FBI Moneypak Virus Got Me - Had A Guy Remove It But Now Content/Buttons Missing

[TheChicken]

Hello All and I wish we were meeting under better circumstances.

 

Let me start by saying (admitting) I am the equivalent of perhaps a toddler with my tech abilities. A young toddler, at that.

 

After reading some of the other threads here I am somewhat concerned I may not have the tech ability to perform the tasks but I will give it my best. I ask that whomever tries to help, please bear with me. Thx!

 

On to the problem.

 

I got the FBI virus a few days ago and it was the version that did not allow entry into safe mode.

 

I had an "expert" come to perform the virus removal and I believe it was done with a program called hotman which was stored on a flash drive he had.

 

I was happy to be able to get back on my pc but there does seem to be some residual problems.

 

Specifically, I have noticed in my Microsoft access database, the colors have changed to a bland basic white and the buttons which had depth and texture in their appearance are now just plain black bordered rectangles.  Also, some of the reports I do there have become "pinced down" in size from what they were.

 

To a lesser degree I am also noticing similar changes in quickbooks.

 

Most noticeable are a billiard forum I frequent is no longer accessible due to missing buttons and missing log-in box and even my aol mail screen looks skeletal and all bunched up and, yes, there are missing buttons there as well.

 

My "expert" whom I honestly have lost faith in (for myriad other reasons in ho he handled himself in our transaction) says he did his job and the virus is gone, now any remaining issues would be due to damage the virus caused and these will require that he wipe something clean (I forget exactly what) and reload windows 7 and I'll be back to new. This would also require backing up all my data and reloading all software and transferring the data, etc.

 

My sense is that there are remnants of this virus still on my pc, which, btw, is a dell, and that he is either looking for another payday and/or taking what he feels is easiest regardless of the expense/inconvenience to me.

 

All that sentiment to the side, I am truly grateful for any help I may receive here.

 

TIA

 

The Chicken

[TheChicken]

Oh, and "hotman" that I referenced above, it was hitman.  lol

 

thx,

TC

[TheChicken]

Sorry, I should have included that my PC is a dell 64bit using Windows 7 Professional

 

TC

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[TheChicken]

MrCharlie;

 

Here is one file - thank you

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

 

Internet Explorer: 10.0.9200.16660

 

Run by BC at 10:50:09 on 2013-08-31

 

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3977.2249 [GMT -4:00]

 

.

 

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

 

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

 

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

 

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

 

.

 

============== Running Processes ===============

 

.

 

C:\Windows\system32\lsm.exe

 

C:\Windows\system32\svchost.exe -k DcomLaunch

 

C:\Windows\system32\svchost.exe -k RPCSS

 

C:\Program Files\Microsoft Security Client\MsMpEng.exe

 

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

 

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

 

C:\Windows\system32\svchost.exe -k LocalService

 

C:\Windows\system32\svchost.exe -k netsvcs

 

C:\Windows\system32\svchost.exe -k NetworkService

 

C:\Windows\System32\spoolsv.exe

 

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

 

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

 

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe

 

C:\Program Files\Common Files\SPBA\upeksvr.exe

 

C:\Program Files (x86)\Cobian Backup 11\cbService.exe

 

C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

 

C:\Windows\system32\HPSIsvc.exe

 

C:\Windows\system32\IProsetMonitor.exe

 

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

 

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

 

C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe

 

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

 

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

 

C:\Windows\system32\taskhost.exe

 

C:\Windows\system32\Dwm.exe

 

C:\Windows\Explorer.EXE

 

C:\Windows\system32\svchost.exe -k imgsvc

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

 

C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

 

C:\Windows\System32\igfxtray.exe

 

C:\Windows\System32\hkcmd.exe

 

C:\Windows\System32\igfxpers.exe

 

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

 

C:\Program Files\Microsoft Security Client\msseces.exe

 

C:\Users\Brian Carroll\AppData\Local\Akamai\netsession_win.exe

 

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

C:\Users\Brian Carroll\AppData\Local\Akamai\netsession_win.exe

 

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

 

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe

 

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

 

C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE

 

C:\Program Files (x86)\WinZip\WZQKPICK.EXE

 

C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe

 

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

 

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

 

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

 

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

 

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

 

C:\Windows\system32\wbem\unsecapp.exe

 

C:\Windows\system32\wbem\wmiprvse.exe

 

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

C:\Windows\system32\SearchIndexer.exe

 

C:\Program Files\Microsoft Security Client\NisSrv.exe

 

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

 

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

 

C:\Program Files\Windows Media Player\wmpnetwk.exe

 

C:\Windows\System32\WUDFHost.exe

 

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe

 

c:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

 

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

 

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

 

C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe

 

C:\Windows\system32\vssvc.exe

 

C:\Windows\System32\svchost.exe -k swprv

 

C:\Windows\system32\wuauclt.exe

 

C:\Program Files\Internet Explorer\iexplore.exe

 

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

C:\Program Files (x86)\ARO 2013\aro.exe

 

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

 

C:\Program Files\Windows NT\Accessories\wordpad.exe

 

C:\Windows\system32\SearchProtocolHost.exe

 

C:\Windows\system32\SearchFilterHost.exe

 

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

 

C:\Windows\System32\cscript.exe

 

.

 

============== Pseudo HJT Report ===============

 

.

 

 

uProxyOverride = <local>

 

mWinlogon: Userinit = userinit.exe

 

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

 

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

 

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

 

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

 

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

 

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

 

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

 

uRun: [Akamai NetSession Interface] "C:\Users\Brian Carroll\AppData\Local\Akamai\netsession_win.exe"

 

uRun: [AROReminder] C:\Program Files (x86)\ARO 2013\aro.exe -rem

 

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

 

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

 

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

 

mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

 

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

 

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

 

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

 

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

 

mRun: [ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe

 

mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service

 

StartupFolder: C:\Users\BRIANC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MemTurbo.lnk - C:\Program Files (x86)\MemTurbo 4\MemTurbo.exe

 

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

 

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

 

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE

 

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE

 

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

 

mPolicies-Explorer: NoActiveDesktop = dword:1

 

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

 

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

 

mPolicies-System: ConsentPromptBehaviorUser = dword:3

 

mPolicies-System: EnableLUA = dword:0

 

mPolicies-System: EnableUIADesktopToggle = dword:0

 

mPolicies-System: PromptOnSecureDesktop = dword:0

 

mPolicies-System: DisableCAD = dword:1

 

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

 

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

 

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

 

Trusted Zone: ct.gov

 

 

 

 

 

 

TCP: NameServer = 68.94.156.1 68.94.157.1

 

TCP: Interfaces\{CA1527AA-D626-443D-A9F9-9B28AF5DD485} : DHCPNameServer = 68.94.156.1 68.94.157.1

 

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll

 

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

 

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

 

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

 

SSODL: WebCheck - <orphaned>

 

LSA: Authentication Packages =  msv1_0 wvauth

 

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

 

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

 

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

 

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

 

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

 

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

 

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

 

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

 

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

 

x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

 

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

 

x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe

 

 

 

 

x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>

 

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

 

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll

 

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

 

x64-Notify: igfxcui - igfxdev.dll

 

x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

 

x64-SSODL: WebCheck - <orphaned>

 

.

 

================= FIREFOX ===================

 

.

 

FF - ProfilePath - C:\Users\Brian Carroll\AppData\Roaming\Mozilla\Firefox\Profiles\gzpb9pao.default\

 

 

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

 

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

 

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

 

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

 

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

 

.

 

============= SERVICES / DRIVERS ===============

 

.

 

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

 

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-14 55856]

 

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2009-7-15 200720]

 

R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-8-15 67584]

 

R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2012-8-15 1131008]

 

R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2012-7-25 361888]

 

R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2012-11-8 126856]

 

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-14 13336]

 

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-7-14 165032]

 

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]

 

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]

 

R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-10-12 625816]

 

R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-3-14 1248256]

 

R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-7-5 45056]

 

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-5-11 265744]

 

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2010-5-11 42000]

 

R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2009-7-15 339984]

 

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-14 2656280]

 

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

 

R3 HP1210FAX;HP1210MFP FAX;C:\Windows\System32\drivers\HPM1210FAX.sys [2013-8-29 16896]

 

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-15 317440]

 

R3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-12-24 20480]

 

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

 

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmPfw.exe [2009-7-15 595960]

 

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-7-15 917768]

 

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

 

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

 

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

 

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

 

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

 

S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-8-29 32512]

 

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

 

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

 

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

 

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

 

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

 

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

 

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-12 1255736]

 

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

 

.

 

=============== Created Last 30 ================

 

.

 

2013-08-31 14:31:29 -------- d-----w- C:\Users\Brian Carroll\AppData\Roaming\Sammsoft

 

2013-08-31 14:31:04 -------- d-----w- C:\Program Files (x86)\MemTurbo 4

 

2013-08-31 14:30:55 -------- d-----w- C:\Program Files (x86)\ARO 2013

 

2013-08-31 14:30:23 -------- d-----w- C:\Users\Brian Carroll\AppData\Local\Programs

 

2013-08-31 10:43:03 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D455542A-6030-436E-9F94-BD6A02B66437}\offreg.dll

 

2013-08-30 22:41:44 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D455542A-6030-436E-9F94-BD6A02B66437}\mpengine.dll

 

2013-08-29 20:02:18 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

 

2013-08-29 16:14:07 81920 ----a-w- C:\Windows\SysWow64\mvusbews.dll

 

2013-08-29 16:11:23 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio

 

2013-08-29 16:10:24 -------- d-----w- C:\LJM1130_M1210_MFP_Full_Solution

 

2013-08-29 15:06:34 74240 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPM1210PP.dll

 

2013-08-29 15:05:13 49152 ----a-w- C:\Windows\System32\HPM1210SMs.dll

 

2013-08-29 15:05:10 409088 ----a-w- C:\Windows\System32\HPM1210LM.DLL

 

2013-08-29 15:05:10 1366528 ----a-w- C:\Windows\System32\HPM1210SM.exe

 

2013-08-29 15:04:08 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll

 

2013-08-29 15:04:08 16896 ----a-w- C:\Windows\System32\drivers\HPM1210FAX.sys

 

2013-08-29 15:03:59 89600 ----a-w- C:\Windows\System32\m1210wia2.dll

 

2013-08-29 15:03:59 38912 ----a-w- C:\Windows\System32\HPImgFlt.dll

 

2013-08-29 15:00:42 -------- d-----w- C:\Program Files\HP

 

2013-08-29 14:14:55 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys

 

2013-08-29 14:04:37 -------- d-----w- C:\ProgramData\HitmanPro

 

2013-08-22 15:54:24 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60B0EBC3-4DAB-4E1C-BB44-8522B13E570F}\gapaengine.dll

 

2013-08-14 12:18:59 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

 

2013-08-14 12:18:59 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

 

2013-08-14 12:18:59 1732032 ----a-w- C:\Windows\System32\ntdll.dll

 

2013-08-14 12:18:58 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

 

2013-08-14 12:18:57 243712 ----a-w- C:\Windows\System32\wow64.dll

 

2013-08-14 12:18:57 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

 

2013-08-14 12:18:55 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

 

2013-08-14 12:18:54 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

 

2013-08-14 12:18:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

 

2013-08-14 12:18:54 2048 ----a-w- C:\Windows\SysWow64\user.exe

 

2013-08-14 12:18:51 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

 

2013-08-14 12:18:51 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

 

.

 

==================== Find3M  ====================

 

.

 

2013-08-21 12:52:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

 

2013-08-21 12:52:02 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

 

2013-08-14 12:27:37 848 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

 

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

 

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

 

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

 

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

 

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

 

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

 

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

 

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

 

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

 

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

 

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

 

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

 

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

 

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

 

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

 

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

 

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

 

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

 

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

 

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

 

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

 

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

 

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

 

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

 

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

 

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

 

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

 

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

 

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

 

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

 

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

 

.

 

============= FINISH: 10:50:40.11 ===============

[TheChicken]

.MrCharlie;

 

here is the other log.

 

TC

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/10/2012 8:16:00 PM
System Uptime: 8/31/2013 9:21:48 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0D28YY
Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 221.663 GiB free.
D: is CDROM (CDFS)
F: is FIXED (FAT32) - 596 GiB total, 525.632 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\5&37175C19&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\5&37175C19&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP147: 8/15/2013 3:00:32 AM - Windows Update
RP148: 8/19/2013 2:39:21 AM - Windows Update
RP149: 8/19/2013 3:00:12 AM - Windows Update
RP150: 8/22/2013 11:52:41 AM - Windows Update
RP151: 8/26/2013 6:28:40 AM - Windows Update
RP152: 8/29/2013 10:26:30 AM - Windows Update
RP153: 8/31/2013 10:30:45 AM - ARO 2013 - Before Installation
RP154: 8/31/2013 10:31:33 AM - ARO 2013 - FIRST RUN
RP155: 8/31/2013 10:39:32 AM - ARO 2013 Sat, Aug 31, 13  10:39
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Akamai NetSession Interface
ARO 2013
Bing Bar
Bing Rewards Client Installer
BioAPI Framework
Cobian Backup 11 Gravity
Custom
CyberLink PowerDVD 9.5
D3DX10
Dell Backup and Recovery Manager
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
DellAccess
DirectX 9 Runtime
DMMultiView
EMBASSY Security Center
Gemalto
GeoVision ADPCM
GeoVision H264
GeoVision JPEG
GeoVision MPEG2
GeoVision MPEG4
GeoVision MPEG4 ASP
GeoVision MPEG4 AVC
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP LaserJet Professional M1130-M1210 MFP Series
HP LaserJet Professional M1210 MFP Series Fax Installer
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Network Connections 15.7.176.1
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java 6 Update 24
Java 6 Update 24 (64-bit)
Junk Mail filter update
MemTurbo 4
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NTRU TCG Software Stack
Pandora Service
PC-CCID
PhotoShowExpress
Preboot Manager
Private Information Manager
QuickBooks
QuickBooks Pro 2012
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Scan To
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sonic CinePlayer Decoder Pack
SPBA 5.9
The KMPlayer (remove only)
Trend Micro Client/Server Security Agent
Trusted Drive Manager
Ulead PhotoImpact 10 SE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Upek Touchchip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software Installer
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
8/31/2013 9:22:12 AM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
8/31/2013 9:22:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005]  - Unable to produce a minidump file from the full dump file.
8/31/2013 9:22:12 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000044, 0xfffff80002ca57fc, 0xfffff88008834150, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
8/31/2013 9:13:44 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
8/30/2013 9:51:34 AM, Error: Service Control Manager [7030]  - The HP SI Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/30/2013 8:19:09 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
8/30/2013 6:30:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
8/30/2013 6:30:01 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The pipe has been ended.
8/29/2013 12:01:45 PM, Error: Service Control Manager [7034]  - The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).
8/29/2013 10:15:00 AM, Error: Service Control Manager [7024]  - The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
8/29/2013 10:07:37 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
8/29/2013 10:07:37 AM, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/29/2013 10:04:38 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the QBIDPService service to connect.
8/29/2013 10:04:38 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the QBCFMonitorService service to connect.
8/29/2013 10:04:36 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Cobian Backup 11 Volume Shadow Copy Requester service to connect.
8/29/2013 10:04:36 AM, Error: Service Control Manager [7000]  - The Cobian Backup 11 Volume Shadow Copy Requester service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/29/2013 1:38:51 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
8/27/2013 4:24:38 PM, Error: Service Control Manager [7000]  - The Trend Micro Client/Server Security Agent Proxy Service service failed to start due to the following error:  The pipe has been ended.
8/27/2013 4:24:38 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: Network Inspection System   Error Code: 0x8007006d   Error description: The pipe has been ended.    Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
8/27/2013 4:24:37 PM, Error: Service Control Manager [7000]  - The Portable Device Enumerator Service service failed to start due to the following error:  A system shutdown is in progress.
8/27/2013 4:24:37 PM, Error: Service Control Manager [7000]  - The Microsoft Network Inspection service failed to start due to the following error:  The pipe has been ended.
8/27/2013 4:24:37 PM, Error: Service Control Manager [7000]  - The Human Interface Device Access service failed to start due to the following error:  A system shutdown is in progress.
8/27/2013 4:24:37 PM, Error: Service Control Manager [7000]  - The Diagnostic System Host service failed to start due to the following error:  A system shutdown is in progress.
8/27/2013 4:22:04 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/27/2013 4:22:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {285E95B2-ACD5-4405-8D24-2D73E65DD047}
8/27/2013 4:21:41 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr tmtdi vpcvmm Wanarpv6
8/27/2013 3:54:05 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vpcnfltr vpcvmm Wanarpv6 WfpLwf
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2013 3:54:05 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/27/2013 3:52:54 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
8/27/2013 12:23:56 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
8/27/2013 11:29:01 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Trend Micro Client/Server Security Agent service to connect.
8/27/2013 11:29:01 AM, Error: Service Control Manager [7000]  - The Trend Micro Client/Server Security Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

[MrCharlie]

RogueKiller log???? MrC

[TheChicken]

MrC:

 

here is the RK report

 

TC

 

 

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brian Carroll [Admin rights]
Mode : Scan -- Date : 08/31/2013 11:06:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKX-753CA1 +++++
--- User ---
[MBR] f2db8021e812a332a6b35d23f19acab0
[bSP] d1bb0450be0758aa2927623330157954 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15516 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31858688 | Size: 289688 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKX-753CA1 +++++
--- User ---
[MBR] b2247d3b81b0d393d60d8f43598708a7
[bSP] 2f6b85d256594f4c3a3709bde9ca8996 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08312013_110626.txt >>

[TheChicken]

MrC;

 

An fyi;

 

The 1st scan you had me do, the aro2013, this free trial fixed 50 errors, however, there are another 977 errors listed which did not get fixed.

 

Should I get the $24.95 version and proceed to repair those or should I hold off for the moment.

 

thank you.

 

TC

[MrCharlie]

The 1st scan you had me do, the aro2013, this free trial fixed 50 errors, however, there are another 977 errors listed which did not get fixed.

What are you talking about, the first scan was DDS which doesn't fix anything...it justs gives you 2 reports > DDS.txt and Attach.txt.

MrC

[TheChicken]

The 1st scan you had me do, the aro2013, this free trial fixed 50 errors, however, there are another 977 errors listed which did not get fixed.

What are you talking about, the first scan was DDS which doesn't fix anything...it justs gives you 2 reports > DDS.txt and Attach.txt.

MrC

I may be using wrong terminology but in your 1st reply to this thread you said I should start "here" with a link attached to the word "here".

 

when I went there the 1st thing recommended was to do the scan which when clicked took me to cnet download for aro2013, which I did.

 

I hope I did what I was supposed to, thought this was your recommendation.

 

please advise.

 

TC

[MrCharlie]

Here's where my HERE link takes you to:

http://forums.malwarebytes.org/index.php?showtopic=9573

From there you click on either one of these links for direct download of DDS:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://download.bleepingcomputer.com/sUBs/dds.com


The two links for RogueKiller are also direct downloads:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe

The program you ran looks like a registry cleaner and IMHO is designed to separate you from your money.
Is there any way you can undo was was done?
If not maybe system restore?
MrC

[TheChicken]

Here's where my HERE link takes you to:

http://forums.malwarebytes.org/index.php?showtopic=9573

From there you click on either one of these links for direct download of DDS:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://download.bleepingcomputer.com/sUBs/dds.com

The two links for RogueKiller are also direct downloads:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe

The program you ran looks like a registry cleaner and IMHO is designed to separate you from your money.

Is there any way you can undo was was done?

If not maybe system restore?

MrC

 

It's like it's getting worse and worse.

 

MrC, please tell me if I did not do as I was instructed.

 

By clicking on your "here" link in your 1st response, the very first instruction is to click on and do a quick scan on the provided link.

 

when I click that link, and I just went back and looked at it again, that link took me to a download of something called aro2013.  If I wasn't supposed to load that scan, why is it on your instruction page?

 

did I get this wrong?

 

please click your "here" link, then the first clickable instruction to scan and it will take you to this scan to download and run:

 

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

 

please advise.

 

and thank you.

 

TC

[MrCharlie]

You must be infected which is causing you to be redirected.

Here's where the first link goes to download Malwarebytes:

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Anyway, can you undo what that program did??

If not can you use system restore ?

If not.....

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[TheChicken]

First I have done the malwarebytes scan from the link you just provided - see results below.

 

I will now see if I can figure out the removal of that other scan I loaded when I was redirected to cnet.

 

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Brian Carroll :: BRIANCARROLL [administrator]

Protection: Enabled

8/31/2013 2:10:30 PM
MBAM-log-2013-08-31 (14-16-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231000
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Brian Carroll\AppData\Local\Temp\jar_cache77415517747957438.tmp (Trojan.Ransom) -> No action taken.
C:\Users\Brian Carroll\AppData\Local\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> No action taken.

(end)

[TheChicken]

MrC;

 

okay, it looks like I was able to uninstall aro2013 from my control panel. After which, a window popped up saying ARO2013 successfully removed.

 

Please let me know what to do next.

 

TC

[TheChicken]

further possible good news is that after I removed the aro2013 via my control panel uninstall feature, I went to reopen my malwarebytes desktop icon to perform another scan and something popped up when I clicked the icon - it was called Mem Turbo 4. It looked like it wanted to do a scan also but I quickly clicked out of it and deleted it, also from the control panel. 

 

Also, I thought as long as I'm there, I deleted the malwarebytes program and then reinstalled it right away with the direct link you provided and I ran another scan after download.

 

the result was no malicious items found - see below.

 

I still have the isssues of missing buttons, etc., that I listed in my original post.

 

pls let me know what to do next.

 

thx,

TC

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Brian Carroll :: BRIANCARROLL [administrator]

Protection: Disabled

8/31/2013 3:25:08 PM
mbam-log-2013-08-31 (15-25-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231295
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[TheChicken]

below are the 1st scan results from from the anti-rootweb folder.  no threats found.

 

I assume since no cleanup is needed then no need to perform a 2nd scan, right?

 

I will now go to the anti-rootkit folder and run the fixdamage.exe file as you suggested. will share those results shortly.

 

thank you.

 

TC

 

 Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.31.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Brian Carroll :: BRIANCARROLL [administrator]

Protection: Disabled

8/31/2013 3:49:26 PM
mbam-log-2013-08-31 (15-49-26).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 382021
Time elapsed: 39 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[TheChicken]

I hasve now run the fixdamage.exe file and still am having a problem with some missing buttons although there has been slight improvement.

 

worth mentioning is that everything I try to open is causing an alert to pop up from malwarebytes anti-malware stating it has successfully blocked access to a potentially malicious website 111.111.111.111  then something about port 49182 pandoraservice.exe then I saw port 50020 pandoraservice.exe then I saw port 50940 pandoraservice.exe - you get the idea, the port # changes each time but the rest is always the same. 

 

Please advise on a possible next move.

 

And, seriously, thank you for you help.

 

TC

[TheChicken]

Am I getting paranoid or what?

 

I have an errand to run and so I figured I would go to my desktop icon and click open the malwarebytes anti-malware program so I can do a full scan since I'm gonna be out for a little while. When I ckick it, now it has a box coming up that basically asks if I want to allow this program to make changes to my computer.  I just wanted the program to open like it did earlier so I could initiate a scan.

 

Is it supposed to now be showing the pop up box I described asking me to allow this program to change my pc?

 

btw, the 'blocking access to a potentially malicious website' warning has popped uptwice as I'm typing this message.

 

please advise -

 

TC

[MrCharlie]

Next.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[TheChicken]

I am readybto try this but for two questions:

 

1. I did not see how to disable the malwarebytes anti-malware program I now have on my desktop. I tried uopening it to have a look to see how but it's not obvious.

 

2.  I do not know how to disable windows firewall - didn't see that in the directions either.

 

please let me know and I'll do that and start the combofix.

 

worth mentioning is that when I became suspicious of the malwarebytes anti-malware that is now on my desktop (from the direct link you provided me, I tried to verify the security certificate and it show that it has expired in June 2013.

 

Please comment as to whether this should be of concern.

 

From the perspective of the guy with the injured pc, that certificate being expired doesn't inspire confidence. Please do comment on this.

 

thanks,

TC

[MrCharlie]

worth mentioning is that when I became suspicious of the malwarebytes anti-malware that is now on my desktop (from the direct link you provided me, I tried to verify the security certificate and it show that it has expired in June 2013.

Please comment as to whether this should be of concern.

 

It's not my product...contact Malwarebytes

 

------------------------------------

 

You don't have to disable Malwarebytes or the firewall.

 

MrC

[TheChicken]

ComboFix 13-08-31.01 - Brian Carroll 08/31/2013  20:45:53.1.4 - x64

 

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3977.2296 [GMT -4:00]

 

Running from: c:\users\Brian Carroll\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15MNTQ0L\ComboFix.exe

 

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

 

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

 

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

 

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

 

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

C:\install.exe

 

c:\users\Brian Carroll\AppData\Roaming\skype.ini

 

.

 

.

 

(((((((((((((((((((((((((   Files Created from 2013-08-01 to 2013-09-01  )))))))))))))))))))))))))))))))

 

.

 

.

 

2013-09-01 00:03 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27C0A548-5D84-4DF3-B6B6-26832EB94813}\mpengine.dll

 

2013-08-31 22:19 . 2013-08-31 22:19 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Macromedia

 

2013-08-31 21:12 . 2013-08-31 21:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

 

2013-08-31 19:23 . 2013-08-31 19:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

 

2013-08-31 19:23 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

 

2013-08-31 18:08 . 2013-08-31 18:08 -------- d-----w- c:\users\Brian Carroll\AppData\Roaming\Malwarebytes

 

2013-08-31 18:08 . 2013-08-31 18:08 -------- d-----w- c:\programdata\Malwarebytes

 

2013-08-31 14:30 . 2013-08-31 14:30 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Programs

 

2013-08-30 22:41 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

 

2013-08-30 13:49 . 2013-08-30 13:49 -------- d-----w- c:\programdata\HP

 

2013-08-29 19:53 . 2013-08-29 19:53 -------- d-----w- c:\users\Brian Carroll\AppData\Local\Mozilla

 

2013-08-29 19:53 . 2013-08-29 19:53 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

 

2013-08-29 16:14 . 2012-11-08 03:00 81920 ----a-w- c:\windows\SysWow64\mvusbews.dll

 

2013-08-29 16:11 . 2013-08-29 16:11 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio

 

2013-08-29 16:10 . 2013-08-29 16:11 -------- d-----w- C:\LJM1130_M1210_MFP_Full_Solution

 

2013-08-29 15:06 . 2012-09-29 17:25 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPM1210PP.dll

 

2013-08-29 15:05 . 2012-11-08 11:00 49152 ----a-w- c:\windows\system32\HPM1210SMs.dll

 

2013-08-29 15:05 . 2012-09-29 17:26 1366528 ----a-w- c:\windows\system32\HPM1210SM.exe

 

2013-08-29 15:05 . 2012-09-29 17:25 409088 ----a-w- c:\windows\system32\HPM1210LM.DLL

 

2013-08-29 15:04 . 2012-11-08 11:00 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

 

2013-08-29 15:04 . 2012-11-08 11:00 16896 ----a-w- c:\windows\system32\drivers\HPM1210FAX.sys

 

2013-08-29 15:03 . 2012-11-08 11:00 89600 ----a-w- c:\windows\system32\m1210wia2.dll

 

2013-08-29 15:03 . 2012-11-08 11:00 38912 ----a-w- c:\windows\system32\HPImgFlt.dll

 

2013-08-29 15:00 . 2013-08-29 15:00 -------- d-----w- c:\program files\HP

 

2013-08-29 14:14 . 2013-08-29 14:14 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys

 

2013-08-29 14:04 . 2013-08-29 14:14 -------- d-----w- c:\programdata\HitmanPro

 

2013-08-22 15:54 . 2013-08-22 15:53 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60B0EBC3-4DAB-4E1C-BB44-8522B13E570F}\gapaengine.dll

 

2013-08-15 07:12 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll

 

2013-08-15 07:12 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll

 

2013-08-14 12:18 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe

 

2013-08-14 12:18 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll

 

2013-08-14 12:18 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

 

2013-08-14 12:18 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

 

2013-08-14 12:18 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll

 

2013-08-14 12:18 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

 

2013-08-14 12:18 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll

 

2013-08-14 12:18 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe

 

2013-08-14 12:18 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe

 

2013-08-14 12:18 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe

 

2013-08-14 12:18 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

 

2013-08-14 12:18 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

 

.

 

.

 

.

 

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

2013-08-31 22:17 . 2012-11-16 12:28 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

 

2013-08-31 22:17 . 2012-11-16 12:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

 

2013-07-17 02:51 . 2012-10-02 07:14 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

 

2013-07-09 04:45 . 2013-08-14 12:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 226304 ----a-w- c:\windows\system32\elshyph.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

 

2013-06-05 07:07 . 2013-06-05 07:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 361984 ----a-w- c:\windows\SysWow64\html.iec

 

2013-06-05 07:07 . 2013-06-05 07:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

 

2013-06-05 07:07 . 2013-06-05 07:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 216064 ----a-w- c:\windows\system32\msls31.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 197120 ----a-w- c:\windows\system32\msrating.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 81408 ----a-w- c:\windows\system32\icardie.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 441856 ----a-w- c:\windows\system32\html.iec

 

2013-06-05 07:07 . 2013-06-05 07:07 281600 ----a-w- c:\windows\system32\dxtrans.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 235008 ----a-w- c:\windows\system32\url.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

 

2013-06-05 07:07 . 2013-06-05 07:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

 

2013-06-05 07:07 . 2013-06-05 07:07 27648 ----a-w- c:\windows\system32\licmgr10.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 247296 ----a-w- c:\windows\system32\webcheck.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 97280 ----a-w- c:\windows\system32\mshtmled.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 599552 ----a-w- c:\windows\system32\vbscript.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 167424 ----a-w- c:\windows\system32\iexpress.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 144896 ----a-w- c:\windows\system32\wextract.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 102912 ----a-w- c:\windows\system32\inseng.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 62976 ----a-w- c:\windows\system32\pngfilt.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 51200 ----a-w- c:\windows\system32\imgutil.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 149504 ----a-w- c:\windows\system32\occache.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 13824 ----a-w- c:\windows\system32\mshta.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 136192 ----a-w- c:\windows\system32\iepeers.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

 

2013-06-05 07:07 . 2013-06-05 07:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe

 

2013-06-05 07:07 . 2013-06-05 07:07 77312 ----a-w- c:\windows\system32\tdc.ocx

 

2013-06-05 03:34 . 2013-07-10 09:01 3153920 ----a-w- c:\windows\system32\win32k.sys

 

2013-06-04 06:00 . 2013-07-10 08:58 624128 ----a-w- c:\windows\system32\qedit.dll

 

2013-06-04 04:53 . 2013-07-10 08:58 509440 ----a-w- c:\windows\SysWow64\qedit.dll

 

.

 

.

 

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

 

.

 

.

 

*Note* empty entries & legit default entries are not shown

 

REGEDIT4

 

.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"Akamai NetSession Interface"="c:\users\Brian Carroll\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

 

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

 

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]

 

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

 

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

 

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1705296]

 

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

 

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

 

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

 

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-03-14 2215768]

 

"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]

 

"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-07-31 4407808]

 

.

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

 

Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-3-14 5961048]

 

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-14 1175912]

 

QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE -silent [2012-3-14 1178984]

 

WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2012-8-10 118784]

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

 

"ConsentPromptBehaviorAdmin"= 5 (0x5)

 

"ConsentPromptBehaviorUser"= 3 (0x3)

 

"EnableUIADesktopToggle"= 0 (0x0)

 

"PromptOnSecureDesktop"= 0 (0x0)

 

"DisableCAD"= 1 (0x1)

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

 

"aux"=wdmaud.drv

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

 

@=""

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 

@="Service"

 

.

 

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

 

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

 

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]

 

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

 

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

 

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]

 

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

 

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

 

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

 

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]

 

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

 

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

 

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

 

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

 

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

 

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys;c:\windows\SYSNATIVE\DRIVERS\tmlwf.sys [x]

 

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]

 

S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]

 

S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]

 

S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [x]

 

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]

 

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

 

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

 

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]

 

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

 

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

 

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]

 

S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]

 

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [x]

 

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [x]

 

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [x]

 

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\tmwfp.sys [x]

 

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

 

S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\Drivers\HPM1210FAX.sys;c:\windows\SYSNATIVE\Drivers\HPM1210FAX.sys [x]

 

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

 

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

 

S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]

 

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [x]

 

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [x]

 

.

 

.

 

--- Other Services/Drivers In Memory ---

 

.

 

*NewlyCreated* - WS2IFSL

 

.

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

 

2013-08-30 01:32 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

 

.

 

Contents of the 'Scheduled Tasks' folder

 

.

 

2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job

 

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-16 22:17]

 

.

 

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

 

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 00:35]

 

.

 

2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

 

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 00:35]

 

.

 

.

 

--------- X64 Entries -----------

 

.

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

 

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

 

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

 

2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

 

.

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

 

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

 

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

 

2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2010-10-04 2907240]

 

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-09 167960]

 

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-09 391704]

 

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-09 417304]

 

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

 

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

 

.

 

------- Supplementary Scan -------

 

.

 

uLocal Page = c:\windows\system32\blank.htm

 

 

mLocal Page = c:\windows\SysWOW64\blank.htm

 

uInternet Settings,ProxyOverride = <local>

 

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

 

Trusted Zone: ct.gov

 

Trusted Zone: ct.gov\drsbustax

 

Trusted Zone: ct.gov\www

 

TCP: DhcpNameServer = 68.94.156.1 68.94.157.1

 

 

FF - ProfilePath - c:\users\Brian Carroll\AppData\Roaming\Mozilla\Firefox\Profiles\gzpb9pao.default\

 

 

.

 

- - - - ORPHANS REMOVED - - - -

 

.

 

Toolbar-Locked - (no file)

 

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

 

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

 

Toolbar-Locked - (no file)

 

AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe

 

.

 

.

 

.

 

--------------------- LOCKED REGISTRY KEYS ---------------------

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

 

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker5"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="FlashBroker"

 

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

 

"Enabled"=dword:00000001

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Shockwave Flash Object"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

 

@="0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="ShockwaveFlash.ShockwaveFlash.11"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="ShockwaveFlash.ShockwaveFlash"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

 

@Denied: (A 2) (Everyone)

 

@="Macromedia Flash Factory Object"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

 

"ThreadingModel"="Apartment"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

 

@="FlashFactory.FlashFactory.1"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

 

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

 

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

 

@="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

 

@="FlashFactory.FlashFactory"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

 

@Denied: (A 2) (Everyone)

 

@="IFlashBroker5"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

 

@="{00020424-0000-0000-C000-000000000046}"

 

.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

 

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

"Version"="1.0"

 

.

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

 

@Denied: (Full) (Everyone)

 

.

 

------------------------ Other Running Processes ------------------------

 

.

 

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

 

c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

 

c:\program files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

 

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

 

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

c:\program files (x86)\Common Files\Java\Java Update\jusched.exe

 

.

 

**************************************************************************

 

.

 

Completion time: 2013-08-31  20:56:21 - machine was rebooted

 

ComboFix-quarantined-files.txt  2013-09-01 00:56

 

.

 

Pre-Run: 238,134,898,688 bytes free

 

Post-Run: 238,714,884,096 bytes free

 

.

 

- - End Of File - - 51F7715ABBC91C1A4B74E2AB83D505A9