srader
Honorary Members-
Posts
23 -
Joined
-
Last visited
Reputation
0 Neutral-
Yes, that software was installed computer. This is my work computer and was installed by my employer so that makes sense. I don’t that you still need the other log? Thanks for your help!
-
Here you go: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/23/2015 Scan Time: 12:10 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.23.04 Rootkit Database: v2015.10.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: srader Scan Type: Threat Scan Result: Completed Objects Scanned: 581938 Time Elapsed: 53 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01 Ran by srader (administrator) on SCOTTIBM (23-10-2015 22:01:03) Running from C:\Users\srader\Desktop Loaded Profiles: srader & Scott (Available Profiles: srader & Scott) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Web Security Service\Desktop Web Proxy\wsdwpps.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Web Security Service\Desktop Web Proxy\wsdwpgi.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Sysinternals - www.sysinternals.com) C:\Users\srader\Downloads\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com) C:\Users\srader\AppData\Local\Temp\procexp64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking12\x64\dgnuiasvr_x64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dnsspserver.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.) HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-06] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-13] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2230608 2012-12-07] (Trend Micro Inc.) HKLM-x32\...\Run: [Matrox PowerDesk SE] => C:\Program Files (x86)\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe [1750536 2007-04-18] (Matrox Graphics Inc.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-331349784-1933342707-385548283-1164\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-331349784-1933342707-385548283-1164\...\MountPoints2: {4591d91e-872d-11e2-828b-b888e33a1e6c} - E:\LaunchU3.exe -a HKU\S-1-5-21-331349784-1933342707-385548283-1164\...\MountPoints2: {a4915546-eb29-11e1-8421-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-620963725-2384323347-2517004976-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-620963725-2384323347-2517004976-1000\...\MountPoints2: {a4915546-eb29-11e1-8421-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) Startup: C:\Users\srader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking 12.0.lnk [2012-10-19] ShortcutTarget: Dragon NaturallySpeaking 12.0.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\NatSpeakD_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [.DEFAULT] => 127.0.0.1:3128 Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D}: [DhcpNameServer] 10.1.1.130 Tcpip\..\Interfaces\{D1D5AD10-94E9-4A7A-9E1F-3D431A9FD6F0}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb:8080/SitePages/Home.aspx HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-331349784-1933342707-385548283-1164 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP SearchScopes: HKU\S-1-5-21-331349784-1933342707-385548283-1164 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP SearchScopes: HKU\S-1-5-21-620963725-2384323347-2517004976-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_en SearchScopes: HKU\S-1-5-21-620963725-2384323347-2517004976-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_en BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-19] (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-06-07] (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-19] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [2013-02-11] (Nuance Communications, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_16\bin\ssv.dll [2013-03-07] (Sun Microsystems, Inc.) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-06-07] (AuthenTec Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_16\bin\jp2ssv.dll [2013-03-07] (Sun Microsystems, Inc.) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-331349784-1933342707-385548283-1164 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-620963725-2384323347-2517004976-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751} hxxps://wssrv:4343/officescan/console/html/ClientInstall/WinNTChk.cab DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} hxxps://wssrv:4343/officescan/console/html/ClientInstall/setupini.cab DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B} hxxps://wssrv:4343/officescan/console/html/ClientInstall/setup.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {2253B842-B82A-41BC-BFDA-8F30493BFD38} hxxps://www.profitstarscms.com/cms/Controls/RDWord.ocx DPF: HKLM-x32 {556F788E-BDE9-4DE9-8BEA-CADCF4B531C9} hxxp://librtysb:8902/jha/ui/cf153R2012/JWalkX/JWalk41.cab DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1444137752363 DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B} hxxps://wssrv:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab DPF: HKLM-x32 {77983B25-2357-4882-8066-98536781FE47} hxxps://www.profitstarscms.com/cms/Controls/RDControlActivator.ocx DPF: HKLM-x32 {857C49E7-ADC6-11D1-98C1-0060948CAA0A} hxxp://librtysb:8902/jha/ui/cf153R2014/JWalkX/OISserver.cab DPF: HKLM-x32 {85EA2C0F-ABFA-4750-A2FC-608C8820B632} hxxps://www.profitstarscms.com/cms/Controls/RDDragDrop.ocx DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://jha.webex.com/client/WBXclient-T28L10NSP12EP20-10001/training/ieatgpc1.cab Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\srader\AppData\Roaming\Mozilla\Firefox\Profiles\yxanudgl.default FF Homepage: hxxps://www.profitstarscms.com/cms/ioRD.asp?Action=ShowLoginMask&LngId=ENG FF NetworkProxy: "backup.ftp", "wss.webroot.com" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.gopher", "wss.webroot.com" FF NetworkProxy: "backup.gopher_port", 3128 FF NetworkProxy: "backup.socks", "wss.webroot.com" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "wss.webroot.com" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 3128 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "127.0.0.1" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "autoconfig_url", "file:///C /Users/srader/AppData/Roaming/DWP_PAC/LocalPac" FF NetworkProxy: "type", 2 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, https://w02.echowealth.com, https://w01.echowealth.com, *eport.equifax.com*, https://loandocs.swiftsend.com, https://loandocs.swiftsend2.com, http://products.swiftview.com, *myhhsb.csiweb.com*, https://revisor.diebold.com, https://weblogin.webroot.com, https://www.bankerspathway.com, https://bankmanagement.netteller.com, https://JC153.4redi.net, https://www.brtnow.com, http://www.thankgoditsmonday.com, http://videos.sproutvideo.com, http://www.myonsitehealth.com, netteller.com, https://forclients.jackhenry.com" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-19] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.6.0_16\bin\new_plugin\npjp2.dll [2013-03-07] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-02-11] (Nuance Communications Inc.) FF Plugin HKU\S-1-5-21-331349784-1933342707-385548283-1164: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\srader\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-24] (Unity Technologies ApS) FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-05-19] [not signed] FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension [2013-12-12] [not signed] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26] CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) R2 DWP_Proxy_Service; C:\Program Files (x86)\Web Security Service\Desktop Web Proxy\wsdwpps.exe [591288 2011-12-07] (Webroot Software, Inc. (www.webroot.com)) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3015992 2012-12-06] (Trend Micro Inc.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-09-10] () R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572464 2012-10-30] (Trend Micro Inc.) R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3116656 2013-01-04] (Trend Micro Inc.) R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-23] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated) R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.) R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-12-07] (Trend Micro Inc.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility) R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-23 13:47 - 2015-10-23 13:49 - 00045097 _____ C:\Users\srader\Desktop\Addition.txt 2015-10-23 13:45 - 2015-10-23 22:01 - 00031517 _____ C:\Users\srader\Desktop\FRST.txt 2015-10-23 13:43 - 2015-10-23 22:01 - 00000000 ____D C:\FRST 2015-10-23 12:20 - 2015-10-23 12:20 - 18838088 _____ C:\Users\srader\Desktop\RogueKiller.exe 2015-10-23 12:17 - 2015-10-23 12:17 - 02196480 _____ (Farbar) C:\Users\srader\Desktop\FRST64.exe 2015-10-23 09:11 - 2015-10-23 09:45 - 00000000 ____D C:\ProgramData\RogueKiller 2015-10-23 09:11 - 2015-10-23 09:11 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-10-22 21:28 - 2015-10-22 21:39 - 00000000 ____D C:\ProgramData\HitmanPro 2015-10-22 21:25 - 2015-10-22 21:28 - 11336600 _____ (SurfRight B.V.) C:\Users\srader\Documents\HitmanPro_x64.exe 2015-10-22 21:21 - 2015-10-22 21:52 - 00000000 ____D C:\AdwCleaner 2015-10-22 21:20 - 2015-10-22 21:21 - 01691648 _____ C:\Users\srader\Documents\adwcleaner_5.014.exe 2015-10-22 20:15 - 2015-10-22 20:15 - 04977625 _____ C:\Users\srader\Downloads\attachments.zip 2015-10-21 17:51 - 2015-10-21 17:51 - 00030788 _____ C:\Users\srader\Documents\Experian.htm 2015-10-21 17:51 - 2015-10-21 17:51 - 00000000 ____D C:\Users\srader\Documents\Experian_files 2015-10-21 13:38 - 2015-10-21 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter 2015-10-21 13:38 - 2015-10-21 13:38 - 00000000 ____D C:\Program Files (x86)\SDA 2015-10-21 13:37 - 2015-10-21 13:37 - 00000000 ____D C:\Users\srader\AppData\Local\Downloaded Installations 2015-10-21 13:35 - 2015-10-21 13:37 - 06286748 _____ C:\Users\srader\Documents\SDFormatterv4.zip 2015-10-14 09:52 - 2015-10-14 09:52 - 594180478 _____ C:\Windows\MEMORY.DMP 2015-10-14 09:52 - 2015-10-14 09:52 - 00280920 _____ C:\Windows\Minidump\101415-23306-01.dmp 2015-09-28 10:19 - 2015-10-23 06:36 - 00001132 _____ C:\Windows\TMFilter.log 2015-09-28 10:14 - 2015-10-23 18:47 - 00009334 _____ C:\Windows\setupact.log 2015-09-28 10:14 - 2015-09-28 10:14 - 00000000 _____ C:\Windows\setuperr.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-23 22:01 - 2012-10-19 08:18 - 00000000 ____D C:\ProgramData\TEMP 2015-10-23 21:20 - 2013-01-14 09:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-23 20:38 - 2012-10-26 08:34 - 00000000 ____D C:\Users\srader\AppData\LocalLow\AuthenTec 2015-10-23 19:59 - 2012-08-20 20:54 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-10-23 19:26 - 2012-08-20 20:52 - 01866024 _____ C:\Windows\WindowsUpdate.log 2015-10-23 14:31 - 2014-10-06 14:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-23 14:21 - 2012-10-26 11:31 - 00000000 ____D C:\Users\srader\AppData\Local\CrashDumps 2015-10-23 09:11 - 2013-01-23 09:38 - 05351186 _____ C:\Windows\SysWOW64\TmInstall.log 2015-10-23 09:11 - 2012-10-24 14:51 - 02893274 _____ C:\Windows\system32\TmInstall.log 2015-10-23 06:44 - 2009-07-14 00:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-23 06:44 - 2009-07-14 00:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-23 06:39 - 2012-10-26 08:41 - 00001874 _____ C:\Users\srader\AppData\Roaming\SAS7_000.DAT 2015-10-23 06:37 - 2012-10-19 02:23 - 00000000 ____D C:\Users\Scott 2015-10-23 06:37 - 2012-08-20 20:54 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-10-23 06:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-23 02:05 - 2014-08-22 08:35 - 00000000 ____D C:\Users\srader\AppData\Local\Adobe 2015-10-22 21:11 - 2012-08-20 21:11 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-22 21:10 - 2015-04-10 11:54 - 00000000 ____D C:\Users\srader\AppData\Local\Google 2015-10-22 21:05 - 2013-12-08 21:22 - 00000000 ____D C:\Registry Backup 2015-10-22 14:40 - 2014-10-06 14:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-22 12:51 - 2013-05-06 17:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-10-22 12:11 - 2012-10-25 02:41 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl 2015-10-22 08:29 - 2012-10-24 14:51 - 00034884 _____ C:\Windows\cfgall.ini 2015-10-21 13:50 - 2014-10-06 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-17 12:20 - 2013-01-14 09:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-17 12:20 - 2012-11-28 09:37 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-17 12:20 - 2012-11-28 09:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-14 22:21 - 2013-01-11 11:21 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2015-10-14 22:21 - 2013-01-11 11:21 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2015-10-14 22:21 - 2013-01-11 11:21 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2015-10-14 21:01 - 2015-01-06 15:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-14 09:52 - 2012-10-25 11:31 - 00000000 ____D C:\Windows\Minidump 2015-10-14 09:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2015-10-10 20:31 - 2015-01-22 12:24 - 00022197 _____ C:\Users\srader\Documents\2015 Policy Reviews.xlsx 2015-10-05 20:33 - 2015-09-06 15:46 - 00000000 ____D C:\Users\srader\AppData\Roaming\LSC 2015-10-05 19:32 - 2012-08-20 04:28 - 00000000 ____D C:\ProgramData\Lenovo 2015-10-05 19:31 - 2012-08-20 21:21 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2015-10-05 19:30 - 2012-08-20 21:01 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2015-10-05 19:30 - 2012-08-20 20:57 - 00000000 ____D C:\Program Files (x86)\Lenovo 2015-10-05 09:50 - 2014-10-06 14:52 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-05 09:50 - 2014-10-06 14:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-05 09:50 - 2013-04-19 08:01 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-02 11:26 - 2013-12-19 11:30 - 00000000 ____D C:\Users\srader\Documents\Reports 2015-10-02 11:17 - 2013-11-05 11:39 - 00000000 ____D C:\Users\srader\AppData\Local\CutePDF Writer 2015-10-02 08:25 - 2012-10-24 15:40 - 00023290 __RSH C:\ProgramData\ntuser.pol 2015-09-28 20:58 - 2014-10-06 09:19 - 00000000 ____D C:\Users\srader\AppData\Local\Windows Live 2015-09-28 09:34 - 2013-12-08 21:28 - 00000000 ____D C:\Windows\pss 2015-09-28 07:38 - 2011-02-24 13:03 - 00000000 ____D C:\Windows\Panther ==================== Files in the root of some directories ======= 2012-10-26 08:41 - 2015-10-23 06:39 - 0001874 _____ () C:\Users\srader\AppData\Roaming\SAS7_000.DAT 2013-03-21 09:47 - 2013-03-21 09:47 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-12-07 22:34 - 2013-12-07 22:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-02-25 09:21 - 2014-03-04 09:28 - 0000148 _____ () C:\ProgramData\MonitorInfoTime.txt Some files in TEMP: ==================== C:\Users\srader\AppData\Local\Temp\dllnt_dump.dll C:\Users\srader\AppData\Local\Temp\procexp64.exe C:\Users\tech\AppData\Local\Temp\pl4nvdgy.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-23 16:40 ==================== End of FRST.txt ============================ I had to run this a second time because the first time Internet Explorer crashed and I did not get the addition file the second time. RogueKiller V10.11.2.0 [Oct 20 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : srader [Administrator] Started from : C:\Users\srader\Desktop\RogueKiller.exe Mode : Scan -- Date : 10/24/2015 10:31:22 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 17 ¤¤¤ [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Start Page : http://companyweb:8080/SitePages/Home.aspx -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Start Page : http://companyweb:8080/SitePages/Home.aspx -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D} | DhcpNameServer : 10.1.1.130 ([(Private Address) (XX)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D} | DhcpNameServer : 10.1.1.130 ([(Private Address) (XX)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D} | DhcpNameServer : 10.1.1.130 ([(Private Address) (XX)]) -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 4 ¤¤¤ [PUM.Proxy][FIREFX:Config] yxanudgl.default : user_pref("network.proxy.http", "127.0.0.1"); -> Found [PUM.Proxy][FIREFX:Config] yxanudgl.default : user_pref("network.proxy.http_port", 3128); -> Found [PUM.Proxy][FIREFX:Config] yxanudgl.default : user_pref("network.proxy.type", 2); -> Found [PUM.HomePage][FIREFX:Config] yxanudgl.default : user_pref("browser.startup.homepage", "https://www.profitstarscms.com/cms/ioRD.asp?Action=ShowLoginMask&LngId=ENG"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++ --- User --- [MBR] 2026e6dce1f05d5afff065444e5c4ae0 [bSP] 7b5d27abdfeb9afe94d9fe21b2e5b8a4 : Lenovo|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Mass Storage Device USB Device +++++ --- User --- [MBR] d1b858ab2fe0cdedda2640d59a75dc44 [bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 7642 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
-
I keep running Malwarebytes to remove this and it does. Then I will run Malwarebytes again a couple hours later and it is there again. I'm not a complete loss. Any help would be greatly appreciated. Thanks.
-
Thank you very much for all your help and patience. I greatly appreciate the service that you guys provide on this forum. Thanks again for your hard work in getting my machine clean.
-
Thank you very much for your help.
-
Here you go: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy ThreatFire Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 30 Java version out of Date! Adobe Reader XI Mozilla Firefox 10.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe ThreatFire TFTray.exe ThreatFire TFService.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
-
Here are the logs. Just so you know when I ran Super Anti-Spyware I did not let it make any changes to the computer by removing anything. I also have not installed the Windows Updates that it keeps prompting me to install. I have not made any changes to the computer at all other than what you have told me to do. AdwCleanerS3.txt JRT.txt
-
I'm not sure which logo that is. Can you guide me to what it might be named? Also, I ran Super Anti-Spyware and it still detects the spyware: My Web Search Fun Web Products.
-
Here it is. I think it's gone. AdwCleanerR1.txt
-
Here you go. AdwCleanerR1.txt
-
When I started to run that I got the message that is on the attachment. Doc1.doc
-
I did the Windows Repair. When it restarted I ran Malware Bytes. It detected, then I did a reboot and ran it again and it did not detect it. I went into the registry afterwords and it was deleted from there.
-
I did the initial scan and it found it. Rebooted it scanned again, and it was gone. Thank you!
-
It says everyone, but down below in the box that says Special Permissions on the line that says Allow Everyone is checked and it is grayed out.
-
I actually tried to manually delete it from the registry before posting on the forum. I tried again and when I right-click on it and click on delete I get a message saying, "Unable to delete all specified values."