Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit:Java/Obfuscator.w found by MS Safety Scanner - Help Removing, Please


  • This topic is locked This topic is locked
15 replies to this topic

#1 mudhustler

mudhustler

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 31 March 2015 - 10:57 AM

First, thanks for taking a look at my problem.  Your attention and time are appreciated!

 

The machine in question is a Dell Precision M6600 running Windows 7 Pro.  A scan with Vipre from ThreatTrack Security discovered a file it called Lookslike.swf.malware.h which it quarantined and eventually deleted.  Subsequent deep scans with Vipre came up clean.  However, Microsoft Safety Scanner came back with 12 files infected, calling the malware Exploit.Java/Obfuscator.w.  The MS scanner said it could not do anything about the matter.

 

All updates to Windows, Vipre, Java and Adobe products have been made and the machine is currently not displaying any strange behavior.  However, since it is a machine that gets heavy use on very important, time-sensitive projects, I would like to get ahead of the issue and do anything I can to remove the threat entirely.  Normally I would just back up the data and do a clean reinstall of Windows but this particular machine is chock full of difficult to reinstall software that I would much rather leave in place.

 

Any assistance is very much appreciated.

 

-Scott



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:07 PM

Posted 01 April 2015 - 06:20 AM

Hello mudhustler and welcome to BleepingComputer!        :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.         :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please post Microsoft Security Scanner log, you can find it from C:\Windows\Debug\msert.log.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 01 April 2015 - 10:24 AM

Thanks for getting back with me, Sirawit.  I'll have access to that particular machine later today and will be able to gather the information you've requested then.



#4 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 01 April 2015 - 04:03 PM

Here is the msert.log

 

Microsoft Safety Scanner v1.0, (build 1.195.587.0)
Started On Fri Mar 27 15:30:52 2015

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:6896,ProcessStart:130719653392812410 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:6120,ProcessStart:130719653394060514 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:7792,ProcessStart:130719654467897993 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{284a4d4d-b24f-11e4-999a-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{75c8bfb3-c1fb-11e4-b491-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{7cd9fafa-cdc1-11e4-b418-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{8ff720a2-bc84-11e4-b46f-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{97153c1c-b24b-11e4-97e8-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{99919789-b318-11e4-b4d1-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{9f4596bf-c77b-11e4-b267-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{aa5ed432-b187-11e4-84c7-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ef8b20e0-d270-11e4-b4e4-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
Threat detected: Exploit:Java/Obfuscator.W
    containerfile://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a
        SHA1:   3860c84acd0333330f70a2eff15f6f3a398d8e0b
    containerfile://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9
        SHA1:   f630fcc99f31e0f01b1e8dfe69fa4b8af3a08918
    file://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->BBQhUvJd.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->gTtMxbFaI.class
        SigSeq: 0x00008129FD641D48
    file://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->kjve.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->LRNQygTUPH.class
        SigSeq: 0x00008129FD641D48
    file://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->mWnHgpNDrO.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\****************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->RdXhqKbBN.class
        SigSeq: 0x00008129FD641D48
        SHA1:   9cc187fcdec443f57115db03938e43e70eec5b52
    file://C:\Users\******************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->agRJuW.class
        SigSeq: 0x00008129FD641D48
    file://C:\Users\******************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->AwQTy.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\******************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->fhiGeBC.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\******************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->nOoiz.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\******************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->sITeMd.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\******************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->YDbf.class
        SigSeq: 0x00008129FD641D48
        SHA1:   0647a2f57dbdc3ea71ff0a72dd3ecfd42780619d

Results Summary:
----------------
Found Exploit:Java/Obfuscator.W (detected suspiciously)
Microsoft Safety Scanner Finished On Fri Mar 27 17:40:22 2015

Return code: 6 (0x6)



#5 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 01 April 2015 - 04:49 PM

Here is the contents of the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by mudhustler at 2015-04-01 15:08:37
Running from C:\Users\mudhustler.BIZNESS\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AASHTO LRFD Bridge Design Specifications 2008 (HKLM\...\{32BB7802-813A-4805-8B52-47EF65E3955C}) (Version: 1.00.0000 - AASHTO)
AASHTO LRFD Bridge Design Specifications 2009 (HKLM\...\{962271E0-E37C-41D8-878B-6F681D53AAFD}) (Version: 1.00.0000 - AASHTO)
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Ajera (HKLM\...\Ajera) (Version:  - Axium)
ATI Catalyst Install Manager (HKLM\...\{6BFC99F0-4F94-E736-93F3-08EAD60FA69E}) (Version: 3.0.825.0 - ATI Technologies, Inc.)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.7.18 - Belarc Inc.)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
BRASS-CULVERT 2.3.4 (HKLM\...\BRASS-CULVERT) (Version: 2.3.4 - Wyoming Department of Transportation)
BRASS-DIST™ 2.1.2-SP2 (HKLM\...\BRASS-DIST™) (Version: 2.1.2-SP2 - Wyoming Department of Transportation)
BRASS-GIRDER(LRFD)™ 2.1.4 (HKLM\...\BRASS-GIRDER(LRFD)™) (Version: 2.1.4 - Wyoming Department of Transportation)
BRASS-PAD™ 3.0.3 (HKLM\...\BRASS-PAD™) (Version: 3.0.3 - Wyoming Department of Transportation)
BRASS-PIER(LRFD) 2.1.3 (HKLM\...\BRASS-PIER(LRFD)) (Version: 2.1.3 - Wyoming Department of Transportation)
BRASS-SPLICE™ 4.0.3 (HKLM\...\BRASS-SPLICE™) (Version: 4.0.3 - Wyoming Department of Transportation)
BRASS™ Library Utility 2.1.0 (HKLM\...\BRASS™ Library Utility) (Version: 2.1.0 - Wyoming Department of Transportation)
Bridge Rating 6.5.0 (Single Workstation) (HKLM\...\{83130B06-378E-4BB7-9835-9B17DF86C5FE}) (Version: 6.5.0 - AASHTO)
CDOT Bridge Geometry 3.0.2 (HKLM\...\{92EF6233-C12B-446B-91F5-9E0283B9E143}) (Version: 3.0.2 - Colorado DOT)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5127 - CyberLink Corp.)
Dell Command | Update (HKLM\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 2.2.117.284 - Broadcom Corporation) Hidden
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00001.000 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.00.00.149 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
EasyLicense (HKLM\...\{7A5FE105-23B2-47A2-AAF4-7F67452BBE48}) (Version: 1.00.0010 - IES)
EMBASSY Client Core (Version: 01.00.00.055 - Wave Systems Corp.) Hidden
FB-MultiPier (HKLM\...\{5CA9FC4B-451C-427B-A546-34499522B7BC}) (Version: 4.19.37 - Florida Bridge Software Institute)
FileOpen Client (HKLM\...\{AC184566-C420-4995-934B-97BE1A7DEC06}) (Version: 3.0.89.925 - FileOpen Systems, Inc.)
FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader® (HKLM\...\{AE6C085B-3F64-4383-BBD5-E8FE4F1DA514}) (Version: 2.0.3.874 - FileOpen Systems, Inc.)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.6.2492 (HKU\S-1-5-21-181820113-3339272012-3098101244-1165\...\GoToMeeting) (Version: 7.1.6.2492 - CitrixOnline)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel® Identity Protection Technology 1.2.27.0 (HKLM\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM\...\{10646d92-9ed8-4cb1-b215-caf8daff592e}) (Version: 16.1.1 - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LEAP CONSPAN (HKLM\...\{F1F8CA94-7B60-4CD1-87B6-69F6B92E7752}) (Version: 13.00.00.68 - Bentley Systems, Incorporated)
LEAP CONSPAN (Version: 13.00.00.68 - Bentley Systems, Incorporated) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mathcad 14.0 M020 (HKLM\...\{8796E14E-2031-463F-8A9A-31062B2652B4}) (Version: 14.0.2.0 - PTC)
Mathcad 14.0 M020 Help (HKLM\...\{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}) (Version: 14.0.2.0 - PTC)
Mathcad 14.0 M020 Resource Center (HKLM\...\{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}) (Version: 14.0.2.0 - PTC)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Policies (HKLM\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{938A412F-78C1-4158-8590-038A1D670A57}) (Version: 3.0.07.47 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.47 - O2Micro International LTD.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.02.00.119 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.059 - Wave Systems Corp.) Hidden
ProjectWise Explorer V8i (SELECTseries 3) (HKLM\...\{0307198A-4CB7-5737-8C4C-F2A66328AC8D}) (Version: 08.11.9122 - Bentley Systems, Incorporated)
ProjectWise Prerequisite Runtimes V8i (SELECTseries 3) (HKLM\...\{8D246840-57A7-4D7F-9055-BFB462E72C67}) (Version: 08.11.9122 - Bentley Systems, Incorporated)
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{F4404924-FF02-4515-9458-5C6F7E7E2C22}) (Version: 13.0.2.469 - SAP)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Slab (HKLM\...\{200DEF90-BC3F-446B-AC14-4A04A5593FE6}) (Version: 2.1.0 - Colorado DOT)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
spColumn v4.81 (HKLM\...\spColumn v4.81) (Version: 4.81 - STRUCTUREPOINT, LLC)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VIPRE Antivirus (HKLM\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Antivirus (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
VisualAnalysis 10.0 (HKLM\...\VisualAnalysis 10.0) (Version: 10.00.0003 - IES, Inc.)
Wave Infrastructure Installer (Version: 07.03.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.068 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-181820113-3339272012-3098101244-1165_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\webex\1326\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-181820113-3339272012-3098101244-1165_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mudhustler.BIZNESS\AppData\Local\Citrix\GoToMeeting\2033\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-181820113-3339272012-3098101244-1165_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\mudhustler.BIZNESS\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated. (the data entry has 11 more characters).

==================== Restore Points  =========================

10-03-2015 19:39:29 Windows Update
18-03-2015 17:29:54 Scheduled Checkpoint
25-03-2015 03:00:13 Windows Update
01-04-2015 10:22:33 Scheduled Checkpoint
01-04-2015 13:35:15 Installed Cisco AnyConnect Secure Mobility Client
01-04-2015 14:57:53 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2012-12-12 13:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12AA4060-01DC-4863-9D57-08587193AB40} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-24] (Google Inc.)
Task: {64CD73E3-B3C6-416E-928D-CF6F4AA4B534} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6F3AF235-B744-4017-9C52-A71E0337CF49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
Task: {8B8B1A1C-F66D-40A5-9CE7-97645FD29134} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8CE70C6C-58C5-4376-BEB7-16043F4BC1F7} - System32\Tasks\{FE7D01F8-84E0-4AAB-B935-CC45B7BAC590} => pcalua.exe -a C:\Users\mudhustler.BIZNESS\Desktop\HijackThis.exe -d C:\Users\mudhustler.BIZNESS\Desktop
Task: {94D5A434-D0C9-45AD-801B-A41FD4D85BE7} - System32\Tasks\Dell\Command Update => C:\Program Files\Dell\CommandUpdate\DellCommandUpdate.exe [2014-05-05] (Dell Inc.)
Task: {BCD3B75B-77A8-46FC-AF7F-AD0227E6E219} - System32\Tasks\{5358E35D-4261-41B7-B437-0199863BE664} => pcalua.exe -a "C:\Program Files\StructurePoint\spColumn\spColumn.exe" -d C:\PROGRA~1\STRUCT~1\spColumn
Task: {DBF62E1D-3E28-4E3D-B8A3-A2E4C9F6BDB4} - System32\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1325 => C:\Users\mckanna-koon\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-12-05] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DE964C27-4C23-4714-8391-F5EABA420130} - System32\Tasks\{9C5E38D6-1A99-47E7-8564-64FAB2B0CD58} => C:\Program Files\AASHTOWare\BrR65\BrR_Wkstn.exe [2013-07-26] (American Association of State Highway and Transportation Officials)
Task: {E02BD84C-6809-454A-B055-ABC43ED1FB72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-24] (Google Inc.)
Task: {E64B647D-3C81-4F6C-B731-728AD4BFCEFB} - System32\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1165 => C:\Users\mudhustler.BIZNESS\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exe [2015-03-30] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1165.job => C:\Users\mudhustler.BIZNESS\AppData\Local\Citrix\GoToMeeting\2492\g2mupdate.exeCC:\Users\mudhustler.ROC
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1325.job => C:\Users\mudhustler.BIZNESS\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-29 14:40 - 2012-07-31 11:33 - 00088688 _____ () C:\Windows\System32\cpwmon2k.dll
2010-06-25 23:03 - 2012-10-28 17:29 - 00041472 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\KOB__J_1.DLL
2012-01-17 09:37 - 2012-01-17 09:37 - 00179592 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 09:36 - 2012-01-17 09:36 - 00030600 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-08 21:56 - 2011-10-08 21:56 - 00003072 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-11-07 05:24 - 2011-11-07 05:24 - 00084992 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2014-05-12 10:48 - 2003-04-18 18:06 - 00008192 _____ () c:\Windows\system32\srvany.exe
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
2012-08-09 18:20 - 2011-07-25 08:43 - 00686704 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-01-29 11:28 - 2015-03-19 15:59 - 00192376 _____ () C:\Program Files\VIPRE\Definitions\libBase64.dll
2014-01-29 11:28 - 2015-03-19 15:59 - 00180088 _____ () C:\Program Files\VIPRE\Definitions\libMachoUniv.dll
2014-10-15 15:00 - 2014-10-15 15:00 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-08-09 18:16 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-11-19 09:36 - 2014-11-19 09:36 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-12-21 00:04 - 2013-12-21 00:04 - 03989888 _____ () C:\Program Files\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-05 22:33 - 2013-09-05 22:33 - 00672144 _____ () C:\Program Files\VIPRE\VSG.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-181820113-3339272012-3098101244-1165\Control Panel\Desktop\\Wallpaper -> C:\Users\mudhustler.BIZNESS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.25

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: FileOpenBroker => C:\Program Files\FileOpen\Services\FileOpenBroker32.exe

==================== Accounts: =============================

Administrator (S-1-5-21-4190446192-951485991-3546701035-500 - Administrator - Disabled)
Guest (S-1-5-21-4190446192-951485991-3546701035-501 - Limited - Disabled)
BIZNESS (S-1-5-21-4190446192-951485991-3546701035-1000 - Administrator - Enabled) => C:\Users\BIZNESS

==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 02:36:18 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (1180) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

    SessionId: 0x00E40320

    Session-context: 0x00000000

    Session-context ThreadId: 0x0000151C

    Cleanup: 1

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

Error: (04/01/2015 01:13:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/01/2015 10:23:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/01/2015 10:23:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/01/2015 01:14:40 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: BIZNESS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (04/01/2015 01:13:20 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (04/01/2015 01:13:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/01/2015 01:13:19 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BIZNESS due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/01/2015 01:12:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (04/01/2015 08:26:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/31/2015 10:33:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/31/2015 10:26:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/31/2015 10:25:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/31/2015 05:35:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (04/01/2015 02:36:18 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll1180SUS20ClientDataStore: 0320x00E403200x000000000x0000151C1

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED

Error: (04/01/2015 01:35:47 PM) (Source: acvpninstall) (EventID: 2) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: The system cannot find the path specified.

Error: (04/01/2015 01:13:26 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 10:23:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\O2Micro\Oz600\SD\dpinst64.exe

Error: (04/01/2015 10:23:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\O2Micro\Oz600\MD\dpinst64.exe


==================== Memory info ===========================

Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3317.02 MB
Available physical RAM: 1747.82 MB
Total Pagefile: 6632.32 MB
Available Pagefile: 4759.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:297.32 GB) (Free:204.56 GB) NTFS
Drive e: (Backup Drive) (Fixed) (Total:931.48 GB) (Free:222.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: F5EC9D1B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0003F448)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


And here is the contents of the FRST.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by mudhustler (administrator) on MUDHUSTLER-PC on 01-04-2015 15:06:16
Running from C:\Users\mudhustler.BIZNESS\Downloads
Loaded Profiles: mudhustler (Available profiles: mudhustler)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\System32\srvany.exe
(O2Micro.) C:\Windows\System32\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-23] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [323952 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [3445488 2013-07-17] (Intel® Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\mudhustler.BIZNESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\mudhustler.BIZNESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {1CE0957A-BE8B-4F61-B34D-2292A75FECD8} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1CE0957A-BE8B-4F61-B34D-2292A75FECD8} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> {B5208833-12AF-475A-969F-DDC3A8CF78DE} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://cdotv.dot.state.co.us/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-10-10] (Belarc, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.25

FireFox:
========
FF ProfilePath: C:\Users\mudhustler.BIZNESS\AppData\Roaming\Mozilla\Firefox\Profiles\z208pe66.default
FF Homepage: https://exchange.BIZNESS.com/ajera/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-181820113-3339272012-3098101244-1165: @citrixonline.com/appdetectorplugin -> C:\Users\mudhustler.BIZNESS\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-03-01] (Citrix Online)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\mudhustler.BIZNESS\AppData\Roaming\Mozilla\Firefox\Profiles\z208pe66.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-12-05]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-01-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Adobe Create PDF) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\plugin/npWCChromeExtnStub.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
CHR Extension: (Google Search) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-02-21]
CHR Extension: (Google Wallet) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-16]
CHR Extension: (Gmail) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2011-12-02] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [31648 2011-12-02] (Broadcom Corporation)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [179592 2012-01-17] ()
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe [213432 2012-10-17] (FileOpen Systems Inc.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212984 2012-05-21] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1517448 2011-11-11] (Wave Systems Corp.)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [266322 2011-01-06] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2864496 2011-12-08] (Wave Systems Corp.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1189376 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [145408 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2525936 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)
R3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112096 2013-02-13] (Windows ® Win 7 DDK provider)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [40040 2011-12-05] (Broadcom Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [11008 2011-07-19] (Dell Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [48928 2013-01-23] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10375680 2013-05-29] (Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [64872 2011-11-14] (O2Micro )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2012-08-09] (Dell Inc)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [76064 2013-04-12] (GFI Software)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-11-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 15:06 - 2015-04-01 15:08 - 00024238 _____ () C:\Users\mudhustler.BIZNESS\Downloads\FRST.txt
2015-04-01 15:05 - 2015-04-01 15:06 - 00000000 ____D () C:\FRST
2015-04-01 15:04 - 2015-04-01 15:04 - 01135104 _____ (Farbar) C:\Users\mudhustler.BIZNESS\Downloads\FRST.exe
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Cisco
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-31 22:28 - 2015-03-31 22:30 - 00073728 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-31.xls
2015-03-30 21:57 - 2015-03-30 21:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-27 15:28 - 2015-03-27 15:29 - 143263480 _____ (Microsoft Corporation) C:\Users\mudhustler.BIZNESS\Desktop\msert.exe
2015-03-27 11:36 - 2015-03-27 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-27 11:36 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-27 11:36 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-27 11:36 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-27 11:35 - 2015-03-27 11:35 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\mudhustler.BIZNESS\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-26 19:07 - 2015-03-26 19:08 - 00776168 _____ () C:\Windows\Minidump\032615-20592-01.dmp
2015-03-24 16:05 - 2015-03-10 21:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 16:05 - 2015-03-10 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 16:05 - 2015-03-10 21:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 17:23 - 2015-03-23 17:23 - 00053327 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez.out
2015-03-23 17:23 - 2015-03-23 17:23 - 00004679 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez.ERR
2015-03-22 19:18 - 2015-03-22 19:17 - 00002523 _____ () C:\Users\mudhustler.BIZNESS\Desktop\Starter Martinez.DAT
2015-03-22 19:18 - 2015-03-20 21:57 - 00003231 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez
2015-03-17 21:26 - 2015-03-17 21:34 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-17.xls
2015-03-16 21:57 - 2015-03-24 17:07 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-16.xls
2015-03-16 16:15 - 2015-03-16 16:15 - 00029256 _____ () C:\Users\mudhustler.BIZNESS\Documents\Colorado Municipality Pursuits Contacts_Mudhustler edits.xlsx
2015-03-10 19:29 - 2015-03-10 19:38 - 00073728 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-10.xls
2015-03-10 17:30 - 2015-03-05 23:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 17:30 - 2015-03-05 23:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 17:30 - 2015-03-05 23:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 17:30 - 2015-03-05 23:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 17:30 - 2015-03-05 23:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 17:30 - 2015-03-05 23:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 17:30 - 2015-03-05 23:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 17:30 - 2015-03-05 23:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 17:30 - 2015-02-25 21:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 17:30 - 2015-02-23 20:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 17:30 - 2015-02-20 18:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 17:30 - 2015-02-20 18:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 17:30 - 2015-02-20 18:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 17:30 - 2015-02-20 18:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 17:30 - 2015-02-20 17:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 17:30 - 2015-02-19 21:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 17:30 - 2015-02-19 20:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 17:30 - 2015-02-19 20:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 17:30 - 2015-02-19 20:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 17:30 - 2015-02-19 20:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 17:30 - 2015-02-19 20:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 17:30 - 2015-02-19 20:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 17:30 - 2015-02-19 20:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 17:30 - 2015-02-19 20:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 17:30 - 2015-02-19 20:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 17:30 - 2015-02-19 19:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 17:30 - 2015-02-19 19:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 17:30 - 2015-02-19 19:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 17:30 - 2015-02-19 19:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 17:30 - 2015-02-19 19:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 17:30 - 2015-02-19 19:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 17:30 - 2015-02-19 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 17:30 - 2015-02-19 19:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 17:30 - 2015-02-19 19:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 17:30 - 2015-02-19 19:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 17:30 - 2015-02-19 19:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 17:30 - 2015-02-19 19:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 17:30 - 2015-02-19 19:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 17:30 - 2015-02-19 18:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 17:30 - 2015-02-19 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 17:30 - 2015-02-12 23:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 17:30 - 2015-02-03 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 17:30 - 2015-02-02 21:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 17:30 - 2015-02-02 21:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 17:30 - 2015-01-30 21:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 17:30 - 2015-01-30 21:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 17:30 - 2015-01-30 18:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 17:30 - 2015-01-16 20:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 17:29 - 2015-02-02 21:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 17:29 - 2015-02-02 21:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 17:29 - 2015-02-02 21:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 17:29 - 2015-02-02 21:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 17:29 - 2015-02-02 21:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 17:29 - 2015-02-02 21:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 17:29 - 2015-02-02 21:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 17:29 - 2015-02-02 21:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 17:29 - 2015-02-02 21:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 17:29 - 2015-02-02 21:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 17:29 - 2015-02-02 21:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 17:29 - 2015-02-02 21:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 17:29 - 2015-02-02 20:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 17:29 - 2015-01-30 17:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 17:29 - 2014-10-31 16:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-03 17:25 - 2015-01-08 20:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:25 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:25 - 2015-01-08 20:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-02 21:25 - 2015-03-02 21:26 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-02-27.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 15:04 - 2012-08-22 13:13 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-01 15:01 - 2012-08-09 18:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 14:53 - 2012-08-24 11:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 14:48 - 2014-02-13 14:27 - 00000630 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1165.job
2015-04-01 14:41 - 2012-08-09 18:01 - 01584911 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 14:41 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 14:41 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 14:37 - 2010-11-20 15:01 - 00933860 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 14:27 - 2014-10-28 09:55 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\Documents\Outlook Files
2015-04-01 14:21 - 2014-12-05 18:39 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1325.job
2015-04-01 13:35 - 2014-02-12 12:51 - 00000000 ____D () C:\Program Files\Cisco
2015-04-01 13:34 - 2012-12-17 11:05 - 00055840 _____ () C:\Windows\setupact.log
2015-04-01 13:15 - 2012-08-09 18:48 - 00000000 ____D () C:\ProgramData\Sonic
2015-04-01 13:14 - 2012-08-24 11:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 13:13 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 22:26 - 2014-12-05 18:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-31 22:23 - 2014-12-05 18:19 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Deployment
2015-03-30 08:18 - 2012-12-18 13:17 - 00194924 _____ () C:\Windows\PFRO.log
2015-03-27 11:36 - 2012-12-14 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 19:07 - 2014-06-24 15:55 - 356419560 _____ () C:\Windows\MEMORY.DMP
2015-03-26 19:07 - 2014-06-24 15:55 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 03:06 - 2014-12-10 17:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:06 - 2014-05-08 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-20 18:54 - 2013-02-21 19:12 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 13:57 - 2014-08-13 15:28 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Adobe
2015-03-20 13:56 - 2012-08-09 18:02 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-20 13:56 - 2012-08-09 18:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-16 21:39 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-13 14:26 - 2012-12-05 12:03 - 00000448 __RSH () C:\Users\mudhustler.BIZNESS\ntuser.pol
2015-03-13 14:26 - 2012-08-24 10:26 - 00000000 ____D () C:\Users\mudhustler.BIZNESS
2015-03-12 16:37 - 2013-01-25 17:11 - 00000000 ____D () C:\Temp
2015-03-11 17:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 15:52 - 2009-07-13 22:33 - 00463128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 19:49 - 2012-08-22 12:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 19:49 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-10 19:48 - 2013-08-15 23:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 19:44 - 2012-08-23 15:49 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 14:52 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2012-05-21 15:00 - 2012-05-21 15:00 - 0020984 _____ (Intel Corporation) C:\Users\mudhustler.BIZNESS\AppData\Roaming\JomCap.dll
2014-10-28 11:13 - 2014-10-28 11:13 - 0007606 _____ () C:\Users\mudhustler.BIZNESS\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\mudhustler\Application DatadMb.dat
C:\Users\mudhustler.BIZNESS\Application DatadMb.dat


Some content of TEMP:
====================
C:\Users\mudhustler\AppData\Local\temp\G2MInstallerExtractor.exe
C:\Users\mudhustler\AppData\Local\temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:45

==================== End Of Log ============================



#6 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 01 April 2015 - 04:59 PM

And are the contents of the FRST.txt file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by mudhustler (administrator) on MUDHUSTLER-PC on 01-04-2015 15:06:16
Running from C:\Users\mudhustler.BIZNESS\Downloads
Loaded Profiles: mudhustler (Available profiles: mudhustler)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\System32\srvany.exe
(O2Micro.) C:\Windows\System32\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-23] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [323952 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [3445488 2013-07-17] (Intel® Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\mudhustler.BIZNESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\mudhustler.BIZNESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {1CE0957A-BE8B-4F61-B34D-2292A75FECD8} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1CE0957A-BE8B-4F61-B34D-2292A75FECD8} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> {B5208833-12AF-475A-969F-DDC3A8CF78DE} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://cdotv.dot.state.co.us/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-10-10] (Belarc, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.25

FireFox:
========
FF ProfilePath: C:\Users\mudhustler.BIZNESS\AppData\Roaming\Mozilla\Firefox\Profiles\z208pe66.default
FF Homepage: https://exchange.BIZNESS.com/ajera/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-181820113-3339272012-3098101244-1165: @citrixonline.com/appdetectorplugin -> C:\Users\mudhustler.BIZNESS\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-03-01] (Citrix Online)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\mudhustler.BIZNESS\AppData\Roaming\Mozilla\Firefox\Profiles\z208pe66.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-12-05]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-01-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Adobe Create PDF) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\plugin/npWCChromeExtnStub.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
CHR Extension: (Google Search) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-02-21]
CHR Extension: (Google Wallet) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-16]
CHR Extension: (Gmail) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2011-12-02] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [31648 2011-12-02] (Broadcom Corporation)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [179592 2012-01-17] ()
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe [213432 2012-10-17] (FileOpen Systems Inc.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212984 2012-05-21] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1517448 2011-11-11] (Wave Systems Corp.)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [266322 2011-01-06] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2864496 2011-12-08] (Wave Systems Corp.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1189376 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [145408 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2525936 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)
R3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112096 2013-02-13] (Windows ® Win 7 DDK provider)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [40040 2011-12-05] (Broadcom Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [11008 2011-07-19] (Dell Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [48928 2013-01-23] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10375680 2013-05-29] (Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [64872 2011-11-14] (O2Micro )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2012-08-09] (Dell Inc)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [76064 2013-04-12] (GFI Software)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-11-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 15:06 - 2015-04-01 15:08 - 00024238 _____ () C:\Users\mudhustler.BIZNESS\Downloads\FRST.txt
2015-04-01 15:05 - 2015-04-01 15:06 - 00000000 ____D () C:\FRST
2015-04-01 15:04 - 2015-04-01 15:04 - 01135104 _____ (Farbar) C:\Users\mudhustler.BIZNESS\Downloads\FRST.exe
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Cisco
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-31 22:28 - 2015-03-31 22:30 - 00073728 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-31.xls
2015-03-30 21:57 - 2015-03-30 21:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-27 15:28 - 2015-03-27 15:29 - 143263480 _____ (Microsoft Corporation) C:\Users\mudhustler.BIZNESS\Desktop\msert.exe
2015-03-27 11:36 - 2015-03-27 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-27 11:36 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-27 11:36 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-27 11:36 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-27 11:35 - 2015-03-27 11:35 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\mudhustler.BIZNESS\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-26 19:07 - 2015-03-26 19:08 - 00776168 _____ () C:\Windows\Minidump\032615-20592-01.dmp
2015-03-24 16:05 - 2015-03-10 21:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 16:05 - 2015-03-10 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 16:05 - 2015-03-10 21:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 17:23 - 2015-03-23 17:23 - 00053327 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez.out
2015-03-23 17:23 - 2015-03-23 17:23 - 00004679 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez.ERR
2015-03-22 19:18 - 2015-03-22 19:17 - 00002523 _____ () C:\Users\mudhustler.BIZNESS\Desktop\Starter Martinez.DAT
2015-03-22 19:18 - 2015-03-20 21:57 - 00003231 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez
2015-03-17 21:26 - 2015-03-17 21:34 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-17.xls
2015-03-16 21:57 - 2015-03-24 17:07 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-16.xls
2015-03-16 16:15 - 2015-03-16 16:15 - 00029256 _____ () C:\Users\mudhustler.BIZNESS\Documents\Colorado Municipality Pursuits Contacts_Mudhustler edits.xlsx
2015-03-10 19:29 - 2015-03-10 19:38 - 00073728 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-03-10.xls
2015-03-10 17:30 - 2015-03-05 23:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 17:30 - 2015-03-05 23:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 17:30 - 2015-03-05 23:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 17:30 - 2015-03-05 23:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 17:30 - 2015-03-05 23:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 17:30 - 2015-03-05 23:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 17:30 - 2015-03-05 23:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 17:30 - 2015-03-05 23:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 17:30 - 2015-02-25 21:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 17:30 - 2015-02-23 20:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 17:30 - 2015-02-20 18:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 17:30 - 2015-02-20 18:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 17:30 - 2015-02-20 18:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 17:30 - 2015-02-20 18:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 17:30 - 2015-02-20 17:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 17:30 - 2015-02-19 21:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 17:30 - 2015-02-19 20:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 17:30 - 2015-02-19 20:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 17:30 - 2015-02-19 20:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 17:30 - 2015-02-19 20:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 17:30 - 2015-02-19 20:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 17:30 - 2015-02-19 20:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 17:30 - 2015-02-19 20:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 17:30 - 2015-02-19 20:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 17:30 - 2015-02-19 20:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 17:30 - 2015-02-19 19:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 17:30 - 2015-02-19 19:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 17:30 - 2015-02-19 19:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 17:30 - 2015-02-19 19:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 17:30 - 2015-02-19 19:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 17:30 - 2015-02-19 19:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 17:30 - 2015-02-19 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 17:30 - 2015-02-19 19:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 17:30 - 2015-02-19 19:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 17:30 - 2015-02-19 19:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 17:30 - 2015-02-19 19:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 17:30 - 2015-02-19 19:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 17:30 - 2015-02-19 19:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 17:30 - 2015-02-19 18:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 17:30 - 2015-02-19 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 17:30 - 2015-02-12 23:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 17:30 - 2015-02-03 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 17:30 - 2015-02-02 21:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 17:30 - 2015-02-02 21:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 17:30 - 2015-01-30 21:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 17:30 - 2015-01-30 21:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 17:30 - 2015-01-30 18:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 17:30 - 2015-01-16 20:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 17:29 - 2015-02-02 21:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 17:29 - 2015-02-02 21:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 17:29 - 2015-02-02 21:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 17:29 - 2015-02-02 21:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 17:29 - 2015-02-02 21:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 17:29 - 2015-02-02 21:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 17:29 - 2015-02-02 21:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 17:29 - 2015-02-02 21:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 17:29 - 2015-02-02 21:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 17:29 - 2015-02-02 21:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 17:29 - 2015-02-02 21:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 17:29 - 2015-02-02 21:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 17:29 - 2015-02-02 20:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 17:29 - 2015-01-30 17:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 17:29 - 2014-10-31 16:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-03 17:25 - 2015-01-08 20:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:25 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:25 - 2015-01-08 20:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-02 21:25 - 2015-03-02 21:26 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Mudhustler_2015-02-27.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 15:04 - 2012-08-22 13:13 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-01 15:01 - 2012-08-09 18:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 14:53 - 2012-08-24 11:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 14:48 - 2014-02-13 14:27 - 00000630 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1165.job
2015-04-01 14:41 - 2012-08-09 18:01 - 01584911 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 14:41 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 14:41 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 14:37 - 2010-11-20 15:01 - 00933860 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 14:27 - 2014-10-28 09:55 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\Documents\Outlook Files
2015-04-01 14:21 - 2014-12-05 18:39 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1325.job
2015-04-01 13:35 - 2014-02-12 12:51 - 00000000 ____D () C:\Program Files\Cisco
2015-04-01 13:34 - 2012-12-17 11:05 - 00055840 _____ () C:\Windows\setupact.log
2015-04-01 13:15 - 2012-08-09 18:48 - 00000000 ____D () C:\ProgramData\Sonic
2015-04-01 13:14 - 2012-08-24 11:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 13:13 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 22:26 - 2014-12-05 18:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-31 22:23 - 2014-12-05 18:19 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Deployment
2015-03-30 08:18 - 2012-12-18 13:17 - 00194924 _____ () C:\Windows\PFRO.log
2015-03-27 11:36 - 2012-12-14 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 19:07 - 2014-06-24 15:55 - 356419560 _____ () C:\Windows\MEMORY.DMP
2015-03-26 19:07 - 2014-06-24 15:55 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 03:06 - 2014-12-10 17:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:06 - 2014-05-08 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-20 18:54 - 2013-02-21 19:12 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 13:57 - 2014-08-13 15:28 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Adobe
2015-03-20 13:56 - 2012-08-09 18:02 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-20 13:56 - 2012-08-09 18:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-16 21:39 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-13 14:26 - 2012-12-05 12:03 - 00000448 __RSH () C:\Users\mudhustler.BIZNESS\ntuser.pol
2015-03-13 14:26 - 2012-08-24 10:26 - 00000000 ____D () C:\Users\mudhustler.BIZNESS
2015-03-12 16:37 - 2013-01-25 17:11 - 00000000 ____D () C:\Temp
2015-03-11 17:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 15:52 - 2009-07-13 22:33 - 00463128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 19:49 - 2012-08-22 12:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 19:49 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-10 19:48 - 2013-08-15 23:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 19:44 - 2012-08-23 15:49 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 14:52 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2012-05-21 15:00 - 2012-05-21 15:00 - 0020984 _____ (Intel Corporation) C:\Users\mudhustler.BIZNESS\AppData\Roaming\JomCap.dll
2014-10-28 11:13 - 2014-10-28 11:13 - 0007606 _____ () C:\Users\mudhustler.BIZNESS\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\mudhustler\Application DatadMb.dat
C:\Users\mudhustler.BIZNESS\Application DatadMb.dat


Some content of TEMP:
====================
C:\Users\mudhustler\AppData\Local\temp\G2MInstallerExtractor.exe
C:\Users\mudhustler\AppData\Local\temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:45

==================== End Of Log ============================



#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:07 PM

Posted 02 April 2015 - 11:18 AM

Hi mudhustler.

 

Do you use VIPRE search guard toolbar?

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=163483:fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix was completed, please scan your computer with Microsoft Security Scanner again. Do they come back? Also please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 02 April 2015 - 11:40 AM

Yes, we use the Vipre search guard toolbar.

 

I'll post the results after running the fix.

 

Thanks!


Edited by mudhustler, 02 April 2015 - 11:46 AM.


#9 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 02 April 2015 - 02:46 PM

MS Safety Scanner still detects 12 infected files.  Below are the MSERT.txt file contents:

 

Return code: 6 (0x6)

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.195.587.0)
Started On Thu Apr 02 11:17:24 2015

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:1268,ProcessStart:130724682935900213 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2104,ProcessStart:130724686272741877 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:5708,ProcessStart:130724686273678873 (code 0x0000012B (299))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{ef8b20e0-d270-11e4-b4e4-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{0e923f7b-d87b-11e4-a58d-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{1fef41f9-d8a3-11e4-a69b-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{1fef4237-d8a3-11e4-a69b-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{7cd9fafa-cdc1-11e4-b418-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{9f4596bf-c77b-11e4-b267-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\Windows\temp\TMP000001237711680ADE446614 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP00000124D1177AF3D87C5773 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP00000060E72D1B948D627656 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP00000115F22794857B8363E9 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP000001177DFD88DBC9A0CA41 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP000001185D4FF3CA105C7798 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP0000011A56F3E91A1121BEBD (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP0000011E2AA87BB9058A2756 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP0000011F888F40B543D20482 (code 0x00000002 (2))
Threat detected: Exploit:Java/Obfuscator.W
    containerfile://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a
        SHA1:   3860c84acd0333330f70a2eff15f6f3a398d8e0b
    containerfile://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9
        SHA1:   f630fcc99f31e0f01b1e8dfe69fa4b8af3a08918
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->BBQhUvJd.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->gTtMxbFaI.class
        SigSeq: 0x00008129FD641D48
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->kjve.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->LRNQygTUPH.class
        SigSeq: 0x00008129FD641D48
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->mWnHgpNDrO.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7dc0186b-18ea568a->RdXhqKbBN.class
        SigSeq: 0x00008129FD641D48
        SHA1:   9cc187fcdec443f57115db03938e43e70eec5b52
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->agRJuW.class
        SigSeq: 0x00008129FD641D48
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->AwQTy.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->fhiGeBC.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->nOoiz.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->sITeMd.class
        SigSeq: 0x00008E29135445AD
    file://C:\Users\mudhustler.BIZNESS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2ba13bb0-6716ddc9->YDbf.class
        SigSeq: 0x00008129FD641D48
        SHA1:   0647a2f57dbdc3ea71ff0a72dd3ecfd42780619d

Results Summary:
----------------
Found Exploit:Java/Obfuscator.W (detected suspiciously)
Microsoft Safety Scanner Finished On Thu Apr 02 13:37:09 2015


Edited by mudhustler, 02 April 2015 - 02:55 PM.


#10 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 02 April 2015 - 02:55 PM

Here are the Fixlog contents:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by mudhustler at 2015-04-02 11:09:32 Run:1
Running from C:\Users\mudhustler.BIZNESS\Downloads
Loaded Profiles: mudhustler (Available profiles: mudhustler)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> {B5208833-12AF-475A-969F-DDC3A8CF78DE} URL =
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll No File
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-181820113-3339272012-3098101244-1165\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-181820113-3339272012-3098101244-1165\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B5208833-12AF-475A-969F-DDC3A8CF78DE}" => Key deleted successfully.
HKCR\CLSID\{B5208833-12AF-475A-969F-DDC3A8CF78DE} => Key not found.
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Windows\system32\npDeployJava1.dll not found.
EmptyTemp: => Removed 2.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:10:44 ====


Edited by mudhustler, 02 April 2015 - 02:55 PM.


#11 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 02 April 2015 - 02:56 PM

and here are the contents of the new FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by mudhustler (administrator) on mudhustler-pc on 02-04-2015 13:47:23
Running from C:\Users\mudhustler.BIZNESS\Downloads
Loaded Profiles: mudhustler (Available profiles: mudhustler)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\System32\srvany.exe
(O2Micro.) C:\Windows\System32\SDIOAssist.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBAMTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-23] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [323952 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [3445488 2013-07-17] (Intel® Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-181820113-3339272012-3098101244-1165\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {1CE0957A-BE8B-4F61-B34D-2292A75FECD8} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1CE0957A-BE8B-4F61-B34D-2292A75FECD8} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO: VIPRE Search Guard Helper -> {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} -> C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-181820113-3339272012-3098101244-1165 -> VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://cdotv.dot.state.co.us/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2012-10-10] (Belarc, Inc.)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSG.dll [2013-09-05] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.25

FireFox:
========
FF ProfilePath: C:\Users\mudhustler.BIZNESS\AppData\Roaming\Mozilla\Firefox\Profiles\z208pe66.default
FF Homepage: https://exchange.BIZNESS.com/ajera/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-181820113-3339272012-3098101244-1165: @citrixonline.com/appdetectorplugin -> C:\Users\mudhustler.BIZNESS\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-03-01] (Citrix Online)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\mudhustler.BIZNESS\AppData\Roaming\Mozilla\Firefox\Profiles\z208pe66.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-12-05]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-01-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Adobe Create PDF) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\plugin/npWCChromeExtnStub.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
CHR Extension: (Google Search) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-02-21]
CHR Extension: (Google Wallet) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-16]
CHR Extension: (Gmail) - C:\Users\mudhustler.BIZNESS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2011-12-02] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [31648 2011-12-02] (Broadcom Corporation)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [179592 2012-01-17] ()
R2 FileOpenManagerService; C:\Program Files\FileOpen\Services\FileOpenManagerService32.exe [213432 2012-10-17] (FileOpen Systems Inc.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212984 2012-05-21] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
R2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1517448 2011-11-11] (Wave Systems Corp.)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [266322 2011-01-06] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2864496 2011-12-08] (Wave Systems Corp.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1189376 2012-01-05] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [145408 2012-01-16] (Wave Systems Corp.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2525936 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112096 2013-02-13] (Windows ® Win 7 DDK provider)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [40040 2011-12-05] (Broadcom Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [11008 2011-07-19] (Dell Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [48928 2013-01-23] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10375680 2013-05-29] (Intel Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [64872 2011-11-14] (O2Micro )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2012-08-09] (Dell Inc)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
S3 sbwtis; C:\Windows\System32\DRIVERS\sbwtis.sys [76064 2013-04-12] (GFI Software)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-11-19] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 13:47 - 2015-04-02 13:47 - 00022250 _____ () C:\Users\mudhustler.BIZNESS\Downloads\FRST.txt
2015-04-02 11:15 - 2015-04-02 11:15 - 00000000 ____D () C:\Windows\pss
2015-04-01 15:44 - 2015-04-01 15:44 - 00000000 ____D () C:\projectwise
2015-04-01 15:05 - 2015-04-02 13:47 - 00000000 ____D () C:\FRST
2015-04-01 15:04 - 2015-04-01 15:04 - 01135104 _____ (Farbar) C:\Users\mudhustler.BIZNESS\Downloads\FRST.exe
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Cisco
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-04-01 13:35 - 2015-04-01 13:35 - 00000000 ____D () C:\ProgramData\Cisco
2015-03-31 22:28 - 2015-03-31 22:30 - 00073728 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Merklinger_2015-03-31.xls
2015-03-30 21:57 - 2015-04-01 20:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-27 15:28 - 2015-03-27 15:29 - 143263480 _____ (Microsoft Corporation) C:\Users\mudhustler.BIZNESS\Desktop\msert.exe
2015-03-27 11:36 - 2015-03-27 11:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-27 11:36 - 2015-03-27 11:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-27 11:36 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-27 11:36 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-27 11:36 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-27 11:35 - 2015-03-27 11:35 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\mudhustler.BIZNESS\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-26 19:07 - 2015-03-26 19:08 - 00776168 _____ () C:\Windows\Minidump\032615-20592-01.dmp
2015-03-24 16:05 - 2015-03-10 21:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 16:05 - 2015-03-10 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 16:05 - 2015-03-10 21:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 16:05 - 2015-03-10 21:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 17:23 - 2015-03-23 17:23 - 00053327 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez.out
2015-03-23 17:23 - 2015-03-23 17:23 - 00004679 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez.ERR
2015-03-22 19:18 - 2015-03-22 19:17 - 00002523 _____ () C:\Users\mudhustler.BIZNESS\Desktop\Starter Martinez.DAT
2015-03-22 19:18 - 2015-03-20 21:57 - 00003231 _____ () C:\Users\mudhustler.BIZNESS\Desktop\martinez
2015-03-17 21:26 - 2015-03-17 21:34 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Merklinger_2015-03-17.xls
2015-03-16 21:57 - 2015-03-24 17:07 - 00073216 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Merklinger_2015-03-16.xls
2015-03-16 16:15 - 2015-03-16 16:15 - 00029256 _____ () C:\Users\mudhustler.BIZNESS\Documents\Colorado Municipality Pursuits Contacts_merklinger edits.xlsx
2015-03-10 19:29 - 2015-03-10 19:38 - 00073728 _____ () C:\Users\mudhustler.BIZNESS\Documents\ExpenseReport_Merklinger_2015-03-10.xls
2015-03-10 17:30 - 2015-03-05 23:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 17:30 - 2015-03-05 23:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 17:30 - 2015-03-05 23:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 17:30 - 2015-03-05 23:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 17:30 - 2015-03-05 23:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 17:30 - 2015-03-05 23:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 17:30 - 2015-03-05 23:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 17:30 - 2015-03-05 23:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 17:30 - 2015-03-05 23:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 17:30 - 2015-02-25 21:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 17:30 - 2015-02-23 20:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 17:30 - 2015-02-20 18:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 17:30 - 2015-02-20 18:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 17:30 - 2015-02-20 18:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 17:30 - 2015-02-20 18:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 17:30 - 2015-02-20 17:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 17:30 - 2015-02-19 22:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 17:30 - 2015-02-19 21:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 17:30 - 2015-02-19 20:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 17:30 - 2015-02-19 20:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 17:30 - 2015-02-19 20:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 17:30 - 2015-02-19 20:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 17:30 - 2015-02-19 20:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 17:30 - 2015-02-19 20:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 17:30 - 2015-02-19 20:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 17:30 - 2015-02-19 20:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 17:30 - 2015-02-19 20:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 17:30 - 2015-02-19 19:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 17:30 - 2015-02-19 19:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 17:30 - 2015-02-19 19:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 17:30 - 2015-02-19 19:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 17:30 - 2015-02-19 19:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 17:30 - 2015-02-19 19:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 17:30 - 2015-02-19 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 17:30 - 2015-02-19 19:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 17:30 - 2015-02-19 19:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 17:30 - 2015-02-19 19:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 17:30 - 2015-02-19 19:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 17:30 - 2015-02-19 19:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 17:30 - 2015-02-19 19:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 17:30 - 2015-02-19 18:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 17:30 - 2015-02-19 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 17:30 - 2015-02-12 23:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 17:30 - 2015-02-03 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 17:30 - 2015-02-02 21:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 17:30 - 2015-02-02 21:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 17:30 - 2015-01-30 21:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 17:30 - 2015-01-30 21:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 17:30 - 2015-01-30 18:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 17:30 - 2015-01-16 20:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 17:29 - 2015-02-02 21:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 17:29 - 2015-02-02 21:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 17:29 - 2015-02-02 21:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 17:29 - 2015-02-02 21:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 17:29 - 2015-02-02 21:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 17:29 - 2015-02-02 21:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 17:29 - 2015-02-02 21:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 17:29 - 2015-02-02 21:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 17:29 - 2015-02-02 21:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 17:29 - 2015-02-02 21:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 17:29 - 2015-02-02 21:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 17:29 - 2015-02-02 21:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 17:29 - 2015-02-02 21:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 17:29 - 2015-02-02 21:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 17:29 - 2015-02-02 20:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 17:29 - 2015-01-30 17:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 17:29 - 2014-10-31 16:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-03 17:25 - 2015-01-08 20:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 17:25 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 17:25 - 2015-01-08 20:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 13:21 - 2014-12-05 18:39 - 00000604 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1325.job
2015-04-02 13:03 - 2012-08-22 13:13 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-02 13:01 - 2012-08-09 18:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 12:53 - 2012-08-24 11:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 12:48 - 2014-02-13 14:27 - 00000630 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-181820113-3339272012-3098101244-1165.job
2015-04-02 11:20 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 11:20 - 2009-07-13 22:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 11:18 - 2012-08-09 18:01 - 01794344 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 11:14 - 2012-08-24 11:55 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 11:13 - 2012-08-09 18:48 - 00000000 ____D () C:\ProgramData\Sonic
2015-04-02 11:11 - 2012-12-17 11:05 - 00055952 _____ () C:\Windows\setupact.log
2015-04-02 11:11 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 22:39 - 2014-10-28 09:55 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\Documents\Outlook Files
2015-04-01 20:09 - 2014-12-05 18:19 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Deployment
2015-04-01 14:37 - 2010-11-20 15:01 - 00933860 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 13:35 - 2014-02-12 12:51 - 00000000 ____D () C:\Program Files\Cisco
2015-03-31 22:26 - 2014-12-05 18:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-30 08:18 - 2012-12-18 13:17 - 00194924 _____ () C:\Windows\PFRO.log
2015-03-27 11:36 - 2012-12-14 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 19:07 - 2014-06-24 15:55 - 356419560 _____ () C:\Windows\MEMORY.DMP
2015-03-26 19:07 - 2014-06-24 15:55 - 00000000 ____D () C:\Windows\Minidump
2015-03-25 03:06 - 2014-12-10 17:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:06 - 2014-05-08 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-20 18:54 - 2013-02-21 19:12 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 13:57 - 2014-08-13 15:28 - 00000000 ____D () C:\Users\mudhustler.BIZNESS\AppData\Local\Adobe
2015-03-20 13:56 - 2012-08-09 18:02 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-20 13:56 - 2012-08-09 18:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-16 21:39 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-13 14:26 - 2012-12-05 12:03 - 00000448 __RSH () C:\Users\mudhustler.BIZNESS\ntuser.pol
2015-03-13 14:26 - 2012-08-24 10:26 - 00000000 ____D () C:\Users\mudhustler.BIZNESS
2015-03-12 16:37 - 2013-01-25 17:11 - 00000000 ____D () C:\Temp
2015-03-11 17:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 15:52 - 2009-07-13 22:33 - 00463128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 19:49 - 2012-08-22 12:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 19:49 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2015-03-10 19:48 - 2013-08-15 23:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 19:44 - 2012-08-23 15:49 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 14:52 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2012-05-21 15:00 - 2012-05-21 15:00 - 0020984 _____ (Intel Corporation) C:\Users\mudhustler.BIZNESS\AppData\Roaming\JomCap.dll
2014-10-28 11:13 - 2014-10-28 11:13 - 0007606 _____ () C:\Users\mudhustler.BIZNESS\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\mudhustler\Application DatadMb.dat
C:\Users\mudhustler.BIZNESS\Application DatadMb.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 00:45

==================== End Of Log ============================



#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:07 PM

Posted 04 April 2015 - 10:50 AM

Hi mudhustler.

 

We need to delete your Java cache

 

1. Please go to Control Panel > Java

2. Under General tab please go to Temporary Internet Files > Settings...

3. Click on Delete Files...

4. Leave everything as it is and press OK.

 

------------

After you deleted Java cache, please scan with Microsoft Security Scanner again and post msert log. Do they come back?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 mudhustler

mudhustler
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 06 April 2015 - 05:45 PM

That did the trick!  Thank you very much!

 

Below is the clean MSERT.log

 

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.195.2127.0)
Started On Mon Apr 06 14:22:55 2015

Extended Scan Results
----------------
->Scan ERROR: resource process://pid:3868,ProcessStart:130728252852495884 (code 0x00000005 (5))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\System Volume Information\{0e923f7b-d87b-11e4-a58d-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{1fef41f9-d8a3-11e4-a69b-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{1fef4237-d8a3-11e4-a69b-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{c4ed8e77-dc98-11e4-b4eb-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\System Volume Information\{ef8b20e0-d270-11e4-b4e4-d067e55596dc}{3808876b-c176-4e48-b7ae-04046e6cc752} (code 0x00000005 (5))
->Scan ERROR: resource file://C:\Windows\temp\TMP000000522BFBFD09D1B9AC92 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP0000000D26B9A98A3FE76DD0 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP000000115EE8B384CD945EBA (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP0000003526D5EB05D8756BCB (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP000000369DEB3AE02F5F0192 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP00000038730DFC9D1BDAD4CC (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP00000048898BFC1E78B584E9 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP0000004D4A0E6D3AEAD0D3F7 (code 0x00000002 (2))
->Scan ERROR: resource file://C:\Windows\temp\TMP00000050743A75523927254E (code 0x00000002 (2))
No infection found as part of the extended scan

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Mon Apr 06 15:44:42 2015


Return code: 0 (0x0)
 



#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:07 PM

Posted 08 April 2015 - 01:14 AM

Hi mudhustler.

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

-----------------

After the scan was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:07 PM

Posted 11 April 2015 - 04:40 AM

It had been there days since my last reply. Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users