Piano Man Corrupt

[TouroLouco]

Hi,

 

I was hoping that someone might have a solution for this virus. We have three machines affected at our company and others that were affected in the past that we could not resolve.

 

Is there a way that we can remove this virus and recover the corrupt files. Any suggestions would be greatly welcomed. I Have searched the net with no luck.

 

Here are the logs from DDS:

 

DDS LOG

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16506
Run by robertord at 13:05:14 on 2013-10-09
#Option Extended Search is enabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1033.18.3993.2030 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Users\robertord\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\SysWOW64\srvany.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files (x86)\Print Audit Inc\Print Audit 6\Client\pa6clhlp64.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Scpad\scpVista.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\CCM\CcmExec.exe
C:\Windows\CCM\RemCtrl\CmRcService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\CCM\SCNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\robertord\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Print Audit Inc\Print Audit 6\Client\pa6clint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\robertord\69PT5gC.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\Misc\xpupg.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uWindow Title = Windows Internet Explorer provided by PME - Projeto Moatize Expansão

uURLSearchHooks: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll
uURLSearchHooks: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - <orphaned>
mURLSearchHooks: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll
mURLSearchHooks: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll
BHO: ssh2 Class: {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\robertord\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: DealPly Shopping: {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll
BHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.16.10\bh\Softonic.dll
BHO: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentBar_PT Toolbar: {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll
TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.16.10\SoftonicTlbr.dll
TB: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - C:\Program Files (x86)\uTorrentBar_PT\prxtbuTor.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
uRun: [uTorrent] "C:\Users\robertord\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
mRun: [PrintAudit6] C:\Program Files (x86)\Print Audit Inc\Print Audit 6\Client\pa6clint.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [iME14 CHS Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHS /Log
mRun: [iME14 KOR Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /KOR /Log
mRun: [iME14 JPN Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /JPN /Log
mRun: [iME14 CHT Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\ROBERT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\4VJpyeO.lnk - C:\Users\robertord\69PT5gC.exe
StartupFolder: C:\Users\robertord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mensagem-Vozrobertord2014.cpl
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm




TCP: NameServer = 10.28.16.11 10.1.0.11
TCP: Interfaces\{6026EDBE-BC2E-4FE4-8CF3-FC7A99833C45} : DHCPNameServer = 10.28.16.28 10.1.1.12 10.1.1.14 10.1.0.11 10.28.16.11
TCP: Interfaces\{6026EDBE-BC2E-4FE4-8CF3-FC7A99833C45}\76575637471493 : DHCPNameServer = 10.28.16.11 172.21.2.1
TCP: Interfaces\{6026EDBE-BC2E-4FE4-8CF3-FC7A99833C45}\F4543475C414E4 : DHCPNameServer = 10.28.22.4 10.1.1.12 10.1.1.14 10.1.0.11
TCP: Interfaces\{DC56EC44-B858-4A72-857B-65BF30CA3E11} : DHCPNameServer = 10.28.16.11 10.1.0.11
TCP: Interfaces\{EF75A020-AC07-45EB-93E2-E34C2E987E97} : DHCPNameServer = 10.28.16.11 10.1.0.11
TCP: Interfaces\{EF75A020-AC07-45EB-93E2-E34C2E987E97}\65D27455543545 : DHCPNameServer = 10.47.237.86 10.47.237.95
TCP: Interfaces\{EF75A020-AC07-45EB-93E2-E34C2E987E97}\74575637472483 : DHCPNameServer = 10.28.16.11 172.21.2.1
TCP: Interfaces\{EF75A020-AC07-45EB-93E2-E34C2E987E97}\7657563747 : DHCPNameServer = 10.28.16.11 172.21.2.1
TCP: Interfaces\{EF75A020-AC07-45EB-93E2-E34C2E987E97}\76575637472483 : DHCPNameServer = 10.28.16.11 172.21.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
SSODL: WebCheck - <orphaned>
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-Run: [iME14 CHS Uninstall] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHS /Log
x64-Run: [iME14 KOR Uninstall] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /KOR /Log
x64-Run: [iME14 JPN Uninstall] C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /JPN /Log
x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-17 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-3-17 22128]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-17 89600]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-5-10 2683712]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
R2 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2012-2-20 605040]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\robertord\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-4-9 107520]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-10-3 410440]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-3-17 8192]
R2 PA6ClientHelper;Print Audit 6 Client Helper 64-bit;C:\Program Files (x86)\Print Audit Inc\Print Audit 6\Client\pa6clhlp64.exe [2010-4-7 375632]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 scpVista;scpVista;C:\Program Files (x86)\Scpad\scpVista.exe [2012-9-24 368544]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-17 2656280]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2012-3-17 27760]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-3-17 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-17 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-3-17 172960]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-17 317440]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2012-3-17 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2012-3-17 83560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 dealplylive;Serviço do DealPly Live (dealplylive);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-8-20 148000]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-10-7 573952]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2012-7-17 348448]
S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2012-7-17 43296]
S3 dealplylivem;Serviço do DealPly Live (dealplylivem);C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-8-20 148000]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-17 158976]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-12-6 50472]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2011-12-6 50472]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2012-3-17 72808]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-12 42184]
S3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2013-9-12 917016]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 60 ================
.
2013-10-09 10:34:41 -------- d-----w- C:\Users\robertord\AppData\Roaming\Malwarebytes
2013-10-09 10:34:30 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-09 10:34:27 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-09 10:34:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-09 10:33:27 -------- d-----w- C:\Users\robertord\AppData\Local\Programs
2013-10-09 09:22:24 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02401EF5-BB3E-43E5-9853-52DDA96E2B66}\offreg.dll
2013-10-09 01:40:36 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02401EF5-BB3E-43E5-9853-52DDA96E2B66}\mpengine.dll
2013-10-07 07:21:20 -------- d-----w- C:\ProgramData\GAS Tecnologia
2013-09-26 12:04:37 -------- d-----w- C:\Program Files\VirtualDJ
2013-09-26 12:00:26 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2013-09-13 12:59:17 -------- d-----w- C:\Windows\SysWow64\CCM
2013-09-13 12:59:17 -------- d-----w- C:\Windows\ms
2013-09-13 12:59:17 -------- d-----w- C:\Windows\ccmcache
2013-09-13 12:59:17 -------- d-----w- C:\Windows\CCM
2013-09-13 12:56:31 -------- d-----w- C:\Program Files\Microsoft Policy Platform
2013-09-13 05:14:14 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-09-13 05:12:18 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-13 05:04:34 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys
2013-09-12 08:15:19 -------- d-----w- C:\temp
2013-09-12 08:11:29 173992 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-22 08:25:42 -------- d-----w- C:\Users\robertord\AppData\Roaming\Macrovision
2013-08-22 08:25:15 -------- d-----w- C:\Users\robertord\AppData\Local\Sonic_Solutions
2013-08-21 05:35:58 -------- d-----w- C:\Users\robertord\AppData\Roaming\Roxio Burn
2013-08-20 05:12:47 -------- d-----w- C:\Users\robertord\AppData\Roaming\uTorrent
2013-08-20 05:12:04 -------- d-----w- C:\Users\robertord\AppData\Local\DealPlyLive
2013-08-20 05:12:04 -------- d-----w- C:\ProgramData\DealPlyLive
2013-08-20 05:12:04 -------- d-----w- C:\Program Files (x86)\DealPlyLive
2013-08-20 05:12:02 -------- d-----w- C:\Users\robertord\AppData\Roaming\Dealply
2013-08-20 05:11:51 -------- d-----w- C:\Program Files (x86)\DealPly
2013-08-20 05:11:50 -------- d-----w- C:\Users\robertord\AppData\Roaming\0B1T1L2V1T1J1L
2013-08-15 05:19:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-15 05:19:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-15 05:19:36 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-15 05:19:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-15 05:19:35 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-15 05:19:35 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-15 05:19:35 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-15 05:19:35 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-15 05:11:33 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-15 05:11:33 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-15 05:11:01 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-15 05:11:00 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-15 05:10:13 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-15 05:09:26 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-14 06:00:44 24286400 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-08-14 05:53:56 18634944 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find6M  ====================
.
2013-10-08 17:37:31 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 17:37:31 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-03 05:25:15 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-07-03 05:25:15 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-06-18 12:09:06 109080 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-15 22:03:52 1330016 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2013-05-15 22:03:48 670560 ----a-w- C:\Windows\SysWow64\RealMediaSplitter.ax
2013-05-15 22:03:48 495968 ----a-w- C:\Windows\SysWow64\oggsplitter.ax
2013-05-15 22:03:44 555872 ----a-w- C:\Windows\SysWow64\MatroskaSplitter.ax
2013-05-15 22:03:36 385376 ----a-w- C:\Windows\SysWow64\cdxareader.ax
2013-05-15 22:03:34 480096 ----a-w- C:\Windows\SysWow64\AviSplitter.ax
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 11:35:52 135168 ----a-w- C:\Users\robertord\69PT5gC.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 13:05:30,21 ===============
 

Attach Log

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 15/08/2012 17:25:22
System Uptime: 09/10/2013 12:41:59 (1 hours ago)
.
Motherboard: Dell Inc. |  | 0H5TG2
Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 120,698 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP125: 25/09/2013 04:32:54 - Windows Update
RP126: 26/09/2013 13:59:50 - Installed VirtualDJ PRO Full
RP127: 03/10/2013 02:47:46 - Windows Update
RP128: 07/10/2013 02:28:29 - Windows Update
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.04)
Apple Mobile Device Support
Apple Software Update
µTorrent
AuthenTec Fingerprint Software
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BS.Player FREE
BS_Player Toolbar
Conduit Engine
Configuration Manager Client
Custom
CyberLink PowerDVD 9.5
D3DX10
Dealply
DealPly (remove only)
DefaultTab
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Backup and Recovery Manager
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
Dell Touchpad
Dell Webcam Central
DellAccess
Digital Line Detect
DirectX 9 Runtime
doPDF 7.2 printer
DWG TrueView 2011
EMBASSY Security Center
Gemalto
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
Intel PROSet Wireless
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java 6 Update 25
Junk Mail filter update
K-Lite Codec Pack 7.5.0 (Full)
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Classic - Home Cinema v1.5.2.3456 x64
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Policy Platform
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
MSVC80_x64
MSVC80_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
NTRU TCG Software Stack
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
PC-CCID
PhotoShowExpress
Preboot Manager
Print Audit 6
Private Information Manager
QuickTime
RBVirtualFolder64Inst
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 64-Bit Edition
Skype Click to Call
Skype™ 6.7
Softonic toolbar  on IE and Chrome
Sonic CinePlayer Decoder Pack
SPBA 5.9
Suporte para Aplicativos Apple
Trend Micro OfficeScan Client
Trusted Drive Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Upek Touchchip Fingerprint Reader
uTorrent Packages
uTorrentBar_PT Toolbar
VirtualDJ PRO Full
Wave Infrastructure Installer
Wave Support Software Installer
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
WinRAR archiver
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
09/10/2013 12:59:25, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
09/10/2013 12:46:57, Error: Application Management Group Policy [103]  - The removal of the assignment of application Silverlight from policy PME - Silverlight failed.  The error was : %%2
09/10/2013 12:45:39, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
09/10/2013 12:42:40, Error: Service Control Manager [7034]  - The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).
09/10/2013 12:42:25, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain ODEBRECHT due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
09/10/2013 12:42:24, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
09/10/2013 11:58:50, Error: Microsoft-Windows-GroupPolicy [1055]  - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
09/10/2013 11:06:55, Error: Application Management Group Policy [108]  - Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : %%1603
09/10/2013 11:06:55, Error: Application Management Group Policy [102]  - The install of application Silverlight from policy PME - Silverlight failed.  The error was : %%1603
09/10/2013 11:05:10, Error: Service Control Manager [7030]  - The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
09/10/2013 11:01:19, Error: bowser [8003]  - The master browser has received a server announcement from the computer PCMD00297 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DC56EC44-B858-4A72-857B-65BF30CA3E11}. The master browser is stopping or an election is being forced.
08/10/2013 13:51:59, Error: Microsoft-Windows-GroupPolicy [1054]  - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
08/10/2013 07:12:21, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
08/10/2013 07:06:53, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the OfficeScan NT Listener service to connect.
08/10/2013 07:06:53, Error: Service Control Manager [7000]  - The OfficeScan NT Listener service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
07/10/2013 17:28:21, Error: bowser [8003]  - The master browser has received a server announcement from the computer MTZ-AGEMOATIZE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DC56EC44-B858-4A72-857B-65BF30CA3E11}. The master browser is stopping or an election is being forced.
07/10/2013 07:17:08, Error: Microsoft-Windows-Security-Kerberos [5]  - The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server pcmd00185$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time).  Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm ODEBRECHT.NET is in sync with the KDC in the client realm.
06/10/2013 18:40:45, Error: Microsoft-Windows-GroupPolicy [1058]  - The processing of Group Policy failed. Windows attempted to read the file \\odebrecht.net\SysVol\odebrecht.net\Policies\{C5C48CBA-9EB5-4D4B-9A36-368689CFE072}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.
03/10/2013 17:06:52, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
03/10/2013 16:41:04, Error: bowser [8003]  - The master browser has received a server announcement from the computer PCMD00282 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DC56EC44-B858-4A72-857B-65BF30CA3E11}. The master browser is stopping or an election is being forced.
03/10/2013 07:13:25, Error: Microsoft-Windows-Security-Kerberos [4]  - The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server pcml00117$. The target name used was cifs/pcmd00185.odebrecht.net. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (ODEBRECHT.NET) is different from the client domain (ODEBRECHT.NET), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
03/10/2013 04:26:49, Error: Microsoft-Windows-GroupPolicy [1030]  - The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
.
==== End Of File ===========================
 

Im going to run Malwarebytes in Safemode, but I wanted to get these logs out first. I can post back with results if necessary.

 

Thanks

 

 

[MrCharlie]

Welcome to the forum, don't you have an IT department that can handle this??

 

MrC

[TouroLouco]

Hi MrCharlie,

 

I am the IT Department. I'm looking for help on this issue as we have not been able to come up with a solution to recovering the files. We work with Trend which does pick up the virus. As an IT department we are taking the appropriate measures by sending the files to Trend for analysis etc.. but thats a step to prevent future occurences. 

 

Resolving the problem of the machine is very simple. Remove the virus, backup the information we can salvage and format the machine. 

 

The problem is not removing the virus, the problem is recovering the documents. Perhaps this is not the right place to talk about recovering documents but since it started with a virus, apart from the fact that I am a paying customer with Malwarebytes (Not as a company but personal) I though it would be a good idea to start here. It effects Excel, Word, Outlook and Acess... Yes, there are solutions out there that cost money and a lot of it to recover the information. Is it worth the money, well probably not because we do have the necessary backups of company Data but as there is line to what gets transferred to a backup such as personal information and company information we are limited as price per gb is not cheap. 

 

So my idea was to try and find out if there was anyone who was able torecover from the virus and magically uncorrupt the files

 

Thansk

[MrCharlie]

I did find something new that's supposed to work but it's new, I don't know anything about the folks who developed it and if they're trustworthy.

 

I'll give you the phrase to Google and you can read about it, just be on notice that being company machines...I'm not recommending you use it, You take full responsibility for anything you decide to try off the web.

 

Let me know....MrC

 

[TouroLouco]

The folks from Zim? If its the same webpage Im going to test it, just getting everything off the machine that i can salvage and give it a bang.

The Only thing is its specific to Word Documents. Excel and outlook is what i need.

I think there is also someone charging 50usd on a facebook page.

I can get back to you on the results.

Regards

[MrCharlie]

Yes, that's them........I saw on Facebook they're working on excel.

 

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!