
R2 cpcxts; C:\Windows\system32\drivers\cpcxtsnt.sys [69376 2010-11-08] (EMS Dr. Thomas Wuensche)
R3 cxbu1wdm; C:\Windows\System32\DRIVERS\cxbu1wdm.sys [128120 2014-09-04] ( )
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [109144 2011-08-04] (Citrix Systems, Inc.)
R0 DTRACPIEC; C:\Windows\System32\drivers\DTREC.sys [14888 2012-07-13] (DT Research, Inc)
S3 DtrFlashDrv; C:\Windows\system32\DtrFlashDrv.sys [16864 2013-01-31] (DT Research, Inc.)
R3 DTTabBtn; C:\Windows\system32\drivers\DTTabBtn.sys [17448 2012-07-13] (DT Research, Inc)
S3 gobi3kfilter; C:\Windows\system32\drivers\gobi3kfilter.sys [27264 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\system32\drivers\gobi3kserial.sys [194048 2011-07-06] (QUALCOMM Incorporated)
R3 iomem; C:\Windows\system32\iomem.sys [15584 2013-01-31] (DT Research, Inc.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10383568 2014-10-24] (Intel Corporation)
R3 pmhidmini; C:\Windows\system32\drivers\pmhidmini.sys [3712 2013-02-14] (PenMount Touch Solutions)
S3 pmhidusb; C:\Windows\system32\drivers\pmhidusb.sys [51200 2013-02-14] (PenMount Touch Solutions)
R3 pmmouhid; C:\Windows\system32\drivers\pmmouhid.sys [5632 2013-02-14] (PenMount Touch Solutions)
R3 pmmouser; C:\Windows\system32\drivers\pmmouser.sys [68096 2013-02-14] (PenMount Touch Solutions)
S3 pmserenum; C:\Windows\System32\DRIVERS\pmserenum.sys [28160 2013-02-14] (PenMount Touch Solutions)
R2 risdxc; C:\Windows\system32\drivers\risdxc86.sys [76288 2011-05-25] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [45056 2011-04-26] (REDC)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 swg3kmbb00; C:\Windows\System32\DRIVERS\swg3kmbb00.sys [382976 2011-11-09] (Sierra Wireless Incorporated)
R3 swg3knet00; C:\Windows\System32\DRIVERS\swg3knet00.sys [323344 2014-10-24] (Sierra Wireless Incorporated)
S3 swg3knmea00; C:\Windows\system32\drivers\swg3knmea00.sys [216192 2011-08-18] (Sierra Wireless Incorporated)
R3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [228112 2014-10-24] (Sierra Wireless Incorporated)
R3 swibus00; C:\Windows\System32\DRIVERS\swibus00.sys [73488 2014-10-24] (Sierra Wireless Inc.)
R3 swibusflt00; C:\Windows\System32\DRIVERS\swibusflt00.sys [73488 2014-10-24] (Sierra Wireless Inc.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [84112 2012-04-03] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2012-02-07] (SonicWALL, Inc.)
S3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [74600 2012-10-30] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [258976 2012-11-13] (Trend Micro Inc.)
S3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62728 2012-10-30] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [264504 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36664 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1515232 2012-07-17] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\rhcc-746\AppData\Local\Temp\catchme.sys [X]
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
S1 SASDIFSV; \??\E:\clean up sw\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\clean up sw\SUPERAntiSpyware\SASKUTIL.SYS [X]
S3 SWUMX20; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 11:37 - 2015-03-25 11:37 - 00000000 ____D () C:\FRST
2015-03-20 16:45 - 2015-03-20 16:45 - 00000184 __RSH () C:\MSSTBJ.CAT
2015-03-20 11:24 - 2015-03-20 11:40 - 00000000 ____D () C:\Users\rhcc-746\Desktop\mbar
2015-03-20 11:24 - 2015-03-20 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-19 15:02 - 2015-03-19 15:02 - 00015068 _____ () C:\ComboFix.txt
2015-03-19 14:45 - 2015-03-19 14:45 - 00000552 _____ () C:\Windows\PFRO.log
2015-03-19 13:39 - 2015-03-19 15:02 - 00000000 ____D () C:\Qoobox
2015-03-19 13:39 - 2015-03-19 15:02 - 00000000 ____D () C:\ComboFix
2015-03-19 13:39 - 2015-03-19 15:00 - 00000000 ____D () C:\Windows\erdnt
2015-03-19 13:39 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-19 13:39 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-19 13:39 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-18 10:07 - 2015-03-20 11:24 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 10:06 - 2015-03-20 11:24 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 10:06 - 2015-03-18 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 10:06 - 2015-03-18 10:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 10:06 - 2015-03-18 10:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-18 10:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 10:06 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 10:05 - 2015-03-18 10:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-18 10:04 - 2015-03-18 10:04 - 00000000 ____D () C:\Users\rhcc-746\AppData\Roaming\SUPERAntiSpyware.com
2015-03-18 10:04 - 2015-03-18 10:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-18 09:51 - 2015-03-20 03:33 - 00015223 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 09:19 - 2015-03-25 11:32 - 00003056 _____ () C:\Windows\setupact.log
2015-03-18 09:19 - 2015-03-18 09:19 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 08:16 - 2015-03-06 08:16 - 00097792 _____ () C:\Users\rhcc-746\Documents\LSP TIRE ESTIMATE.xls
2015-03-04 14:11 - 2015-03-04 14:11 - 00097280 _____ () C:\Users\rhcc-746\Documents\Copy of $  Repair Estimate Form rev 6.xls
2015-03-04 06:49 - 2015-03-04 06:49 - 00000000 ____D () C:\Users\rhcc-746\Documents\Quotes
2015-03-01 09:14 - 2015-03-01 09:15 - 00000000 ____D () C:\Users\rhcc-746\Desktop\forms
2015-02-24 16:07 - 2015-02-24 16:17 - 00000000 ____D () C:\Users\rhcc-746\Desktop\Maint Manuals
2015-02-24 16:02 - 2015-03-01 09:22 - 00000000 ____D () C:\Users\rhcc-746\Desktop\Leader Folder
2015-02-24 16:00 - 2015-02-27 08:29 - 00000000 ____D () C:\Users\rhcc-746\Desktop\Tech Reports

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 11:36 - 2014-12-29 10:12 - 00368210 _____ () C:\Users\rhcc-746\AppData\Roaming\BAConfig.log
2015-03-20 15:34 - 2010-11-20 14:01 - 00827608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 05:43 - 2013-03-14 15:47 - 00000000 ____D () C:\ProgramData\CA
2015-03-19 15:02 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Default
2015-03-19 15:02 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2015-03-19 14:59 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-19 14:56 - 2009-07-13 21:34 - 00028080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-19 14:56 - 2009-07-13 21:34 - 00028080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-19 14:45 - 2009-07-13 19:03 - 47972352 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 18874368 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-18 10:18 - 2014-12-29 10:12 - 00000000 ____D () C:\Users\rhcc-746\AppData\Local\VirtualStore
2015-03-18 09:03 - 2013-03-14 21:46 - 00000000 ____D () C:\Windows\Minidump
2015-03-17 10:24 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-17 09:03 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-17 07:23 - 2015-01-09 13:27 - 00000000 ____D () C:\Users\rhcc-746\Documents\JAN2015
2015-03-16 13:53 - 2013-03-14 15:43 - 00000000 ____D () C:\ProgramData\DTRI
2015-03-16 12:42 - 2014-10-24 09:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 08:29 - 2013-03-14 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2015-03-06 08:29 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 11:43 - 2014-10-24 09:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-04 11:43 - 2014-10-24 09:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-04 06:45 - 2015-01-16 05:40 - 00000000 ____D () C:\Users\rhcc-746\Documents\Install Form
2015-03-04 06:45 - 2015-01-16 05:39 - 00000000 ____D () C:\Users\rhcc-746\Documents\90Dayisp

==================== Files in the root of some directories =======

2014-12-29 10:12 - 2015-03-25 11:36 - 0368210 _____ () C:\Users\rhcc-746\AppData\Roaming\BAConfig.log
2014-12-29 10:12 - 2013-03-20 15:45 - 0014136 _____ () C:\Users\rhcc-746\AppData\Roaming\DTSMCap.log
2014-12-29 10:12 - 2013-03-20 15:45 - 0000332 _____ () C:\Users\rhcc-746\AppData\Roaming\DTSMCapSetting.ini
2014-12-29 10:12 - 2014-07-08 10:53 - 0000266 _____ () C:\Users\rhcc-746\AppData\Roaming\KeyEventExe.log
2014-10-24 09:14 - 2014-10-24 09:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-05 09:15

==================== End Of Log ============================

 

HIjackThis!

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:10:14 PM, on 3/19/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Utilities\Button Manager\BMConfig.exe
C:\Windows\System32\KeyEventExe.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
C:\Users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
F:\clean up sw\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [GfxServiceInstall] C:\Windows\system32\GfxCUIServiceInstall.vbs
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [BMConfig] C:\Program Files\Utilities\Button Manager\BMConfig.exe
O4 - HKLM\..\Run: [KeyEventExe] C:\Windows\system32\KeyEventExe.exe
O4 - HKLM\..\Run: [KWControl.exe] C:\Program Files\Utilities\KeyboardWedge\KWControl.exe
O4 - HKLM\..\Run: [CAConfig] C:\Program Files\DT Research\ClientAgent\CAConfig.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] osk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] osk.exe (User 'Default user')
O4 - Startup: eMailSignature 365.lnk = rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe
O4 - Global Startup: PenMount Monitor.lnk = C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Broken Internet access because of LSP chain gap (#50 in chain of 57 missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RHCC.local
O17 - HKLM\Software\..\Telephony: DomainName = RHCC.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RHCC.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RHCC.local
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Dell KACE Agent (AMPAgent) - Dell Inc. - C:\Program Files\Dell\KACE\AMPAgent.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: BMService - DT Research - C:\Program Files\Utilities\Button Manager\BMService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: DTMobilityTileExtension - DT Research - C:\Program Files\Utilities\MobilityTileExtension\MTEService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Sierra Wireless QDL Service (GobiQDLService) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
O23 - Service: DT Keyboard Wedge (KeyboardWedge) - DT Research - C:\Program Files\Utilities\KeyboardWedge\KWService.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Trend Micro Client/Server Security Agent (svcGenericHost) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
O23 - Service: SonicWALL Global VPN Client Service (SWGVCSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O23 - Service: WebDT CA Service - DT Research - C:\Program Files\DT Research\ClientAgent\CAService.exe
O23 - Service: WebDT CA Watchdog - Unknown owner - C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10890 bytes

 

 

ComboFix

 

ComboFix 15-03-14.03 - rhcc-746 03/25/2015  11:46:21.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3004.2063 [GMT -7:00]
Running from: E:\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\system32\AdobePDF.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-25 to 2015-03-25  )))))))))))))))))))))))))))))))
.
.
2015-03-25 19:48 . 2015-03-25 19:48 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05699B17-B35F-4B0B-BD79-4C0268F1A475}\offreg.dll
2015-03-25 19:48 . 2015-03-25 21:25 -------- d-----w- c:\users\rhcc-746\AppData\Local\temp
2015-03-25 19:48 . 2015-03-25 19:48 -------- d-----w- c:\users\Service Tab\AppData\Local\temp
2015-03-25 19:48 . 2015-03-25 19:48 -------- d-----w- c:\users\rhcc-749\AppData\Local\temp
2015-03-25 19:48 . 2015-03-25 19:48 -------- d-----w- c:\users\pgarrity\AppData\Local\temp
2015-03-25 19:48 . 2015-03-25 19:48 -------- d-----w- c:\users\ksisco\AppData\Local\temp
2015-03-25 19:48 . 2015-03-25 19:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-18 17:23 . 2015-03-18 17:23 -------- d-----w- c:\users\rhcc-746\AppData\Local\ElevatedDiagnostics
2015-03-18 17:07 . 2015-03-20 18:24 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-18 17:06 . 2015-03-20 18:24 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-18 17:06 . 2015-03-18 17:06 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-18 17:06 . 2015-03-18 17:06 -------- d-----w- c:\programdata\Malwarebytes
2015-03-18 17:06 . 2014-05-12 14:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-18 17:06 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-18 17:06 . 2015-03-18 17:06 -------- d-----w- c:\users\rhcc-746\AppData\Local\Programs
2015-03-18 17:05 . 2015-03-18 17:06 -------- d-----w- c:\programdata\AVAST Software
2015-03-18 17:04 . 2015-03-18 17:04 -------- d-----w- c:\users\rhcc-746\AppData\Roaming\SUPERAntiSpyware.com
2015-03-18 17:04 . 2015-03-18 17:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 18:43 . 2014-10-24 16:08 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-04 18:43 . 2014-10-24 16:08 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-10-24 12021464]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2012-08-17 131]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"BMConfig"="c:\program files\Utilities\Button Manager\BMConfig.exe" [2013-03-06 245760]
"KeyEventExe"="c:\windows\system32\KeyEventExe.exe" [2013-03-06 49152]
"KWControl.exe"="c:\program files\Utilities\KeyboardWedge\KWControl.exe" [2013-03-06 405504]
"CAConfig"="c:\program files\DT Research\ClientAgent\CAConfig.exe" [2013-03-12 774144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-10-24 143344]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-10-24 177136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-10-24 169456]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2013-07-16 1950744]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe" [2014-06-18 646144]
.
c:\users\rhcc-746\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eMailSignature 365.lnk - c:\users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe [2014-12-11 499296]
.
c:\users\pgarrity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SonicWALL Global VPN Client.lnk - c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe [2012-4-3 1407632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PenMount Monitor.lnk - c:\program files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe [2013-3-15 603856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-10-23 15:21 4825880 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCWatcher]
2013-03-12 01:39 106496 ----a-w- c:\program files\DT Research\ClientAgent\SCWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRUUpdater]
2011-11-04 00:41 329072 ----a-w- c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
2011-08-04 21:37 140656 ----a-w- c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
.
R1 SASDIFSV;SASDIFSV;e:\clean up sw\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;e:\clean up sw\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 cpcecont;CPC-PP/ECO device driver;c:\windows\system32\drivers\cpcecont.sys [2010-11-08 24560]
R2 cpcppnt;CPC-PP device driver;c:\windows\system32\drivers\cpcppnt.sys [2010-11-08 23560]
R2 KeyboardWedge;DT Keyboard Wedge;c:\program files\Utilities\KeyboardWedge\KWService.exe [2013-03-06 348160]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-07-18 143360]
R3 cpcusb;cpcusb;c:\windows\system32\DRIVERS\cpcusbxp.sys [2010-11-08 50968]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DtrFlashDrv;DtrFlashDrv;c:\windows\system32\DtrFlashDrv.sys [2013-01-31 16864]
R3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\gobi3kfilter.sys [2010-12-13 27264]
R3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\gobi3kserial.sys [2011-07-07 194048]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-08-23 242480]
R3 pmhidusb;pmhidusb;c:\windows\system32\drivers\pmhidusb.sys [2013-02-14 51200]
R3 pmserenum;PenMount Serial Device Enumeration Service;c:\windows\system32\DRIVERS\pmserenum.sys [2013-02-14 28160]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-06-02 57856]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-04-26 45056]
R3 S6000KNT;Alcor WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]
R3 Ser2plx86;Prolific Serial port WDF driver;c:\windows\system32\DRIVERS\ser2pl.sys [2014-09-03 140800]
R3 swg3kmbb00;Sierra Wireless QMI USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\swg3kmbb00.sys [2011-11-10 382976]
R3 swg3knmea00;Sierra Wireless QMI NMEA Serial Communication;c:\windows\system32\drivers\swg3knmea00.sys [2011-08-18 216192]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2012-02-07 21016]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-10-30 62728]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-08-09 689712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-15 1343400]
S0 ACPISIM;DT ACPI BIOS Simulator Driver;c:\windows\system32\drivers\ACPISIM.sys [2012-07-13 15272]
S0 DTRACPIEC;DTR EC controller Driver;c:\windows\system32\drivers\DTREC.sys [2012-07-13 14888]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 66776]
S2 AMPAgent;Dell KACE Agent;c:\program files\Dell\KACE\AMPAgent.exe [2013-08-23 2872424]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-07-18 509456]
S2 BMService;BMService;c:\program files\Utilities\Button Manager\BMService.exe [2013-03-06 155648]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-08-23 104240]
S2 cpcxts;CPC-XT/104/104M device driver;c:\windows\system32\drivers\cpcxtsnt.sys [2010-11-08 69376]
S2 DTMobilityTileExtension;DTMobilityTileExtension;c:\program files\Utilities\MobilityTileExtension\MTEService.exe [2012-03-26 61440]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-11-25 312688]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-18 1590560]
S2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-05-26 76288]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2013-09-25 50200]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2012-04-03 228824]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2012-02-02 238960]
S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2012-04-03 84112]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 264504]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 36664]
S2 WebDT CA Service;WebDT CA Service;c:\program files\DT Research\ClientAgent\CAService.exe [2013-03-12 909312]
S2 WebDT CA Watchdog;WebDT CA Watchdog;c:\program files\DT Research\ClientAgent\CAWatchDog.exe [2013-03-12 180224]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-08-23 2778416]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-07-18 143360]
S3 cxbu1wdm;OEM USB Smart Card Reader;c:\windows\system32\DRIVERS\cxbu1wdm.sys [2014-09-04 128120]
S3 DTTabBtn;DT Tablet PC Buttons HID Driver;c:\windows\system32\drivers\DTTabBtn.sys [2012-07-13 17448]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2014-10-24 1349632]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2014-10-24 435200]
S3 iomem;iomem;c:\windows\system32\iomem.sys [2013-01-31 15584]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [2014-10-24 10383568]
S3 pmhidmini;pmhidmini;c:\windows\system32\drivers\pmhidmini.sys [2013-02-14 3712]
S3 pmmouhid;PenMount HID Mouse Device Driver;c:\windows\system32\drivers\pmmouhid.sys [2013-02-14 5632]
S3 pmmouser;pmmouser;c:\windows\system32\drivers\pmmouser.sys [2013-02-14 68096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-10-24 719064]
S3 swg3knet00;Sierra Wireless WMI USB-NDIS miniport;c:\windows\system32\DRIVERS\swg3knet00.sys [2014-10-24 323344]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys [2014-10-24 228112]
S3 swibus00;Sierra Wireless Bus Enumerator 00;c:\windows\system32\DRIVERS\swibus00.sys [2014-10-24 73488]
S3 swibusflt00;Sierra Wireless Bus Enumerator Filter 00;c:\windows\system32\DRIVERS\swibusflt00.sys [2014-10-24 73488]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24 18:43]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.26.38.1 172.26.38.2
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files\Citrix\ICA Client\WFCRUN32.EXE
.
**************************************************************************
.
Completion time: 2015-03-25  14:28:18 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-25 21:28
ComboFix2.txt  2015-03-19 22:02
.
Pre-Run: 17,971,216,384 bytes free
Post-Run: 17,823,055,872 bytes free
.
- - End Of File - - 7FA2468FA3ED12EBA4937810FB62BD6F
A36C5E4F47E84449FF07ED3517B43A31

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by rhcc-746 at 2015-03-25 11:38:09
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Button Manager (HKLM\...\InstallShield_{43585EF3-DACE-4DFB-B46B-E9F7C6CB8279}) (Version: 2.2.1.12 - DT Research)
Button Manager (Version: 2.2.1.12 - DT Research) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citrix Receiver (Enterprise) (HKLM\...\CitrixOnlinePluginFull) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Dell KACE Agent (HKLM\...\{45C1BF25-8330-4E6F-8CFB-BE8FC39387F5}) (Version: 5.5.25198 - Dell Inc.)
Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
DTSMCap (HKLM\...\InstallShield_{A4084C71-74D0-436F-85DA-DE6818197BF0}) (Version: 1.0.0.27 - DT Research)
DTSMCap (Version: 1.0.0.27 - DT Research) Hidden
eMailSignature 365 (HKLM\...\{49D3D6D5-60B4-4481-AB67-2B7110C72745}) (Version: 1.1.37 - eMailSignature)
FlashWare (HKLM\...\{F73DCC19-27DA-4F3F-9B2C-03C56368C269}) (Version: 1.1.09 - Raymond)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1086 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
KeyboardWedge (HKLM\...\InstallShield_{443D4FB0-9137-4C6A-BD45-1B39EB82EA6F}) (Version: 2.5.0.8 - DT Research)
KeyboardWedge (Version: 2.5.0.8 - DT Research) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileFrame Windows Client (HKLM\...\{FC9C0E6C-B6B2-40D8-A9B6-65E700F59A30}) (Version: 5.2.42 - MobileFrame)
MobilityTileExtension (HKLM\...\InstallShield_{DEAC61F8-341A-49A6-9049-3EAFDB1B7E8D}) (Version: 1.0.0.9 - DT Research) <==== ATTENTION
MobilityTileExtension (Version: 1.0.0.9 - DT Research) Hidden <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PenMount Windows Universal Driver(WHQL) V2.4.0.306 (HKLM\...\PenMount Touch Solutions) (Version:  - PenMount)
PeripheralScanningTool (HKLM\...\InstallShield_{0C548EF7-0901-4086-84D7-D890D8A99C22}) (Version: 1.0.0.11 - DT Research)
PeripheralScanningTool (Version: 1.0.0.11 - DT Research) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC)
Raymond Technical Publication Library 2.10.21 (HKLM\...\Raymond Technical Publication Library 2.10.21) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RICOH Media Driver v2.15.17.02 (HKLM\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Sierra Wireless AirCard Watcher (HKLM\...\{D203592B-9FA2-49CA-99A1-1FB4832DD2E8}) (Version: 6.0.3375.0003 - Sierra Wireless Inc.)
Sierra Wireless QMI Driver Package (HKLM\...\SWIQMIDrvInstaller) (Version: 1.0.30.0 - Sierra Wireless Inc.)
SonicWALL Global VPN Client (HKLM\...\{52ABB5F7-2B03-4FCD-A83F-63166186BF00}) (Version: 4.7.3 - SonicWALL)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.3.1033 - Trend Micro)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.62 - uvnc bvba)
Windows Development Kit 4.07.2 (HKLM\...\Windows Development Kit) (Version: 4.07.2 - EMS Dr. Thomas Wünsche)
Windows Driver Package - Realtek (RTL8167) Net  (10/25/2012 7.065.1025.2012) (HKLM\...\2D50A91C430B0CAECB073D3712D09BDA4F3F8532) (Version: 10/25/2012 7.065.1025.2012 - Realtek)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

18-03-2015 09:01:37 Installed Intel® Network Connections.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-03-19 14:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13801459-B26D-42C5-B07F-4D576063AAB5} - System32\Tasks\{6A664331-EA5C-4366-A7A6-A818FD11D028} => pcalua.exe -a "C:\Users\rhcc-746\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7ZQDQ4Y\setup_en.exe" -d C:\Users\rhcc-746\Desktop
Task: {31352FD1-93F1-46A3-8081-81E899172786} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {48EC5BDA-2906-4D1F-8733-D0CF6C5D293C} - System32\Tasks\Driver Booster SkipUAC (Service Tab) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2014-10-22] (IObit)
Task: {5A707294-FE36-48A2-8B6D-8A22592E7B9A} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit)
Task: {736EA2CF-9BA5-419A-8AC3-97A69A442CEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04] (Adobe Systems Incorporated)
Task: {83027BE9-CF70-4D93-B685-513BAB0520E5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A34F8D92-89EE-498D-ACC7-7C3587B3456D} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-10-08] (IObit)
Task: {E431A82D-2A41-4DE2-A6F9-0A94F75817E7} - System32\Tasks\Driver Booster SkipUAC (pgarrity) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2014-10-22] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-14 15:47 - 2013-03-11 18:40 - 00034816 _____ () C:\Program Files\DT Research\ClientAgent\WlanCfgIPSetting.dll
2013-03-14 15:47 - 2013-03-11 18:39 - 00135168 _____ () C:\Program Files\DT Research\ClientAgent\ProfileSetting.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00016896 _____ () C:\Program Files\DT Research\ClientAgent\CALocalizedResource.dll
2013-03-14 15:47 - 2011-03-31 10:55 - 00967168 _____ () C:\Program Files\DT Research\ClientAgent\libxml2.dll
2013-03-14 15:47 - 2010-08-17 13:55 - 00073728 _____ () C:\Program Files\DT Research\ClientAgent\zlib1.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00180224 _____ () C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe
2013-03-15 18:01 - 2013-02-14 13:45 - 00603856 _____ () C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
2013-03-15 18:01 - 2013-02-14 13:45 - 00114688 _____ () C:\Program Files\PenMount Windows Universal Driver(WHQL)\SMHOOK.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\Control Panel\Desktop\\Wallpaper -> C:\Users\rhcc-746\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: SCWatcher => C:\Program Files\DT Research\ClientAgent\SCWatcher.exe
MSCONFIG\startupreg: TRUUpdater => "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
MSCONFIG\startupreg: WatcherHelper => "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1247247887-1063734348-580844743-500 - Administrator - Disabled)
Guest (S-1-5-21-1247247887-1063734348-580844743-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: mv video hook driver2
Description: mv video hook driver2
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: UVNC BVBA
Service: mv2
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 1747 has occurred.

The authentication service is unknown.

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N2800 @ 1.86GHz
Percentage of memory in use: 31%
Total physical RAM: 3004.3 MB
Available physical RAM: 2058.22 MB
Total Pagefile: 6006.89 MB
Available Pagefile: 5051.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.4 GB) (Free:16.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:0.03 GB) (Free:0.01 GB) NTFS
Drive e: (Transcend) (Removable) (Total:7.34 GB) (Free:7.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: E4D57C12)
Partition 1: (Active) - (Size=200 MB) - (Type=27)
Partition 2: (Not Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=32 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0C)

==================== End Of Log ============================

 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 26 March 2015 - 12:42 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      • Enable free trial of Malwarebytes Anti-Malware Premium
      • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.

    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 irishitguy

irishitguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 26 March 2015 - 03:38 PM

Good Day Sir,

 

Got the latest scan logs for you.  Thanks so much for all of your help!

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by rhcc-746 at 2015-03-26 13:30:46
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Client/Server Security Agent Antivirus (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Button Manager (HKLM\...\InstallShield_{43585EF3-DACE-4DFB-B46B-E9F7C6CB8279}) (Version: 2.2.1.12 - DT Research)
Button Manager (Version: 2.2.1.12 - DT Research) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citrix Receiver (Enterprise) (HKLM\...\CitrixOnlinePluginFull) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Dell KACE Agent (HKLM\...\{45C1BF25-8330-4E6F-8CFB-BE8FC39387F5}) (Version: 5.5.25198 - Dell Inc.)
Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
DTSMCap (HKLM\...\InstallShield_{A4084C71-74D0-436F-85DA-DE6818197BF0}) (Version: 1.0.0.27 - DT Research)
DTSMCap (Version: 1.0.0.27 - DT Research) Hidden
eMailSignature 365 (HKLM\...\{49D3D6D5-60B4-4481-AB67-2B7110C72745}) (Version: 1.1.37 - eMailSignature)
FlashWare (HKLM\...\{F73DCC19-27DA-4F3F-9B2C-03C56368C269}) (Version: 1.1.09 - Raymond)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1086 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
KeyboardWedge (HKLM\...\InstallShield_{443D4FB0-9137-4C6A-BD45-1B39EB82EA6F}) (Version: 2.5.0.8 - DT Research)
KeyboardWedge (Version: 2.5.0.8 - DT Research) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileFrame Windows Client (HKLM\...\{FC9C0E6C-B6B2-40D8-A9B6-65E700F59A30}) (Version: 5.2.42 - MobileFrame)
MobilityTileExtension (HKLM\...\InstallShield_{DEAC61F8-341A-49A6-9049-3EAFDB1B7E8D}) (Version: 1.0.0.9 - DT Research) <==== ATTENTION
MobilityTileExtension (Version: 1.0.0.9 - DT Research) Hidden <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PenMount Windows Universal Driver(WHQL) V2.4.0.306 (HKLM\...\PenMount Touch Solutions) (Version:  - PenMount)
PeripheralScanningTool (HKLM\...\InstallShield_{0C548EF7-0901-4086-84D7-D890D8A99C22}) (Version: 1.0.0.11 - DT Research)
PeripheralScanningTool (Version: 1.0.0.11 - DT Research) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC)
Raymond Technical Publication Library 2.10.21 (HKLM\...\Raymond Technical Publication Library 2.10.21) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RICOH Media Driver v2.15.17.02 (HKLM\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Sierra Wireless AirCard Watcher (HKLM\...\{D203592B-9FA2-49CA-99A1-1FB4832DD2E8}) (Version: 6.0.3375.0003 - Sierra Wireless Inc.)
Sierra Wireless QMI Driver Package (HKLM\...\SWIQMIDrvInstaller) (Version: 1.0.30.0 - Sierra Wireless Inc.)
SonicWALL Global VPN Client (HKLM\...\{52ABB5F7-2B03-4FCD-A83F-63166186BF00}) (Version: 4.7.3 - SonicWALL)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.3.1033 - Trend Micro)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.62 - uvnc bvba)
Windows Development Kit 4.07.2 (HKLM\...\Windows Development Kit) (Version: 4.07.2 - EMS Dr. Thomas Wünsche)
Windows Driver Package - Realtek (RTL8167) Net  (10/25/2012 7.065.1025.2012) (HKLM\...\2D50A91C430B0CAECB073D3712D09BDA4F3F8532) (Version: 10/25/2012 7.065.1025.2012 - Realtek)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

26-03-2015 13:09:39 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-03-25 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13801459-B26D-42C5-B07F-4D576063AAB5} - System32\Tasks\{6A664331-EA5C-4366-A7A6-A818FD11D028} => pcalua.exe -a "C:\Users\rhcc-746\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7ZQDQ4Y\setup_en.exe" -d C:\Users\rhcc-746\Desktop
Task: {31352FD1-93F1-46A3-8081-81E899172786} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {48EC5BDA-2906-4D1F-8733-D0CF6C5D293C} - \Driver Booster SkipUAC (Service Tab) No Task File <==== ATTENTION
Task: {5A707294-FE36-48A2-8B6D-8A22592E7B9A} - \Driver Booster Update No Task File <==== ATTENTION
Task: {736EA2CF-9BA5-419A-8AC3-97A69A442CEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04] (Adobe Systems Incorporated)
Task: {83027BE9-CF70-4D93-B685-513BAB0520E5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A34F8D92-89EE-498D-ACC7-7C3587B3456D} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {E431A82D-2A41-4DE2-A6F9-0A94F75817E7} - \Driver Booster SkipUAC (pgarrity) No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2009-11-24 15:12 - 2009-11-24 15:12 - 00164864 _____ () C:\Program Files\Utilities\KeyboardWedge\PRJDLL693.DLL
2009-11-24 15:12 - 2009-11-24 15:12 - 00481280 _____ () C:\Program Files\Utilities\KeyboardWedge\ANTINTERFACE.DLL
2009-11-24 15:12 - 2009-11-24 15:12 - 00155136 _____ () C:\Program Files\Utilities\KeyboardWedge\S443PROTOCOL.DLL
2012-03-14 15:11 - 2012-03-14 15:11 - 00086016 _____ () C:\Program Files\Utilities\KeyboardWedge\DT_WM200RFIDAPI.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00034816 _____ () C:\Program Files\DT Research\ClientAgent\WlanCfgIPSetting.dll
2013-03-14 15:47 - 2013-03-11 18:39 - 00135168 _____ () C:\Program Files\DT Research\ClientAgent\ProfileSetting.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00016896 _____ () C:\Program Files\DT Research\ClientAgent\CALocalizedResource.dll
2013-03-14 15:47 - 2011-03-31 10:55 - 00967168 _____ () C:\Program Files\DT Research\ClientAgent\libxml2.dll
2013-03-14 15:47 - 2010-08-17 13:55 - 00073728 _____ () C:\Program Files\DT Research\ClientAgent\zlib1.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00180224 _____ () C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe
2013-03-15 18:01 - 2013-02-14 13:45 - 00603856 _____ () C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
2013-03-15 18:01 - 2013-02-14 13:45 - 00114688 _____ () C:\Program Files\PenMount Windows Universal Driver(WHQL)\SMHOOK.DLL
2014-10-24 10:24 - 2013-04-12 17:41 - 00345112 _____ () C:\Program Files\Trend Micro\BM\TMBMSRV.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\Control Panel\Desktop\\Wallpaper -> C:\Users\rhcc-746\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.33 - 192.168.1.10

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: SCWatcher => C:\Program Files\DT Research\ClientAgent\SCWatcher.exe
MSCONFIG\startupreg: TRUUpdater => "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
MSCONFIG\startupreg: WatcherHelper => "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1247247887-1063734348-580844743-500 - Administrator - Disabled)
Guest (S-1-5-21-1247247887-1063734348-580844743-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: mv video hook driver2
Description: mv video hook driver2
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: UVNC BVBA
Service: mv2
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N2800 @ 1.86GHz
Percentage of memory in use: 40%
Total physical RAM: 3004.3 MB
Available physical RAM: 1775.94 MB
Total Pagefile: 6006.89 MB
Available Pagefile: 4390.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.4 GB) (Free:17.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:0.03 GB) (Free:0.01 GB) NTFS
Drive e: (Transcend) (Removable) (Total:7.34 GB) (Free:7.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: E4D57C12)
Partition 1: (Active) - (Size=200 MB) - (Type=27)
Partition 2: (Not Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=32 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0C)

==================== End Of Log ============================

 

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 12:08:02
# Updated 22/03/2015 by Xplode
# Database : 2015-03-22.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : rhcc-746 - RHCC-746-TAB
# Running from : E:\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Service Tab\AppData\Local\Innovative Solutions

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

*************************

AdwCleaner[R0].txt - [764 bytes] - [26/03/2015 12:02:05]
AdwCleaner[S0].txt - [694 bytes] - [26/03/2015 12:08:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [752  bytes] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by rhcc-746 (administrator) on RHCC-746-TAB on 26-03-2015 13:28:31
Running from E:\
Loaded Profiles: rhcc-746 (Available profiles: ksisco & rhcc-746 & rhcc-749 & pgarrity)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\KACE\AMPAgent.exe
(DT Research) C:\Program Files\Utilities\Button Manager\BMService.exe
(DT Research) C:\Program Files\Utilities\MobilityTileExtension\MTEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
(DT Research) C:\Program Files\Utilities\KeyboardWedge\KWService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
(DT Research) C:\Program Files\DT Research\ClientAgent\CAService.exe
() C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(DT Research) C:\Program Files\Utilities\Button Manager\BMConfig.exe
(DT Research) C:\Windows\System32\KeyEventExe.exe
(DT Research) C:\Program Files\DT Research\ClientAgent\CAConfig.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(DT Research) C:\Program Files\Utilities\KeyboardWedge\KWControl.exe
() C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
(eMailSignature) C:\Users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-10-24] (Realtek Semiconductor)
HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-08-16] ()
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [BMConfig] => C:\Program Files\Utilities\Button Manager\BMConfig.exe [245760 2013-03-06] (DT Research)
HKLM\...\Run: [KeyEventExe] => C:\Windows\system32\KeyEventExe.exe [49152 2013-03-06] (DT Research)
HKLM\...\Run: [KWControl.exe] => C:\Program Files\Utilities\KeyboardWedge\KWControl.exe [405504 2013-03-05] (DT Research)
HKLM\...\Run: [CAConfig] => C:\Program Files\DT Research\ClientAgent\CAConfig.exe [774144 2013-03-11] (DT Research)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1950744 2013-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [646144 2014-06-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PenMount Monitor.lnk
ShortcutTarget: PenMount Monitor.lnk -> C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe ()
Startup: C:\Users\pgarrity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk
ShortcutTarget: SonicWALL Global VPN Client.lnk -> C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe (SonicWALL, Inc.)
Startup: C:\Users\rhcc-746\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eMailSignature 365.lnk
ShortcutTarget: eMailSignature 365.lnk -> C:\Users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe (eMailSignature)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.33 192.168.1.10

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2014-10-24]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-01-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMPAgent; C:\Program Files\Dell\KACE\AMPAgent.exe [2872424 2013-08-23] (Dell Inc.) [File not signed]
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509456 2012-07-18] (Intel Corporation)
R2 BMService; C:\Program Files\Utilities\Button Manager\BMService.exe [155648 2013-03-06] (DT Research) [File not signed]
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-08-23] (Intel® Corporation)
R2 DTMobilityTileExtension; C:\Program Files\Utilities\MobilityTileExtension\MTEService.exe [61440 2012-03-26] (DT Research) [File not signed]
R2 GobiQDLService; C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [312688 2011-11-25] (Sierra Wireless, Inc.)
R2 KeyboardWedge; C:\Program Files\Utilities\KeyboardWedge\KWService.exe [348160 2013-03-05] (DT Research) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242480 2012-08-23] ()
R2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1298880 2013-10-06] (Trend Micro Inc.)
R2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50200 2013-09-25] (Trend Micro Inc.)
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [228824 2012-04-03] (SonicWALL, Inc.)
R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2012-02-01] (Sierra Wireless, Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-04-12] () [File not signed]
R2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1477328 2013-08-14] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)
R2 WebDT CA Service; C:\Program Files\DT Research\ClientAgent\CAService.exe [909312 2013-03-11] (DT Research) [File not signed]
R2 WebDT CA Watchdog; C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe [180224 2013-03-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPISIM; C:\Windows\System32\drivers\ACPISIM.sys [15272 2012-07-13] (DT Research, Inc)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-07-18] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-07-18] (Windows ® Win 7 DDK provider)
S2 cpcecont; C:\Windows\system32\drivers\cpcecont.sys [24560 2010-11-08] (EMS Dr. Thomas Wuensche)
S2 cpcppnt; C:\Windows\system32\drivers\cpcppnt.sys [23560 2010-11-08] (EMS Dr. Thomas Wuensche)
S3 cpcusb; C:\Windows\System32\DRIVERS\cpcusbxp.sys [50968 2010-11-08] (EMS Dr. Thomas Wuensche)
R2 cpcxts; C:\Windows\system32\drivers\cpcxtsnt.sys [69376 2010-11-08] (EMS Dr. Thomas Wuensche)
R3 cxbu1wdm; C:\Windows\System32\DRIVERS\cxbu1wdm.sys [128120 2014-09-04] ( )
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [109144 2011-08-04] (Citrix Systems, Inc.)
R0 DTRACPIEC; C:\Windows\System32\drivers\DTREC.sys [14888 2012-07-13] (DT Research, Inc)
S3 DtrFlashDrv; C:\Windows\system32\DtrFlashDrv.sys [16864 2013-01-31] (DT Research, Inc.)
R3 DTTabBtn; C:\Windows\system32\drivers\DTTabBtn.sys [17448 2012-07-13] (DT Research, Inc)
S3 gobi3kfilter; C:\Windows\system32\drivers\gobi3kfilter.sys [27264 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\system32\drivers\gobi3kserial.sys [194048 2011-07-06] (QUALCOMM Incorporated)
R3 iomem; C:\Windows\system32\iomem.sys [15584 2013-01-31] (DT Research, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10383568 2014-10-24] (Intel Corporation)
R3 pmhidmini; C:\Windows\system32\drivers\pmhidmini.sys [3712 2013-02-14] (PenMount Touch Solutions)
S3 pmhidusb; C:\Windows\system32\drivers\pmhidusb.sys [51200 2013-02-14] (PenMount Touch Solutions)
R3 pmmouhid; C:\Windows\system32\drivers\pmmouhid.sys [5632 2013-02-14] (PenMount Touch Solutions)
R3 pmmouser; C:\Windows\system32\drivers\pmmouser.sys [68096 2013-02-14] (PenMount Touch Solutions)
S3 pmserenum; C:\Windows\System32\DRIVERS\pmserenum.sys [28160 2013-02-14] (PenMount Touch Solutions)
R2 risdxc; C:\Windows\system32\drivers\risdxc86.sys [76288 2011-05-25] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [45056 2011-04-26] (REDC)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 swg3kmbb00; C:\Windows\System32\DRIVERS\swg3kmbb00.sys [382976 2011-11-09] (Sierra Wireless Incorporated)
R3 swg3knet00; C:\Windows\System32\DRIVERS\swg3knet00.sys [323344 2014-10-24] (Sierra Wireless Incorporated)
S3 swg3knmea00; C:\Windows\system32\drivers\swg3knmea00.sys [216192 2011-08-18] (Sierra Wireless Incorporated)
R3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [228112 2014-10-24] (Sierra Wireless Incorporated)
R3 swibus00; C:\Windows\System32\DRIVERS\swibus00.sys [73488 2014-10-24] (Sierra Wireless Inc.)
R3 swibusflt00; C:\Windows\System32\DRIVERS\swibusflt00.sys [73488 2014-10-24] (Sierra Wireless Inc.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [84112 2012-04-03] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2012-02-07] (SonicWALL, Inc.)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [74600 2012-10-30] () [File not signed]
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [258976 2012-11-13] () [File not signed]
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62728 2012-10-30] () [File not signed]
R2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [264504 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36664 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1515232 2012-07-17] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\rhcc-746\AppData\Local\Temp\catchme.sys [X]
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
S1 SASDIFSV; \??\E:\clean up sw\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\clean up sw\SUPERAntiSpyware\SASKUTIL.SYS [X]
S3 SWUMX20; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 13:27 - 2015-03-26 13:27 - 00000975 _____ () C:\Users\rhcc-746\Desktop\JRT.txt
2015-03-26 12:11 - 2015-03-26 12:11 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 12:02 - 2015-03-26 12:08 - 00000000 ____D () C:\AdwCleaner
2015-03-25 14:28 - 2015-03-25 14:28 - 00016233 _____ () C:\ComboFix.txt
2015-03-25 11:37 - 2015-03-26 13:28 - 00000000 ____D () C:\FRST
2015-03-20 16:45 - 2015-03-20 16:45 - 00000184 __RSH () C:\MSSTBJ.CAT
2015-03-20 11:24 - 2015-03-20 11:40 - 00000000 ____D () C:\Users\rhcc-746\Desktop\mbar
2015-03-20 11:24 - 2015-03-20 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-19 14:45 - 2015-03-25 12:48 - 00001104 _____ () C:\Windows\PFRO.log
2015-03-19 13:39 - 2015-03-25 14:28 - 00000000 ____D () C:\Qoobox
2015-03-19 13:39 - 2015-03-19 15:00 - 00000000 ____D () C:\Windows\erdnt
2015-03-19 13:39 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-19 13:39 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-19 13:39 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-18 10:07 - 2015-03-26 12:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 10:06 - 2015-03-26 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 10:06 - 2015-03-26 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-18 10:06 - 2015-03-18 10:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 10:06 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 10:06 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 10:06 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 10:05 - 2015-03-18 10:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-18 10:04 - 2015-03-18 10:04 - 00000000 ____D () C:\Users\rhcc-746\AppData\Roaming\SUPERAntiSpyware.com
2015-03-18 10:04 - 2015-03-18 10:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-18 09:51 - 2015-03-26 13:29 - 00057171 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 09:19 - 2015-03-26 12:13 - 00003168 _____ () C:\Windows\setupact.log
2015-03-18 09:19 - 2015-03-18 09:19 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 08:16 - 2015-03-06 08:16 - 00097792 _____ () C:\Users\rhcc-746\Documents\LSP TIRE ESTIMATE.xls
2015-03-04 14:11 - 2015-03-04 14:11 - 00097280 _____ () C:\Users\rhcc-746\Documents\Copy of $  Repair Estimate Form rev 6.xls
2015-03-04 06:49 - 2015-03-04 06:49 - 00000000 ____D () C:\Users\rhcc-746\Documents\Quotes
2015-03-01 09:14 - 2015-03-01 09:15 - 00000000 ____D () C:\Users\rhcc-746\Desktop\forms
2015-02-24 16:07 - 2015-02-24 16:17 - 00000000 ____D () C:\Users\rhcc-746\Desktop\Maint Manuals
2015-02-24 16:02 - 2015-03-01 09:22 - 00000000 ____D () C:\Users\rhcc-746\Desktop\Leader Folder
2015-02-24 16:00 - 2015-02-27 08:29 - 00000000 ____D () C:\Users\rhcc-746\Desktop\Tech Reports

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 13:24 - 2014-12-29 10:12 - 00381184 _____ () C:\Users\rhcc-746\AppData\Roaming\BAConfig.log
2015-03-26 13:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-03-26 12:42 - 2014-10-24 09:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 12:23 - 2009-07-13 21:34 - 00028080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 12:23 - 2009-07-13 21:34 - 00028080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 12:14 - 2014-10-24 09:29 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2015-03-26 12:13 - 2013-03-14 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2015-03-26 12:13 - 2010-11-20 14:01 - 00827608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 12:13 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 14:25 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-20 05:43 - 2013-03-14 15:47 - 00000000 ____D () C:\ProgramData\CA
2015-03-19 15:02 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Default
2015-03-19 15:02 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2015-03-19 14:45 - 2009-07-13 19:03 - 47972352 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 18874368 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-18 10:18 - 2014-12-29 10:12 - 00000000 ____D () C:\Users\rhcc-746\AppData\Local\VirtualStore
2015-03-18 09:03 - 2013-03-14 21:46 - 00000000 ____D () C:\Windows\Minidump
2015-03-17 10:24 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-17 09:03 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-17 07:23 - 2015-01-09 13:27 - 00000000 ____D () C:\Users\rhcc-746\Documents\JAN2015
2015-03-16 13:53 - 2013-03-14 15:43 - 00000000 ____D () C:\ProgramData\DTRI
2015-03-04 11:43 - 2014-10-24 09:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-04 11:43 - 2014-10-24 09:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-04 06:45 - 2015-01-16 05:40 - 00000000 ____D () C:\Users\rhcc-746\Documents\Install Form
2015-03-04 06:45 - 2015-01-16 05:39 - 00000000 ____D () C:\Users\rhcc-746\Documents\90Dayisp

==================== Files in the root of some directories =======

2014-12-29 10:12 - 2015-03-26 13:24 - 0381184 _____ () C:\Users\rhcc-746\AppData\Roaming\BAConfig.log
2014-12-29 10:12 - 2013-03-20 15:45 - 0014136 _____ () C:\Users\rhcc-746\AppData\Roaming\DTSMCap.log
2014-12-29 10:12 - 2013-03-20 15:45 - 0000332 _____ () C:\Users\rhcc-746\AppData\Roaming\DTSMCapSetting.ini
2014-12-29 10:12 - 2014-07-08 10:53 - 0000266 _____ () C:\Users\rhcc-746\AppData\Roaming\KeyEventExe.log
2014-10-24 09:14 - 2014-10-24 09:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\rhcc-746\AppData\Local\temp\Quarantine.exe
C:\Users\rhcc-746\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-26 13:02

==================== End Of Log ============================

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Professional x86
Ran by rhcc-746 on Thu 03/26/2015 at 13:16:37.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster Scan
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (pgarrity)
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster SkipUAC (Service Tab)
Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Booster Update

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/26/2015 at 13:27:51.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/26/2015
Scan Time: 12:15:56 PM
Logfile: MWBytes.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.03.26.06
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: rhcc-746

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 494345
Time Elapsed: 27 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 26 March 2015 - 04:07 PM

Hey,
well done. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 29 March 2015 - 06:16 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 30 March 2015 - 02:53 PM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 irishitguy

irishitguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 30 March 2015 - 02:55 PM

Thank you sir! Sorry about the last delay...To answer your question, the PC is running better. Now able to get internet connectivity. Running ESET now and will post the logs as soon as they are all available.

 

Best,

Irish



#12 irishitguy

irishitguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 30 March 2015 - 03:30 PM

Hi Mach,

 

We are all finished! ESET found nothing so there is no log to post.  Below are the FRST logs.

 

Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by rhcc-746 (administrator) on RHCC-746-TAB on 30-03-2015 08:23:22
Running from C:\Users\rhcc-746\Desktop
Loaded Profiles: rhcc-746 (Available profiles: ksisco & rhcc-746 & rhcc-749 & pgarrity)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\KACE\AMPAgent.exe
(DT Research) C:\Program Files\Utilities\Button Manager\BMService.exe
(DT Research) C:\Program Files\Utilities\MobilityTileExtension\MTEService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
(DT Research) C:\Program Files\Utilities\KeyboardWedge\KWService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
(DT Research) C:\Program Files\DT Research\ClientAgent\CAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
() C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(DT Research) C:\Program Files\Utilities\Button Manager\BMConfig.exe
(DT Research) C:\Windows\System32\KeyEventExe.exe
(DT Research) C:\Program Files\DT Research\ClientAgent\CAConfig.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(DT Research) C:\Program Files\Utilities\KeyboardWedge\KWControl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
(eMailSignature) C:\Users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe
() C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Dell Inc.) C:\Program Files\Dell\KACE\KLaunch.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Dell Inc.) C:\Program Files\Dell\KACE\runkbot.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\KACE\KInventory.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-10-24] (Realtek Semiconductor)
HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-08-16] ()
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [BMConfig] => C:\Program Files\Utilities\Button Manager\BMConfig.exe [245760 2013-03-06] (DT Research)
HKLM\...\Run: [KeyEventExe] => C:\Windows\system32\KeyEventExe.exe [49152 2013-03-06] (DT Research)
HKLM\...\Run: [KWControl.exe] => C:\Program Files\Utilities\KeyboardWedge\KWControl.exe [405504 2013-03-05] (DT Research)
HKLM\...\Run: [CAConfig] => C:\Program Files\DT Research\ClientAgent\CAConfig.exe [774144 2013-03-11] (DT Research)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1950744 2013-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-18\...\RunOnce: [osk.exe] => C:\Windows\system32\osk.exe [646144 2014-06-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PenMount Monitor.lnk
ShortcutTarget: PenMount Monitor.lnk -> C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe ()
Startup: C:\Users\pgarrity\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SonicWALL Global VPN Client.lnk
ShortcutTarget: SonicWALL Global VPN Client.lnk -> C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe (SonicWALL, Inc.)
Startup: C:\Users\rhcc-746\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eMailSignature 365.lnk
ShortcutTarget: eMailSignature 365.lnk -> C:\Users\rhcc-746\AppData\Roaming\eMailSignature\eMailSignature 365\emsclient.exe (eMailSignature)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.33 192.168.1.10

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2014-10-24]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-01-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMPAgent; C:\Program Files\Dell\KACE\AMPAgent.exe [2872424 2013-08-23] (Dell Inc.) [File not signed]
R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [509456 2012-07-18] (Intel Corporation)
R2 BMService; C:\Program Files\Utilities\Button Manager\BMService.exe [155648 2013-03-06] (DT Research) [File not signed]
R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-08-23] (Intel® Corporation)
R2 DTMobilityTileExtension; C:\Program Files\Utilities\MobilityTileExtension\MTEService.exe [61440 2012-03-26] (DT Research) [File not signed]
R2 GobiQDLService; C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [312688 2011-11-25] (Sierra Wireless, Inc.)
R2 KeyboardWedge; C:\Program Files\Utilities\KeyboardWedge\KWService.exe [348160 2013-03-05] (DT Research) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242480 2012-08-23] ()
R2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1298880 2013-10-06] (Trend Micro Inc.)
R2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [50200 2013-09-25] (Trend Micro Inc.)
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [228824 2012-04-03] (SonicWALL, Inc.)
R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2012-02-01] (Sierra Wireless, Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-04-12] () [File not signed]
R2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1477328 2013-08-14] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)
R2 WebDT CA Service; C:\Program Files\DT Research\ClientAgent\CAService.exe [909312 2013-03-11] (DT Research) [File not signed]
R2 WebDT CA Watchdog; C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe [180224 2013-03-11] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPISIM; C:\Windows\System32\drivers\ACPISIM.sys [15272 2012-07-13] (DT Research, Inc)
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [143360 2012-07-18] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [143360 2012-07-18] (Windows ® Win 7 DDK provider)
S2 cpcecont; C:\Windows\system32\drivers\cpcecont.sys [24560 2010-11-08] (EMS Dr. Thomas Wuensche)
S2 cpcppnt; C:\Windows\system32\drivers\cpcppnt.sys [23560 2010-11-08] (EMS Dr. Thomas Wuensche)
S3 cpcusb; C:\Windows\System32\DRIVERS\cpcusbxp.sys [50968 2010-11-08] (EMS Dr. Thomas Wuensche)
R2 cpcxts; C:\Windows\system32\drivers\cpcxtsnt.sys [69376 2010-11-08] (EMS Dr. Thomas Wuensche)
R3 cxbu1wdm; C:\Windows\System32\DRIVERS\cxbu1wdm.sys [128120 2014-09-04] ( )
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [109144 2011-08-04] (Citrix Systems, Inc.)
R0 DTRACPIEC; C:\Windows\System32\drivers\DTREC.sys [14888 2012-07-13] (DT Research, Inc)
S3 DtrFlashDrv; C:\Windows\system32\DtrFlashDrv.sys [16864 2013-01-31] (DT Research, Inc.)
R3 DTTabBtn; C:\Windows\system32\drivers\DTTabBtn.sys [17448 2012-07-13] (DT Research, Inc)
S3 gobi3kfilter; C:\Windows\system32\drivers\gobi3kfilter.sys [27264 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\system32\drivers\gobi3kserial.sys [194048 2011-07-06] (QUALCOMM Incorporated)
R3 iomem; C:\Windows\system32\iomem.sys [15584 2013-01-31] (DT Research, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10383568 2014-10-24] (Intel Corporation)
R3 pmhidmini; C:\Windows\system32\drivers\pmhidmini.sys [3712 2013-02-14] (PenMount Touch Solutions)
S3 pmhidusb; C:\Windows\system32\drivers\pmhidusb.sys [51200 2013-02-14] (PenMount Touch Solutions)
R3 pmmouhid; C:\Windows\system32\drivers\pmmouhid.sys [5632 2013-02-14] (PenMount Touch Solutions)
R3 pmmouser; C:\Windows\system32\drivers\pmmouser.sys [68096 2013-02-14] (PenMount Touch Solutions)
S3 pmserenum; C:\Windows\System32\DRIVERS\pmserenum.sys [28160 2013-02-14] (PenMount Touch Solutions)
R2 risdxc; C:\Windows\system32\drivers\risdxc86.sys [76288 2011-05-25] (REDC)
S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [45056 2011-04-26] (REDC)
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 swg3kmbb00; C:\Windows\System32\DRIVERS\swg3kmbb00.sys [382976 2011-11-09] (Sierra Wireless Incorporated)
R3 swg3knet00; C:\Windows\System32\DRIVERS\swg3knet00.sys [323344 2014-10-24] (Sierra Wireless Incorporated)
S3 swg3knmea00; C:\Windows\system32\drivers\swg3knmea00.sys [216192 2011-08-18] (Sierra Wireless Incorporated)
R3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [228112 2014-10-24] (Sierra Wireless Incorporated)
R3 swibus00; C:\Windows\System32\DRIVERS\swibus00.sys [73488 2014-10-24] (Sierra Wireless Inc.)
R3 swibusflt00; C:\Windows\System32\DRIVERS\swibusflt00.sys [73488 2014-10-24] (Sierra Wireless Inc.)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [84112 2012-04-03] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2012-02-07] (SonicWALL, Inc.)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [74600 2012-10-30] () [File not signed]
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [258976 2012-11-13] () [File not signed]
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62728 2012-10-30] () [File not signed]
R2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [264504 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36664 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1515232 2012-07-17] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\rhcc-746\AppData\Local\Temp\catchme.sys [X]
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
S1 SASDIFSV; \??\E:\clean up sw\SUPERAntiSpyware\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\E:\clean up sw\SUPERAntiSpyware\SASKUTIL.SYS [X]
S3 SWUMX20; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 08:23 - 2015-03-30 08:25 - 00020223 _____ () C:\Users\rhcc-746\Desktop\FRST.txt
2015-03-30 08:06 - 2015-03-25 11:25 - 01135104 _____ (Farbar) C:\Users\rhcc-746\Desktop\FRST.exe
2015-03-26 12:11 - 2015-03-26 12:11 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 12:02 - 2015-03-26 12:08 - 00000000 ____D () C:\AdwCleaner
2015-03-25 14:28 - 2015-03-25 14:28 - 00016233 _____ () C:\ComboFix.txt
2015-03-25 11:37 - 2015-03-30 08:23 - 00000000 ____D () C:\FRST
2015-03-20 16:45 - 2015-03-20 16:45 - 00000184 __RSH () C:\MSSTBJ.CAT
2015-03-20 11:24 - 2015-03-20 11:40 - 00000000 ____D () C:\Users\rhcc-746\Desktop\mbar
2015-03-20 11:24 - 2015-03-20 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-19 14:45 - 2015-03-25 12:48 - 00001104 _____ () C:\Windows\PFRO.log
2015-03-19 13:39 - 2015-03-25 14:28 - 00000000 ____D () C:\Qoobox
2015-03-19 13:39 - 2015-03-19 15:00 - 00000000 ____D () C:\Windows\erdnt
2015-03-19 13:39 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-19 13:39 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-19 13:39 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-19 13:39 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-18 10:07 - 2015-03-30 08:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-18 10:06 - 2015-03-26 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-18 10:06 - 2015-03-26 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-18 10:06 - 2015-03-18 10:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-18 10:06 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-18 10:06 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-18 10:06 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-18 10:05 - 2015-03-18 10:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-18 10:04 - 2015-03-18 10:04 - 00000000 ____D () C:\Users\rhcc-746\AppData\Roaming\SUPERAntiSpyware.com
2015-03-18 10:04 - 2015-03-18 10:04 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-18 09:51 - 2015-03-30 08:23 - 00070580 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 09:19 - 2015-03-30 08:18 - 00003224 _____ () C:\Windows\setupact.log
2015-03-18 09:19 - 2015-03-18 09:19 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 08:16 - 2015-03-06 08:16 - 00097792 _____ () C:\Users\rhcc-746\Documents\LSP TIRE ESTIMATE.xls
2015-03-04 14:11 - 2015-03-04 14:11 - 00097280 _____ () C:\Users\rhcc-746\Documents\Copy of $  Repair Estimate Form rev 6.xls
2015-03-04 06:49 - 2015-03-04 06:49 - 00000000 ____D () C:\Users\rhcc-746\Documents\Quotes
2015-03-01 09:14 - 2015-03-01 09:15 - 00000000 ____D () C:\Users\rhcc-746\Desktop\forms

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 08:20 - 2014-10-24 09:29 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2015-03-30 08:19 - 2014-12-29 10:12 - 00382616 _____ () C:\Users\rhcc-746\AppData\Roaming\BAConfig.log
2015-03-30 08:19 - 2013-03-14 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2015-03-30 08:18 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 08:09 - 2010-11-20 14:01 - 00827608 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 07:56 - 2014-10-24 09:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 13:10 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-03-26 12:23 - 2009-07-13 21:34 - 00028080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 12:23 - 2009-07-13 21:34 - 00028080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 14:25 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-20 05:43 - 2013-03-14 15:47 - 00000000 ____D () C:\ProgramData\CA
2015-03-19 15:02 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Default
2015-03-19 15:02 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2015-03-19 14:45 - 2009-07-13 19:03 - 47972352 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 18874368 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-03-19 14:45 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-18 10:18 - 2014-12-29 10:12 - 00000000 ____D () C:\Users\rhcc-746\AppData\Local\VirtualStore
2015-03-18 09:03 - 2013-03-14 21:46 - 00000000 ____D () C:\Windows\Minidump
2015-03-17 10:24 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-17 09:03 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-17 07:23 - 2015-01-09 13:27 - 00000000 ____D () C:\Users\rhcc-746\Documents\JAN2015
2015-03-16 13:53 - 2013-03-14 15:43 - 00000000 ____D () C:\ProgramData\DTRI
2015-03-04 11:43 - 2014-10-24 09:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-04 11:43 - 2014-10-24 09:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-04 06:45 - 2015-01-16 05:40 - 00000000 ____D () C:\Users\rhcc-746\Documents\Install Form
2015-03-04 06:45 - 2015-01-16 05:39 - 00000000 ____D () C:\Users\rhcc-746\Documents\90Dayisp
2015-03-01 09:22 - 2015-02-24 16:02 - 00000000 ____D () C:\Users\rhcc-746\Desktop\Leader Folder

==================== Files in the root of some directories =======

2014-12-29 10:12 - 2015-03-30 08:19 - 0382616 _____ () C:\Users\rhcc-746\AppData\Roaming\BAConfig.log
2014-12-29 10:12 - 2013-03-20 15:45 - 0014136 _____ () C:\Users\rhcc-746\AppData\Roaming\DTSMCap.log
2014-12-29 10:12 - 2013-03-20 15:45 - 0000332 _____ () C:\Users\rhcc-746\AppData\Roaming\DTSMCapSetting.ini
2014-12-29 10:12 - 2014-07-08 10:53 - 0000266 _____ () C:\Users\rhcc-746\AppData\Roaming\KeyEventExe.log
2014-10-24 09:14 - 2014-10-24 09:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-26 13:02

==================== End Of Log ============================

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by rhcc-746 at 2015-03-30 08:16:54 Run:1
Running from C:\Users\rhcc-746\Desktop
Loaded Profiles: rhcc-746 &  (Available profiles: ksisco & rhcc-746 & rhcc-749 & pgarrity)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
*****************

"HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
EmptyTemp: => Removed 80 MB temporary data.

The system needed a reboot.

==== End of Fixlog 08:17:21 ====

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by rhcc-746 at 2015-03-30 08:26:35
Running from C:\Users\rhcc-746\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Client/Server Security Agent Antivirus (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Button Manager (HKLM\...\InstallShield_{43585EF3-DACE-4DFB-B46B-E9F7C6CB8279}) (Version: 2.2.1.12 - DT Research)
Button Manager (Version: 2.2.1.12 - DT Research) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citrix Receiver (Enterprise) (HKLM\...\CitrixOnlinePluginFull) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Dell KACE Agent (HKLM\...\{45C1BF25-8330-4E6F-8CFB-BE8FC39387F5}) (Version: 5.5.25198 - Dell Inc.)
Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
DTSMCap (HKLM\...\InstallShield_{A4084C71-74D0-436F-85DA-DE6818197BF0}) (Version: 1.0.0.27 - DT Research)
DTSMCap (Version: 1.0.0.27 - DT Research) Hidden
eMailSignature 365 (HKLM\...\{49D3D6D5-60B4-4481-AB67-2B7110C72745}) (Version: 1.1.37 - eMailSignature)
FlashWare (HKLM\...\{F73DCC19-27DA-4F3F-9B2C-03C56368C269}) (Version: 1.1.09 - Raymond)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1086 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
KeyboardWedge (HKLM\...\InstallShield_{443D4FB0-9137-4C6A-BD45-1B39EB82EA6F}) (Version: 2.5.0.8 - DT Research)
KeyboardWedge (Version: 2.5.0.8 - DT Research) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileFrame Windows Client (HKLM\...\{FC9C0E6C-B6B2-40D8-A9B6-65E700F59A30}) (Version: 5.2.42 - MobileFrame)
MobilityTileExtension (HKLM\...\InstallShield_{DEAC61F8-341A-49A6-9049-3EAFDB1B7E8D}) (Version: 1.0.0.9 - DT Research) <==== ATTENTION
MobilityTileExtension (Version: 1.0.0.9 - DT Research) Hidden <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
PenMount Windows Universal Driver(WHQL) V2.4.0.306 (HKLM\...\PenMount Touch Solutions) (Version:  - PenMount)
PeripheralScanningTool (HKLM\...\InstallShield_{0C548EF7-0901-4086-84D7-D890D8A99C22}) (Version: 1.0.0.11 - DT Research)
PeripheralScanningTool (Version: 1.0.0.11 - DT Research) Hidden
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC)
Raymond Technical Publication Library 2.10.21 (HKLM\...\Raymond Technical Publication Library 2.10.21) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RICOH Media Driver v2.15.17.02 (HKLM\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Sierra Wireless AirCard Watcher (HKLM\...\{D203592B-9FA2-49CA-99A1-1FB4832DD2E8}) (Version: 6.0.3375.0003 - Sierra Wireless Inc.)
Sierra Wireless QMI Driver Package (HKLM\...\SWIQMIDrvInstaller) (Version: 1.0.30.0 - Sierra Wireless Inc.)
SonicWALL Global VPN Client (HKLM\...\{52ABB5F7-2B03-4FCD-A83F-63166186BF00}) (Version: 4.7.3 - SonicWALL)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.3.1033 - Trend Micro)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.62 - uvnc bvba)
Windows Development Kit 4.07.2 (HKLM\...\Windows Development Kit) (Version: 4.07.2 - EMS Dr. Thomas Wünsche)
Windows Driver Package - Realtek (RTL8167) Net  (10/25/2012 7.065.1025.2012) (HKLM\...\2D50A91C430B0CAECB073D3712D09BDA4F3F8532) (Version: 10/25/2012 7.065.1025.2012 - Realtek)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

26-03-2015 13:09:39 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-03-25 14:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13801459-B26D-42C5-B07F-4D576063AAB5} - System32\Tasks\{6A664331-EA5C-4366-A7A6-A818FD11D028} => pcalua.exe -a "C:\Users\rhcc-746\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7ZQDQ4Y\setup_en.exe" -d C:\Users\rhcc-746\Desktop
Task: {31352FD1-93F1-46A3-8081-81E899172786} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {48EC5BDA-2906-4D1F-8733-D0CF6C5D293C} - \Driver Booster SkipUAC (Service Tab) No Task File <==== ATTENTION
Task: {5A707294-FE36-48A2-8B6D-8A22592E7B9A} - \Driver Booster Update No Task File <==== ATTENTION
Task: {736EA2CF-9BA5-419A-8AC3-97A69A442CEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04] (Adobe Systems Incorporated)
Task: {83027BE9-CF70-4D93-B685-513BAB0520E5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A34F8D92-89EE-498D-ACC7-7C3587B3456D} - \Driver Booster Scan No Task File <==== ATTENTION
Task: {E431A82D-2A41-4DE2-A6F9-0A94F75817E7} - \Driver Booster SkipUAC (pgarrity) No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2009-11-24 15:12 - 2009-11-24 15:12 - 00164864 _____ () C:\Program Files\Utilities\KeyboardWedge\PRJDLL693.DLL
2009-11-24 15:12 - 2009-11-24 15:12 - 00481280 _____ () C:\Program Files\Utilities\KeyboardWedge\ANTINTERFACE.DLL
2009-11-24 15:12 - 2009-11-24 15:12 - 00155136 _____ () C:\Program Files\Utilities\KeyboardWedge\S443PROTOCOL.DLL
2012-03-14 15:11 - 2012-03-14 15:11 - 00086016 _____ () C:\Program Files\Utilities\KeyboardWedge\DT_WM200RFIDAPI.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00034816 _____ () C:\Program Files\DT Research\ClientAgent\WlanCfgIPSetting.dll
2013-03-14 15:47 - 2013-03-11 18:39 - 00135168 _____ () C:\Program Files\DT Research\ClientAgent\ProfileSetting.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00016896 _____ () C:\Program Files\DT Research\ClientAgent\CALocalizedResource.dll
2013-03-14 15:47 - 2011-03-31 10:55 - 00967168 _____ () C:\Program Files\DT Research\ClientAgent\libxml2.dll
2013-03-14 15:47 - 2010-08-17 13:55 - 00073728 _____ () C:\Program Files\DT Research\ClientAgent\zlib1.dll
2013-03-14 15:47 - 2013-03-11 18:40 - 00180224 _____ () C:\Program Files\DT Research\ClientAgent\CAWatchDog.exe
2013-03-15 18:01 - 2013-02-14 13:45 - 00603856 _____ () C:\Program Files\PenMount Windows Universal Driver(WHQL)\PMonitor.exe
2013-03-15 18:01 - 2013-02-14 13:45 - 00114688 _____ () C:\Program Files\PenMount Windows Universal Driver(WHQL)\SMHOOK.DLL
2014-10-24 10:24 - 2013-04-12 17:41 - 00345112 _____ () C:\Program Files\Trend Micro\BM\TMBMSRV.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1621964705-1223632591-1745900225-17308\Control Panel\Desktop\\Wallpaper -> C:\Users\rhcc-746\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.33 - 192.168.1.10

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: SCWatcher => C:\Program Files\DT Research\ClientAgent\SCWatcher.exe
MSCONFIG\startupreg: TRUUpdater => "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
MSCONFIG\startupreg: WatcherHelper => "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1247247887-1063734348-580844743-500 - Administrator - Disabled)
Guest (S-1-5-21-1247247887-1063734348-580844743-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: mv video hook driver2
Description: mv video hook driver2
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: UVNC BVBA
Service: mv2
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2015 08:18:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 08:18:03 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

System errors:
=============
Error: (03/30/2015 08:25:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Dell KACE Software Meter service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (03/30/2015 08:22:52 AM) (Source: Application Management Group Policy) (EventID: 103) (User: NT AUTHORITY)
Description: The removal of the assignment of application NextForWindows from policy INSTALLEBS failed.  The error was : %%2

Error: (03/30/2015 08:20:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (03/30/2015 08:19:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: RHCC)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/30/2015 08:18:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (03/30/2015 08:18:52 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/30/2015 08:18:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CPC-PP device driver service failed to start due to the following error:
%%20

Error: (03/30/2015 08:18:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CPC-PP/ECO device driver service failed to start due to the following error:
%%20

Error: (03/30/2015 08:18:49 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain RHCC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/30/2015 08:18:48 AM) (Source: SCardSvr) (EventID: 602) (User: )
Description: Access is denied.

Microsoft Office Sessions:
=========================
Error: (03/30/2015 08:18:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 08:18:03 AM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, The media is write protected.

==================== Memory info ===========================

Processor: Intel® Atom™ CPU N2800 @ 1.86GHz
Percentage of memory in use: 66%
Total physical RAM: 3004.3 MB
Available physical RAM: 1015.45 MB
Total Pagefile: 6006.89 MB
Available Pagefile: 3605.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:51.4 GB) (Free:17.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:0.03 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: E4D57C12)
Partition 1: (Active) - (Size=200 MB) - (Type=27)
Partition 2: (Not Active) - (Size=51.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=32 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=27)

==================== End Of Log ============================



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 30 March 2015 - 03:38 PM

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 irishitguy

irishitguy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 30 March 2015 - 04:56 PM

Thanks so much for all of your help! I will see what I can do to help you out with that beer $$.

 

Have a great week!

 

~Irish

 

# DelFix v10.8 - Logfile created 30/03/2015 at 13:55:20
# Updated 29/07/2014 by Xplode
# Username : pgarrity - RHCC-746-TAB
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #38 [Scheduled Checkpoint | 03/26/2015 20:09:39]
Deleted : RP #39 [Windows Update | 03/30/2015 15:43:31]
Deleted : RP #40 [Windows Update | 03/30/2015 16:17:08]

New restore point created !

########## - EOF - ##########



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:37 AM

Posted 31 March 2015 - 06:48 AM

Thanks for the donation. :)

Any further questions before I close this topic as solved?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users