Jump to content

srader

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Yes, that software was installed computer. This is my work computer and was installed by my employer so that makes sense. I don’t that you still need the other log? Thanks for your help!
  2. Here you go: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/23/2015 Scan Time: 12:10 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.23.04 Rootkit Database: v2015.10.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: srader Scan Type: Threat Scan Result: Completed Objects Scanned: 581938 Time Elapsed: 53 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01 Ran by srader (administrator) on SCOTTIBM (23-10-2015 22:01:03) Running from C:\Users\srader\Desktop Loaded Profiles: srader & Scott (Available Profiles: srader & Scott) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AuthenTec, Inc) C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Web Security Service\Desktop Web Proxy\wsdwpps.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Web Security Service\Desktop Web Proxy\wsdwpgi.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Sysinternals - www.sysinternals.com) C:\Users\srader\Downloads\ProcessExplorer\procexp.exe (Sysinternals - www.sysinternals.com) C:\Users\srader\AppData\Local\Temp\procexp64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\natspeak.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking12\x64\dgnuiasvr_x64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dnsspserver.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe (AuthenTec Inc.) C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.) HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-06] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-13] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2230608 2012-12-07] (Trend Micro Inc.) HKLM-x32\...\Run: [Matrox PowerDesk SE] => C:\Program Files (x86)\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe [1750536 2007-04-18] (Matrox Graphics Inc.) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-331349784-1933342707-385548283-1164\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-331349784-1933342707-385548283-1164\...\MountPoints2: {4591d91e-872d-11e2-828b-b888e33a1e6c} - E:\LaunchU3.exe -a HKU\S-1-5-21-331349784-1933342707-385548283-1164\...\MountPoints2: {a4915546-eb29-11e1-8421-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-21-620963725-2384323347-2517004976-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-620963725-2384323347-2517004976-1000\...\MountPoints2: {a4915546-eb29-11e1-8421-806e6f6e6963} - Q:\LenovoQDrive.exe AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.) Startup: C:\Users\srader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking 12.0.lnk [2012-10-19] ShortcutTarget: Dragon NaturallySpeaking 12.0.lnk -> C:\Windows\Installer\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}\NatSpeakD_Shortcut_D5D422B969764E988DDF9632CB515D7E.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [.DEFAULT] => 127.0.0.1:3128 Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D}: [DhcpNameServer] 10.1.1.130 Tcpip\..\Interfaces\{D1D5AD10-94E9-4A7A-9E1F-3D431A9FD6F0}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb:8080/SitePages/Home.aspx HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP HKU\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-331349784-1933342707-385548283-1164 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP SearchScopes: HKU\S-1-5-21-331349784-1933342707-385548283-1164 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP SearchScopes: HKU\S-1-5-21-620963725-2384323347-2517004976-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_en SearchScopes: HKU\S-1-5-21-620963725-2384323347-2517004976-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_en BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-19] (Oracle Corporation) BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL [2012-06-07] (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-19] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [2013-02-11] (Nuance Communications, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0_16\bin\ssv.dll [2013-03-07] (Sun Microsystems, Inc.) BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll [2012-06-07] (AuthenTec Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_16\bin\jp2ssv.dll [2013-03-07] (Sun Microsystems, Inc.) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-331349784-1933342707-385548283-1164 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-620963725-2384323347-2517004976-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751} hxxps://wssrv:4343/officescan/console/html/ClientInstall/WinNTChk.cab DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} hxxps://wssrv:4343/officescan/console/html/ClientInstall/setupini.cab DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B} hxxps://wssrv:4343/officescan/console/html/ClientInstall/setup.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {2253B842-B82A-41BC-BFDA-8F30493BFD38} hxxps://www.profitstarscms.com/cms/Controls/RDWord.ocx DPF: HKLM-x32 {556F788E-BDE9-4DE9-8BEA-CADCF4B531C9} hxxp://librtysb:8902/jha/ui/cf153R2012/JWalkX/JWalk41.cab DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1444137752363 DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B} hxxps://wssrv:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab DPF: HKLM-x32 {77983B25-2357-4882-8066-98536781FE47} hxxps://www.profitstarscms.com/cms/Controls/RDControlActivator.ocx DPF: HKLM-x32 {857C49E7-ADC6-11D1-98C1-0060948CAA0A} hxxp://librtysb:8902/jha/ui/cf153R2014/JWalkX/OISserver.cab DPF: HKLM-x32 {85EA2C0F-ABFA-4750-A2FC-608C8820B632} hxxps://www.profitstarscms.com/cms/Controls/RDDragDrop.ocx DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://jha.webex.com/client/WBXclient-T28L10NSP12EP20-10001/training/ieatgpc1.cab Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll [2012-08-08] (Trend Micro Inc.) Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll [2012-08-08] (Trend Micro Inc.) FireFox: ======== FF ProfilePath: C:\Users\srader\AppData\Roaming\Mozilla\Firefox\Profiles\yxanudgl.default FF Homepage: hxxps://www.profitstarscms.com/cms/ioRD.asp?Action=ShowLoginMask&LngId=ENG FF NetworkProxy: "backup.ftp", "wss.webroot.com" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.gopher", "wss.webroot.com" FF NetworkProxy: "backup.gopher_port", 3128 FF NetworkProxy: "backup.socks", "wss.webroot.com" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "wss.webroot.com" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "127.0.0.1" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "gopher", "127.0.0.1" FF NetworkProxy: "gopher_port", 3128 FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "127.0.0.1" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "127.0.0.1" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "autoconfig_url", "file:///C /Users/srader/AppData/Roaming/DWP_PAC/LocalPac" FF NetworkProxy: "type", 2 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, https://w02.echowealth.com, https://w01.echowealth.com, *eport.equifax.com*, https://loandocs.swiftsend.com, https://loandocs.swiftsend2.com, http://products.swiftview.com, *myhhsb.csiweb.com*, https://revisor.diebold.com, https://weblogin.webroot.com, https://www.bankerspathway.com, https://bankmanagement.netteller.com, https://JC153.4redi.net, https://www.brtnow.com, http://www.thankgoditsmonday.com, http://videos.sproutvideo.com, http://www.myonsitehealth.com, netteller.com, https://forclients.jackhenry.com" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-19] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.6.0_16\bin\new_plugin\npjp2.dll [2013-03-07] (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-02-11] (Nuance Communications Inc.) FF Plugin HKU\S-1-5-21-331349784-1933342707-385548283-1164: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\srader\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-24] (Unity Technologies ApS) FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-05-19] [not signed] FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-02-11] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-14] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\OfficeScan Client\FirefoxExtension [2013-12-12] [not signed] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client => not found Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx [2012-03-14] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26] CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-02-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) R2 DWP_Proxy_Service; C:\Program Files (x86)\Web Security Service\Desktop Web Proxy\wsdwpps.exe [591288 2011-12-07] (Webroot Software, Inc. (www.webroot.com)) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo) R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-06-07] (AuthenTec, Inc) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [3015992 2012-12-06] (Trend Micro Inc.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-09-10] () R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [572464 2012-10-30] (Trend Micro Inc.) R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [3116656 2013-01-04] (Trend Micro Inc.) R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [918064 2012-08-08] (Trend Micro Inc.) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-23] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated) R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [82840 2012-10-30] (Trend Micro Inc.) R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [174016 2012-11-13] (Trend Micro Inc.) R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65872 2012-10-30] (Trend Micro Inc.) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-12-07] (Trend Micro Inc.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility) R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-23 13:47 - 2015-10-23 13:49 - 00045097 _____ C:\Users\srader\Desktop\Addition.txt 2015-10-23 13:45 - 2015-10-23 22:01 - 00031517 _____ C:\Users\srader\Desktop\FRST.txt 2015-10-23 13:43 - 2015-10-23 22:01 - 00000000 ____D C:\FRST 2015-10-23 12:20 - 2015-10-23 12:20 - 18838088 _____ C:\Users\srader\Desktop\RogueKiller.exe 2015-10-23 12:17 - 2015-10-23 12:17 - 02196480 _____ (Farbar) C:\Users\srader\Desktop\FRST64.exe 2015-10-23 09:11 - 2015-10-23 09:45 - 00000000 ____D C:\ProgramData\RogueKiller 2015-10-23 09:11 - 2015-10-23 09:11 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-10-22 21:28 - 2015-10-22 21:39 - 00000000 ____D C:\ProgramData\HitmanPro 2015-10-22 21:25 - 2015-10-22 21:28 - 11336600 _____ (SurfRight B.V.) C:\Users\srader\Documents\HitmanPro_x64.exe 2015-10-22 21:21 - 2015-10-22 21:52 - 00000000 ____D C:\AdwCleaner 2015-10-22 21:20 - 2015-10-22 21:21 - 01691648 _____ C:\Users\srader\Documents\adwcleaner_5.014.exe 2015-10-22 20:15 - 2015-10-22 20:15 - 04977625 _____ C:\Users\srader\Downloads\attachments.zip 2015-10-21 17:51 - 2015-10-21 17:51 - 00030788 _____ C:\Users\srader\Documents\Experian.htm 2015-10-21 17:51 - 2015-10-21 17:51 - 00000000 ____D C:\Users\srader\Documents\Experian_files 2015-10-21 13:38 - 2015-10-21 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter 2015-10-21 13:38 - 2015-10-21 13:38 - 00000000 ____D C:\Program Files (x86)\SDA 2015-10-21 13:37 - 2015-10-21 13:37 - 00000000 ____D C:\Users\srader\AppData\Local\Downloaded Installations 2015-10-21 13:35 - 2015-10-21 13:37 - 06286748 _____ C:\Users\srader\Documents\SDFormatterv4.zip 2015-10-14 09:52 - 2015-10-14 09:52 - 594180478 _____ C:\Windows\MEMORY.DMP 2015-10-14 09:52 - 2015-10-14 09:52 - 00280920 _____ C:\Windows\Minidump\101415-23306-01.dmp 2015-09-28 10:19 - 2015-10-23 06:36 - 00001132 _____ C:\Windows\TMFilter.log 2015-09-28 10:14 - 2015-10-23 18:47 - 00009334 _____ C:\Windows\setupact.log 2015-09-28 10:14 - 2015-09-28 10:14 - 00000000 _____ C:\Windows\setuperr.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-23 22:01 - 2012-10-19 08:18 - 00000000 ____D C:\ProgramData\TEMP 2015-10-23 21:20 - 2013-01-14 09:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-23 20:38 - 2012-10-26 08:34 - 00000000 ____D C:\Users\srader\AppData\LocalLow\AuthenTec 2015-10-23 19:59 - 2012-08-20 20:54 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-10-23 19:26 - 2012-08-20 20:52 - 01866024 _____ C:\Windows\WindowsUpdate.log 2015-10-23 14:31 - 2014-10-06 14:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-23 14:21 - 2012-10-26 11:31 - 00000000 ____D C:\Users\srader\AppData\Local\CrashDumps 2015-10-23 09:11 - 2013-01-23 09:38 - 05351186 _____ C:\Windows\SysWOW64\TmInstall.log 2015-10-23 09:11 - 2012-10-24 14:51 - 02893274 _____ C:\Windows\system32\TmInstall.log 2015-10-23 06:44 - 2009-07-14 00:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-23 06:44 - 2009-07-14 00:45 - 00034208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-23 06:39 - 2012-10-26 08:41 - 00001874 _____ C:\Users\srader\AppData\Roaming\SAS7_000.DAT 2015-10-23 06:37 - 2012-10-19 02:23 - 00000000 ____D C:\Users\Scott 2015-10-23 06:37 - 2012-08-20 20:54 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-10-23 06:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-23 02:05 - 2014-08-22 08:35 - 00000000 ____D C:\Users\srader\AppData\Local\Adobe 2015-10-22 21:11 - 2012-08-20 21:11 - 00000000 ____D C:\Program Files (x86)\Google 2015-10-22 21:10 - 2015-04-10 11:54 - 00000000 ____D C:\Users\srader\AppData\Local\Google 2015-10-22 21:05 - 2013-12-08 21:22 - 00000000 ____D C:\Registry Backup 2015-10-22 14:40 - 2014-10-06 14:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-10-22 12:51 - 2013-05-06 17:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-10-22 12:11 - 2012-10-25 02:41 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl 2015-10-22 08:29 - 2012-10-24 14:51 - 00034884 _____ C:\Windows\cfgall.ini 2015-10-21 13:50 - 2014-10-06 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-17 12:20 - 2013-01-14 09:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-17 12:20 - 2012-11-28 09:37 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-17 12:20 - 2012-11-28 09:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-14 22:21 - 2013-01-11 11:21 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2015-10-14 22:21 - 2013-01-11 11:21 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2015-10-14 22:21 - 2013-01-11 11:21 - 00002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2015-10-14 21:01 - 2015-01-06 15:28 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-14 09:52 - 2012-10-25 11:31 - 00000000 ____D C:\Windows\Minidump 2015-10-14 09:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2015-10-10 20:31 - 2015-01-22 12:24 - 00022197 _____ C:\Users\srader\Documents\2015 Policy Reviews.xlsx 2015-10-05 20:33 - 2015-09-06 15:46 - 00000000 ____D C:\Users\srader\AppData\Roaming\LSC 2015-10-05 19:32 - 2012-08-20 04:28 - 00000000 ____D C:\ProgramData\Lenovo 2015-10-05 19:31 - 2012-08-20 21:21 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2015-10-05 19:30 - 2012-08-20 21:01 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2015-10-05 19:30 - 2012-08-20 20:57 - 00000000 ____D C:\Program Files (x86)\Lenovo 2015-10-05 09:50 - 2014-10-06 14:52 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-05 09:50 - 2014-10-06 14:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-05 09:50 - 2013-04-19 08:01 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-02 11:26 - 2013-12-19 11:30 - 00000000 ____D C:\Users\srader\Documents\Reports 2015-10-02 11:17 - 2013-11-05 11:39 - 00000000 ____D C:\Users\srader\AppData\Local\CutePDF Writer 2015-10-02 08:25 - 2012-10-24 15:40 - 00023290 __RSH C:\ProgramData\ntuser.pol 2015-09-28 20:58 - 2014-10-06 09:19 - 00000000 ____D C:\Users\srader\AppData\Local\Windows Live 2015-09-28 09:34 - 2013-12-08 21:28 - 00000000 ____D C:\Windows\pss 2015-09-28 07:38 - 2011-02-24 13:03 - 00000000 ____D C:\Windows\Panther ==================== Files in the root of some directories ======= 2012-10-26 08:41 - 2015-10-23 06:39 - 0001874 _____ () C:\Users\srader\AppData\Roaming\SAS7_000.DAT 2013-03-21 09:47 - 2013-03-21 09:47 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-12-07 22:34 - 2013-12-07 22:34 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-02-25 09:21 - 2014-03-04 09:28 - 0000148 _____ () C:\ProgramData\MonitorInfoTime.txt Some files in TEMP: ==================== C:\Users\srader\AppData\Local\Temp\dllnt_dump.dll C:\Users\srader\AppData\Local\Temp\procexp64.exe C:\Users\tech\AppData\Local\Temp\pl4nvdgy.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-23 16:40 ==================== End of FRST.txt ============================ I had to run this a second time because the first time Internet Explorer crashed and I did not get the addition file the second time. RogueKiller V10.11.2.0 [Oct 20 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : srader [Administrator] Started from : C:\Users\srader\Desktop\RogueKiller.exe Mode : Scan -- Date : 10/24/2015 10:31:22 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 17 ¤¤¤ [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:3128 -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Start Page : http://companyweb:8080/SitePages/Home.aspx -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Start Page : http://companyweb:8080/SitePages/Home.aspx -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D} | DhcpNameServer : 10.1.1.130 ([(Private Address) (XX)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D} | DhcpNameServer : 10.1.1.130 ([(Private Address) (XX)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6D6DD492-D580-4B25-B658-3EAE48C4077D} | DhcpNameServer : 10.1.1.130 ([(Private Address) (XX)]) -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-331349784-1933342707-385548283-1164\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-620963725-2384323347-2517004976-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 4 ¤¤¤ [PUM.Proxy][FIREFX:Config] yxanudgl.default : user_pref("network.proxy.http", "127.0.0.1"); -> Found [PUM.Proxy][FIREFX:Config] yxanudgl.default : user_pref("network.proxy.http_port", 3128); -> Found [PUM.Proxy][FIREFX:Config] yxanudgl.default : user_pref("network.proxy.type", 2); -> Found [PUM.HomePage][FIREFX:Config] yxanudgl.default : user_pref("browser.startup.homepage", "https://www.profitstarscms.com/cms/ioRD.asp?Action=ShowLoginMask&LngId=ENG"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST320LT007-9ZV142 +++++ --- User --- [MBR] 2026e6dce1f05d5afff065444e5c4ae0 [bSP] 7b5d27abdfeb9afe94d9fe21b2e5b8a4 : Lenovo|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 285743 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 588275712 | Size: 18000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Mass Storage Device USB Device +++++ --- User --- [MBR] d1b858ab2fe0cdedda2640d59a75dc44 [bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 7642 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )
  3. I keep running Malwarebytes to remove this and it does. Then I will run Malwarebytes again a couple hours later and it is there again. I'm not a complete loss. Any help would be greatly appreciated. Thanks.
  4. Thank you very much for all your help and patience. I greatly appreciate the service that you guys provide on this forum. Thanks again for your hard work in getting my machine clean.

  5. Thank you very much for your help.
  6. Here you go: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy ThreatFire Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 30 Java version out of Date! Adobe Reader XI Mozilla Firefox 10.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Spybot Teatimer.exe is disabled! AVG avgwdsvc.exe ThreatFire TFTray.exe ThreatFire TFService.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  7. Here are the logs. Just so you know when I ran Super Anti-Spyware I did not let it make any changes to the computer by removing anything. I also have not installed the Windows Updates that it keeps prompting me to install. I have not made any changes to the computer at all other than what you have told me to do. AdwCleanerS3.txt JRT.txt
  8. I'm not sure which logo that is. Can you guide me to what it might be named? Also, I ran Super Anti-Spyware and it still detects the spyware: My Web Search Fun Web Products.
  9. Here it is. I think it's gone. AdwCleanerR1.txt
  10. When I started to run that I got the message that is on the attachment. Doc1.doc
  11. I did the Windows Repair. When it restarted I ran Malware Bytes. It detected, then I did a reboot and ran it again and it did not detect it. I went into the registry afterwords and it was deleted from there.
  12. I did the initial scan and it found it. Rebooted it scanned again, and it was gone. Thank you!
  13. It says everyone, but down below in the box that says Special Permissions on the line that says Allow Everyone is checked and it is grayed out.
  14. I actually tried to manually delete it from the registry before posting on the forum. I tried again and when I right-click on it and click on delete I get a message saying, "Unable to delete all specified values."
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.