Jump to content

Suspected malware PC not responding svchost.exe high memory


Recommended Posts

PC has been acting up. seems bogged down and not responding a lot. Microsoft Antimalware detected 2 Java exploits and cleaned them:

Exploit:Java/CVE-2010-0840

Exploit:Java/CVE-2011-3544

Malware bytes found:

Trojan.Pincher in a file install.exe

PUP.Optional.InstallIQ.A in a file C:\Users\mjzraz\Downloads\movie_player_d1041378.exe

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.40.2
Run by mjzraz at 17:33:38 on 2013-10-29
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.1.1033.18.4022.398 [GMT -4:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Imprivata\OneSign Agent\x64\SSOWOW64Bridge.exe
C:\Program Files (x86)\Imprivata\OneSign Agent\SSOManHost.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe
C:\Program Files\EMC\ManagementServer\NaviGovernor.exe
C:\PROGRA~2\EMC\SERVER~1\REGSER~1.EXE
C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Imprivata\OneSign Agent\ISXAgent.exe
C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXAgent64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Windows\CCM\CcmExec.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Windows\CCM\RemCtrl\CmRcService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\CCM\SCNotification.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
C:\Windows\system32\notepad.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\System Center Operations Manager\Agent\HealthService.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\System Center Operations Manager\Agent\MonitoringHost.exe
C:\Program Files\VMware\VMware View\Client\bin\wswc.exe
C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks-container.exe
C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: SSO Screen Change Support BHO: {A04C360C-43EB-433F-921C-C2037975A350} - C:\Program Files (x86)\Imprivata\OneSign Agent\BHO_Events.dll
BHO: SSO Browser Helper Object: {A683EEA9-ECFA-45A2-BCA9-7D9D54AD58AE} - C:\Program Files (x86)\Imprivata\OneSign Agent\ISXBHO.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan
StartupFolder: C:\Users\mjzraz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mjzraz\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\mjzraz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\mjzraz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP_Service_Manager.cmd
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UserPolicyMode = dword:1
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: benefits.org
Trusted Zone: medicine.org
Trusted Zone: learnshare.com
Trusted Zone: uwcm.org
TCP: NameServer = 10.200.1.1 10.200.2.2
TCP: Interfaces\{4597603F-E5B0-4CE6-B5F4-054B9B4D901F} : NameServer = 10.181.31.83,162.129.20.10
TCP: Interfaces\{4597603F-E5B0-4CE6-B5F4-054B9B4D901F} : DHCPNameServer = 10.200.1.1 10.200.2.2
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: ScCertProp - <no file>
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u wsauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: SSO Screen Change Support BHO: {A04C360C-43EB-433F-921C-C2037975A350} - C:\Program Files (x86)\Imprivata\OneSign Agent\x64\BHO_Events64.dll
x64-BHO: SSO Browser Helper Object: {A683EEA9-ECFA-45A2-BCA9-7D9D54AD58AE} - C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXBHO64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [Apoint] \DellTPad\Apoint.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [sACMonitor] "C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Trusted Zone: learnshare.com
x64-Trusted Zone: uwcm.org
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: ScCertProp - <no file>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mjzraz\AppData\Roaming\Mozilla\Firefox\Profiles\569tzti0.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-11 53488]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-31 202752]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-7-8 120848]
R2 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2012-11-21 633952]
R2 dcevt64;DSM SA Event Manager;C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [2011-1-21 222168]
R2 dcstor64;DSM SA Data Manager;C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [2011-1-21 293336]
R2 NaviGovernor;NaviGovernor;C:\Program Files\EMC\ManagementServer\NaviGovernor.exe []
R2 NavisphereRegistration;Navisphere Registration;C:\PROGRA~2\EMC\SERVER~1\REGSER~1.EXE [2012-4-19 1843200]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 AKSUP;AKSUP;C:\Windows\System32\drivers\aksup.sys [2012-8-23 44712]
R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2010-10-21 38472]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-1-31 301232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-31 56344]
R3 iKeyEnum;Rainbow iKey Enumerator;C:\Windows\System32\drivers\IKEYENUM.SYS [2010-3-18 16160]
R3 iKeyIFD;Rainbow iKey Virtual Reader;C:\Windows\System32\drivers\IKEYIFD.SYS [2010-3-18 22304]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-10-1 2746704]
S3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-1-31 26160]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\System32\drivers\d554gps64.sys [2011-1-31 96296]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;C:\Windows\System32\drivers\wwuss64.sys [2011-1-31 26664]
S3 ecnssndisfltr;SSNDIS filter service;C:\Windows\System32\drivers\wwussf64.sys [2011-1-31 30248]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-15 1038088]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-31 158976]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2011-1-31 378952]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2011-1-31 416328]
S3 qcfilterdl2k;Gobi 2000 USB Composite Device Filter Driver(413C-8186);C:\Windows\System32\drivers\qcfilterdl2k.sys [2011-1-31 6400]
S3 qcusbserdl2k;Gobi 2000 USB Device for Legacy Serial Communication(413C-8186);C:\Windows\System32\drivers\qcusbserdl2k.sys [2011-1-31 121600]
S3 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-1-31 61952]
S3 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-1-31 81920]
S3 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-1-31 55808]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-10-29 18:05:25 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B58FC858-9A53-486A-8EAB-AE3C464C83CB}\mpengine.dll
2013-10-29 12:08:56 -------- d-----w- C:\Program Files\System Center Operations Manager
2013-10-29 12:01:46 -------- d-----w- C:\_SMSTaskSequence
2013-10-28 18:18:53 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-10-28 18:12:51 106088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-10-28 11:33:37 -------- d-----w- C:\Program Files\Windows Firewall Configuration Provider
2013-10-28 11:27:48 -------- d-----w- C:\Windows\ms
2013-10-28 11:27:48 -------- d-----w- C:\Windows\ccmcache
2013-10-28 11:27:48 -------- d-----w- C:\Windows\CCM
2013-10-28 11:25:25 -------- d-----w- C:\Program Files\Microsoft Policy Platform
2013-10-28 10:52:46 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-10-23 18:49:37 -------- d-----w- C:\Users\mjzraz\AppData\Roaming\webex
2013-10-03 12:01:50 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-10-01 20:04:38 -------- d-----w- C:\ProgramData\SolarWinds
2013-10-01 20:03:57 -------- d-----w- C:\Program Files (x86)\SolarWinds
2013-10-01 17:27:19 -------- d-----w- C:\ProgramData\Oracle
2013-10-01 17:26:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-10-17 08:38:57 120848 ----a-w- C:\Windows\SysWow64\atashost.exe
2013-10-16 14:04:07 219216 ----a-w- C:\Windows\SysWow64\atsckernel.exe
2013-10-01 17:26:30 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-10-01 17:26:30 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 17:38:14.34 ===============
 
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise 
Boot Device: \Device\HarddiskVolume2
Install Date: 3/23/2011 10:08:17 AM
System Uptime: 10/28/2013 1:59:20 PM (28 hours ago)
.
Motherboard: Dell Inc. |  | 0C522T
Processor: Intel® Core i7 CPU         870  @ 2.93GHz | CPU | 1170/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 26.016 GiB free.
D: is CDROM (UDF)
G: is NetworkDisk (NTFS) - 100 GiB total, 288.727 GiB free.
H: is NetworkDisk (NTFS) - 1024 GiB total, 99.026 GiB free.
I: is NetworkDisk (NTFS) - 245 GiB total, 288.727 GiB free.
W: is NetworkDisk (NTFS) - 469 GiB total, 115.951 GiB free.
X: is NetworkDisk (NTFS) - 419 GiB total, 115.951 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Help Center 1.0
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS2
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Reader XI (11.0.05)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Alertus Desktop Alert
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Bomgar Representative Console 12.3.2 [mysupport.jhmi.edu]
Bonjour
Bonjour Print Services
Celerra Monitor V2.3 on 10.15.90.50
Celerra Monitor V2.3 on 10.173.6.100
Celerra Monitor V2.3 on 10.173.6.103
CelerraCifsMgmt v4.4.0.7
Cisco Fabric Manager - 10.181.167.120
Cisco WebEx Meetings
Citrix Authentication Manager
Citrix Online Launcher
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Configuration Manager Client
Connect
CyberLink PowerDVD 9.5
Dell OpenManage Client Instrumentation
Dell Touchpad
Download Updater (AOL LLC)
Dropbox
Evernote v. 5.0.2
FileZilla Client 3.5.0
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 5.4.0.1082
HP Service Manager 9.30 Client
IBM System Storage DS Command Line Interface
IBM XIV Storage Management GUI
iCloud
Image Resizer Powertoy Clone for Windows (64 bit)
Imprivata OneSign 64-bit Agent
iTunes
Java 7 Update 40
Java Auto Updater
Java 6 Update 45
JGoodies JDiskReport 1.3.2
KeePass Password Safe 2.19
kuler
LAME v3.99.3 (for Windows)
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
MDI To TIFF File Converter
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Antimalware
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Corporation
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Endpoint Protection 2010 Server Management
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft LifeCam
Microsoft Lync 2010
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2013
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft Policy Platform
Microsoft PowerPoint MUI (English) 2013
Microsoft Project Professional 2010
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Silverlight
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft Word MUI (English) 2013
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
Navisphere CLI
Navisphere Off-Array Management Server 6.26.32.0.72
NetApp OnCommand System Manager 2.0
NetApp System Manager 1.1
Notepad++
Octopus
Octoshape add-in for Adobe Flash Player
Online Plug-in
OPNET AppResponse Xpert 8.6.2
Orb Runtime libraries
Outils de vérification linguistique 2013 de Microsoft Office - Français
PCL Printer Driver Uninstaller
PDF Settings CS4
Photoshop Camera Raw
Photoshop Camera Raw_x64
Quest ActiveRoles Management Shell for Active Directory (x64)
Quest PowerGUI® 3.2
Quick View Folder Size 3.0
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RVTools
SafeNet Authentication Client 8.0 SP2
SafeNet Authentication Manager Client 8.0 SP1
SCCM Client Center
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Lync 2013 (KB2817465) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2817623) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2345000)
Self-service Plug-in
SequoiaView
Skype™ 6.5
Snagit 10
SolarWinds Permissions Analyzer for Active Directory
SpaceMonger 2.1.1
Stanza
Suite Shared Configuration CS4
Synergy
System Center 2012 - Operations Manager Agent
TrueCrypt
UltraMon
Unisphere Server Utility 1.1.0.10366
Unisphere Service Manager 1.1.0.10387
Unreal Tournament G.O.T.Y. Edition
VLC media player 1.1.8
VMware View Client
VMware VIX
VMware vSphere Client 4.0
VMware vSphere Client 4.1
VMware vSphere Client 5.0
VMware vSphere PowerCLI
Windows Driver Package - HID Global (cxru0x64) SmartCardReader  (05/07/2010 1.2.3.1)
Windows Firewall Configuration Provider
WinSCP 4.3.7
.
==== Event Viewer Messages From Past Week ========
.
10/29/2013 5:38:20 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HealthService service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Remote Desktop Services UserMode Port Redirector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/29/2013 5:08:54 PM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2013 2:33:51 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2013 2:33:51 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2013 2:33:51 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2013 2:33:51 PM, Error: Service Control Manager [7031]  - The Offline Files service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2013 2:33:51 PM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
10/29/2013 2:33:51 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/29/2013 2:33:28 PM, Error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s).
10/29/2013 2:32:07 PM, Error: Service Control Manager [7034]  - The MSCamSvc service terminated unexpectedly.  It has done this 1 time(s).
10/29/2013 2:31:30 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/29/2013 2:31:26 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
10/28/2013 7:25:52 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {135D7881-D666-4046-A1DF-7EC7B5785A67}  and APPID  {AD65A69D-3831-40D7-9629-9B0B50A93843}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/28/2013 7:12:41 AM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
10/28/2013 7:11:17 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}  and APPID  {B292921D-AF50-400C-9B75-0C57A7F29BA1}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/28/2013 7:05:06 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.
10/28/2013 2:07:03 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
10/28/2013 2:05:49 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {05D1D5D8-18D1-4B83-85ED-A0F99D53C885}  and APPID  {AD65A69D-3831-40D7-9629-9B0B50A93843}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/28/2013 2:04:21 PM, Error: Service Control Manager [7022]  - The SMS Agent Host service hung on starting.
10/28/2013 11:57:51 AM, Error: TermDD [56]  - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 10.186.76.117.
10/26/2013 7:47:56 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.766.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/26/2013 3:48:30 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.796.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/26/2013 11:47:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.808.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/25/2013 7:47:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.683.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/25/2013 3:47:55 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.717.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/25/2013 11:47:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.743.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/24/2013 7:47:55 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.583.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/24/2013 3:47:45 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.621.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/24/2013 12:39:16 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.583.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/24/2013 11:47:55 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.653.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/24/2013 11:31:38 AM, Error: TermDD [56]  - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 10.252.6.115.
10/23/2013 7:47:53 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.494.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/23/2013 3:59:14 PM, Error: Microsoft-Windows-DistributedCOM [10009]  - DCOM was unable to communicate with the computer jhnasfs1 using any of the configured protocols.
10/23/2013 3:47:57 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.529.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/23/2013 12:38:03 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.494.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/23/2013 11:48:26 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.543.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/22/2013 3:47:56 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.436.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
10/22/2013 11:47:43 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.462.0   Update Source: Internal Definition Update Server   Update Stage: Search   Source Path: http://JHDCSDUS.win.ad.jhu.edu:80   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x80072ee2   Error description: The operation timed out 
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Please read the following and post back the log when ready

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Thank You,

 

00:

Rkill 2.6.2 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/31/2013 01:37:52 PM in x64 mode.
Windows Version: Windows 7 Enterprise 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\mjzraz\Desktop\rkill\rkill-10-31-2013-01-38-12.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * System Restore Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   "DisableSR" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Manual
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/31/2013 01:39:30 PM
Execution time: 0 hours(s), 1 minute(s), and 37 seconds(s)
 
01:
Backup Done
 
02:
RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : mjzraz [Admin rights]
Mode : Scan -- Date : 11/02/2013 07:50:42
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{4597603F-E5B0-4CE6-B5F4-054B9B4D901F} : NameServer (10.181.31.83,162.129.20.10 [(Private Address) (XX) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{4597603F-E5B0-4CE6-B5F4-054B9B4D901F} : NameServer (10.181.31.83,162.129.20.10 [(Private Address) (XX) - UNITED STATES (US)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{4597603F-E5B0-4CE6-B5F4-054B9B4D901F} : NameServer (10.181.31.83,162.129.20.10 [(Private Address) (XX) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] DiskMaintenance : C:\Windows\defrag_start.cmd [-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
Link to post
Share on other sites

  • Root Admin

That looks okay, Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Step 03

 

mbar-log-2013-11-03 (06-22-43).txt

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

 

Database version: v2013.11.03.01

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

mjzraz :: MTW-1RG6DP1 [administrator]

 

11/3/2013 6:22:43 AM

mbar-log-2013-11-03 (06-22-43).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | 

 

Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 416488

Time elapsed: 47 minute(s), 

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

system-log.txt

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7600 Windows 7 x64

 

Account is Administrative

 

Internet Explorer version: 8.0.7600.16385

 

Java version: 1.6.0_45

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.926000 GHz

Memory total: 4217819136, free: 1301061632

 

Downloaded database version: v2013.11.03.01

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

     11/03/2013 06:22:38

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\DRIVERS\pciide.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\vmstorfl.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\drivers\truecrypt.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\e1k62x64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\hamachi.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\ikeyenum.sys

\SystemRoot\System32\DRIVERS\scfilter.sys

\SystemRoot\system32\DRIVERS\aksifdh.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\dcdbas64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\ikeyifd.sys

\SystemRoot\system32\DRIVERS\SMCLIB.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\nx6000.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\MpNWMon.sys

\??\C:\Windows\system32\drivers\hcmon.sys

\SystemRoot\System32\Drivers\adfs.SYS

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\System32\drivers\rdpdr.sys

\SystemRoot\system32\drivers\tdtcp.sys

\SystemRoot\System32\DRIVERS\tssecsrv.sys

\SystemRoot\System32\Drivers\RDPWD.SYS

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\prepdrv.sys

\SystemRoot\System32\RDPDD.dll

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80047cb060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\

Lower Device Object: 0xfffffa800453b680

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80047cb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80047cbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80047cb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800453b680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: BCC523DB

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 487643136

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 487645184  Numsec = 614400

    Partition is not bootable

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 250000000000 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488261250-488281250)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_487645184_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

 

Step 04 JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 7 Enterprise x64

Ran by mjzraz on Sun 11/03/2013 at  7:53:01.87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bho.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\mjzraz\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/03/2013 at  8:00:00.64

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Step05:

 

# AdwCleaner v3.010 - Report created 03/11/2013 at 08:43:35

# Updated 20/10/2013 by Xplode

# Operating System : Windows 7 Enterprise  (64 bits)

# Username : mzaloud1 - MTW-1RG6DP1

# Running from : C:\Users\mjzraz\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.17267

 

 

-\\ Mozilla Firefox v24.0 (en-US)

 

[ File : C:\Users\mjzraz\AppData\Roaming\Mozilla\Firefox\Profiles\569tzti0.default\prefs.js ]

 

 

-\\ Google Chrome v30.0.1599.101

 

[ File : C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1624 octets] - [03/11/2013 08:43:33]

 

########## EOF - H:\AdwCleaner\AdwCleaner[R0].txt - [1684 octets] ##########

 

I am not sure if I should remove these registry entries found by Adwcleaner and chrome/firefox preferences files?

 

06, 07 Not completed yet

Link to post
Share on other sites

STEP 05 Completed

AdwCleaner[R2].txt

 

# AdwCleaner v3.010 - Report created 06/11/2013 at 09:23:07

# Updated 20/10/2013 by Xplode

# Operating System : Windows 7 Enterprise  (64 bits)

# Username : mjzraz - MTW-1RG6DP1

# Running from : C:\Users\mjzraz\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.7600.17267

 

 

-\\ Mozilla Firefox v24.0 (en-US)

 

[ File : C:\Users\mjzraz\AppData\Roaming\Mozilla\Firefox\Profiles\569tzti0.default\prefs.js ]

 

 

-\\ Google Chrome v30.0.1599.101

 

[ File : C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1766 octets] - [03/11/2013 08:43:55]

AdwCleaner[R2].txt - [818 octets] - [06/11/2013 09:23:05]

 

########## EOF - H:\AdwCleaner\AdwCleaner[R2].txt - [877 octets] ##########

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.06.06

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

mjzraz :: MTW-1RG6DP1 [administrator]

 

11/6/2013 9:26:35 AM

mbam-log-2013-11-06 (09-26-35).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 369255

Time elapsed: 11 minute(s), 59 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

STEP 06

ESET log:

C:\mjzraz\backup\documents\Downloads\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application

C:\mjzraz\Tools\spyware\SDFix.exe Win32/PrcView application

C:\Users\mjzraz\Desktop\New folder\Downloads\registrybooster.exe Win32/RegistryBooster application

C:\Users\mjzraz\Downloads\winscp437setup-sponsored.exe Win32/OpenCandy application

 

STEP 07

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013

Ran by mjzraz (administrator) on MTW-1RG6DP1 on 06-11-2013 11:37:00

Running from C:\Users\mjzraz\Desktop

Windows 7 Enterprise (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Imprivata, Inc.) C:\Program Files (x86)\Imprivata\OneSign Agent\x64\SSOWOW64Bridge.exe

(Imprivata, Inc.) C:\Program Files (x86)\Imprivata\OneSign Agent\SSOManHost.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe

(Dell Inc.) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe

(EMC) C:\PROGRA~2\EMC\SERVER~1\REGSER~1.EXE

(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe

(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe

(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe

(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe

(Microsoft Corp.) C:\Program Files\System Center Operations Manager\Agent\HealthService.exe

(Microsoft Corporation) C:\Windows\CCM\TSManager.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corp.) C:\Program Files\System Center Operations Manager\Agent\MonitoringHost.exe

(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

() C:\Program Files\Synergy\synergys.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Apoint] - \DellTPad\Apoint.exe

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)

HKLM\...\Run: [sACMonitor] - C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [1227464 2011-01-13] (SafeNet, Inc.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)

HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)

HKCU\...\Run: [Lync] - C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [18621088 2013-06-13] (Microsoft Corporation)

MountPoints2: {061a3edb-64c8-11e2-abb0-782bcb856567} - E:\LaunchU3.exe -a

MountPoints2: {2ea5dca5-556e-11e0-8365-806e6f6e6963} - D:\.\LiteBox\lbxstart.exe /O=US /L

HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1895424 2012-05-01] (Dominik Reichl)

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)

AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)

Startup: C:\Users\mjzraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\mjzraz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\mjzraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\mjzraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO: SSO Screen Change Support BHO - {A04C360C-43EB-433F-921C-C2037975A350} - C:\Program Files (x86)\Imprivata\OneSign Agent\x64\BHO_Events64.dll (Imprivata, Inc.)

BHO: SSO Browser Helper Object - {A683EEA9-ECFA-45A2-BCA9-7D9D54AD58AE} - C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXBHO64.dll (Imprivata, Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: SSO Screen Change Support BHO - {A04C360C-43EB-433F-921C-C2037975A350} - C:\Program Files (x86)\Imprivata\OneSign Agent\BHO_Events.dll (Imprivata, Inc.)

BHO-x32: SSO Browser Helper Object - {A683EEA9-ECFA-45A2-BCA9-7D9D54AD58AE} - C:\Program Files (x86)\Imprivata\OneSign Agent\ISXBHO.dll (Imprivata, Inc.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://emcsupport2.webex.com/client/T27LD/support/ieatgpc1.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.200.1.1 10.200.2.2

Tcpip\..\Interfaces\{4597603F-E5B0-4CE6-B5F4-054B9B4D901F}: [NameServer]10.181.31.83,162.129.20.10

 

FireFox:

========

FF ProfilePath: C:\Users\mjzraz\AppData\Roaming\Mozilla\Firefox\Profiles\569tzti0.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()

FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\mjzraz\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

 

Chrome: 

=======


CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Adblock Plus) - C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0

CHR Extension: (Google Search) - C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Search by Image (by Google)) - C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0

CHR Extension: (LogMeIn Please) - C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\knjbhppdkkngbhfagacbgecnilnjdffj\2.5.1025_0

CHR Extension: (Gmail) - C:\Users\mjzraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-01-11] (Adobe Systems)

S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [408264 2013-03-22] (Microsoft Corporation)

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1840208 2012-11-21] (Microsoft Corporation)

R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [633952 2012-11-21] (Microsoft Corporation)

R2 dcevt64; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [222168 2011-01-21] (Dell Inc.)

R2 dcstor64; C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [293336 2011-01-21] (Dell Inc.)

R2 HealthService; C:\Program Files\System Center Operations Manager\Agent\HealthService.exe [25200 2012-10-30] (Microsoft Corp.)

S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)

S2 NaviGovernor; C:\Program Files\EMC\ManagementServer\NaviGovernor.exe [0 ] ()

R2 NavisphereRegistration; C:\PROGRA~2\EMC\SERVER~1\REGSER~1.EXE [1843200 2010-12-31] (EMC)

S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)

S3 PSEXESVC; C:\Windows\PSEXESVC.EXE [181000 2012-06-11] (Sysinternals)

R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [8904 2011-01-13] (SafeNet, Inc.)

S3 smstsmgr; C:\Windows\CCM\TSManager.exe [402000 2012-11-21] (Microsoft Corporation)

R2 SSOManHost; C:\Program Files (x86)\Imprivata\OneSign Agent\SSOManHost.exe [79232 2013-02-28] (Imprivata, Inc.)

R2 SSOWOW64Bridge; C:\Program Files (x86)\Imprivata\OneSign Agent\x64\SSOWOW64Bridge.exe [43392 2013-02-28] (Imprivata, Inc.)

R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2370560 2012-05-02] (VMware, Inc.)

S3 ypbind; C:\Windows\SysWOW64\ypbindservice.exe [61440 2013-02-08] ()

 

==================== Drivers (Whitelisted) ====================

 

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.)

S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.)

S3 d554gps; C:\Windows\system32\DRIVERS\d554gps64.sys [96296 2010-12-20] (Ericsson AB)

R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2010-10-21] (Dell Inc.)

S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-12-20] (Ericsson AB)

S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-12-20] (Ericsson AB)

R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2010-03-18] (SafeNet, Inc.)

R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2010-03-18] (SafeNet, Inc.)

S3 Mbm3DevMt; C:\Windows\system32\DRIVERS\Mbm3DevMt.sys [416328 2010-12-20] (MCCI Corporation)

R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)

R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)

S3 qcfilterdl2k; C:\Windows\system32\DRIVERS\qcfilterdl2k.sys [6400 2010-12-20] (QUALCOMM Incorporated)

S3 qcusbserdl2k; C:\Windows\system32\DRIVERS\qcusbserdl2k.sys [121600 2010-12-20] (QUALCOMM Incorporated)

R2 UltraMonUtility; C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [20512 2008-11-14] (Realtime Soft Ltd)

U5 MBAMSwissArmy; C:\Windows\SysWOW64\Drivers\MBAMSwissArmy.sys [38224 2010-12-20] (Malwarebytes Corporation)

U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2010-03-18] (SafeNet, Inc.)

S3 vmwvusb; System32\Drivers\vmwvusb.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-11-06 11:36 - 2013-11-06 11:36 - 00000000 ____D C:\FRST

2013-11-06 11:34 - 2013-11-06 11:34 - 01957098 _____ (Farbar) C:\Users\mjzraz\Downloads\FRST64.exe

2013-11-06 11:34 - 2013-11-06 11:34 - 01957098 _____ (Farbar) C:\Users\mjzraz\Desktop\FRST64.exe

2013-11-06 11:32 - 2013-11-06 11:33 - 00000361 _____ C:\Users\mjzraz\Desktop\threats.txt

2013-11-06 09:50 - 2013-11-06 09:50 - 00000000 ____D C:\Program Files (x86)\ESET

2013-11-06 09:49 - 2013-11-06 09:49 - 02347384 _____ (ESET) C:\Users\mjzraz\Downloads\esetsmartinstaller_enu.exe

2013-11-05 12:11 - 2013-11-05 12:11 - 00001338 _____ C:\Users\mjzraz\Desktop\jhexfs_share_20131105.txt

2013-11-05 08:55 - 2013-11-06 09:20 - 00000000 ____D C:\Users\mjzraz\AppData\Local\CrashDumps

2013-11-03 08:42 - 2013-11-03 08:42 - 01060070 _____ C:\Users\mjzraz\Downloads\AdwCleaner.exe

2013-11-03 08:00 - 2013-11-03 08:00 - 00001708 _____ C:\Users\mjzraz\Desktop\JRT.txt

2013-11-03 07:52 - 2013-11-03 07:52 - 00000000 ____D C:\Windows\ERUNT

2013-11-03 07:50 - 2013-11-03 07:49 - 01033335 _____ (Thisisu) C:\Users\mjzraz\Desktop\JRT.exe

2013-11-03 07:49 - 2013-11-03 07:49 - 01033335 _____ (Thisisu) C:\Users\mjzraz\Downloads\JRT.exe

2013-11-03 06:22 - 2013-11-03 07:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-03 06:21 - 2013-11-03 06:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-03 06:15 - 2013-11-03 06:15 - 00000000 ____D C:\Users\mjzraz\Desktop\mbar

2013-11-03 06:12 - 2013-11-03 06:13 - 12576792 _____ (Malwarebytes Corp.) C:\Users\mjzraz\Downloads\mbar-1.07.0.1007.exe

2013-11-03 06:12 - 2013-11-03 06:12 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CommVault

2013-11-02 07:46 - 2013-11-02 07:46 - 00003942 _____ C:\Users\mjzraz\Downloads\galaxy (8).jnlp

2013-11-02 06:50 - 2013-11-02 06:56 - 00002688 _____ C:\Users\mjzraz\Desktop\RKreport[0]_S_11022013_075042.txt

2013-11-02 06:47 - 2013-11-02 06:57 - 00000000 ____D C:\Users\mjzraz\Desktop\RK_Quarantine

2013-11-02 06:46 - 2013-11-02 06:47 - 04012032 _____ C:\Users\mjzraz\Downloads\RogueKillerX64 (1).exe

2013-11-02 06:27 - 2013-11-02 06:27 - 04012032 _____ C:\Users\mjzraz\Downloads\RogueKillerX64.exe

2013-11-02 06:26 - 2013-11-02 06:26 - 00000000 ____D C:\Windows\ERDNT

2013-11-02 06:26 - 2013-11-02 06:26 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-11-02 06:24 - 2013-11-02 06:25 - 00791393 _____ (Lars Hederer                                                ) C:\Users\mjzraz\Downloads\erunt-setup.exe

2013-11-01 18:45 - 2013-11-01 18:45 - 00003942 _____ C:\Users\mjzraz\Downloads\galaxy (1).jnlp

2013-10-31 12:38 - 2013-10-31 12:38 - 00000000 ____D C:\Users\mjzraz\Desktop\rkill

2013-10-31 12:33 - 2013-10-31 12:31 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\mjzraz\Desktop\rkill.exe

2013-10-31 12:31 - 2013-10-31 12:31 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\mjzraz\Downloads\rkill.exe

2013-10-30 13:29 - 2013-10-30 13:29 - 00891172 _____ C:\Users\mjzraz\Downloads\SecurityCheck.exe

2013-10-29 16:30 - 2013-10-29 16:32 - 00688992 ____R (Swearware) C:\Users\mjzraz\Desktop\dds.com

2013-10-29 16:29 - 2013-10-29 16:32 - 00688992 _____ (Swearware) C:\Users\mjzraz\Downloads\dds.com

2013-10-29 08:02 - 2013-10-01 12:26 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-10-29 08:02 - 2013-10-01 12:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-10-29 08:02 - 2013-10-01 12:26 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-10-29 07:08 - 2013-10-29 07:08 - 00000000 ____D C:\Program Files\System Center Operations Manager

2013-10-29 07:01 - 2013-10-29 07:10 - 00000000 ____D C:\_SMSTaskSequence

2013-10-28 13:18 - 2009-08-19 22:50 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll

2013-10-28 06:33 - 2013-10-28 06:33 - 00000000 ____D C:\Program Files\Windows Firewall Configuration Provider

2013-10-28 06:29 - 2013-10-28 06:29 - 00004764 _____ C:\Windows\system32\CcmFramework.ini

2013-10-28 06:29 - 2013-10-28 06:29 - 00000704 _____ C:\Windows\system32\InstallUtil.InstallLog

2013-10-28 06:29 - 2013-10-28 06:29 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-28 06:27 - 2013-10-29 08:01 - 00000000 ____D C:\Windows\ccmcache

2013-10-28 06:27 - 2013-10-28 06:31 - 00000000 ____D C:\Windows\CCM

2013-10-28 06:27 - 2013-10-28 06:27 - 00000000 ____D C:\Windows\ms

2013-10-28 06:25 - 2013-10-28 06:25 - 00000000 ____D C:\Program Files\Microsoft Policy Platform

2013-10-28 05:52 - 2013-10-28 05:52 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-10-23 14:57 - 2013-10-23 14:57 - 25624576 _____ C:\security.evt

2013-10-23 13:49 - 2013-10-23 13:49 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\webex

2013-10-21 10:02 - 2013-11-05 09:04 - 00000995 _____ C:\Users\pbearma1053\Desktop\Quick View Folder Size.lnk

2013-10-17 06:33 - 2013-10-17 06:33 - 00089600 _____ C:\Users\mjzraz\Desktop\File Services (JHDFS) downtime 4AM 10 17 - Change C18268.msg

 

==================== One Month Modified Files and Folders =======

 

2013-11-06 11:36 - 2013-11-06 11:36 - 00000000 ____D C:\FRST

2013-11-06 11:34 - 2013-11-06 11:34 - 01957098 _____ (Farbar) C:\Users\mjzraz\Downloads\FRST64.exe

2013-11-06 11:34 - 2013-11-06 11:34 - 01957098 _____ (Farbar) C:\Users\mjzraz\Desktop\FRST64.exe

2013-11-06 11:33 - 2013-11-06 11:32 - 00000361 _____ C:\Users\mjzraz\Desktop\threats.txt

2013-11-06 11:20 - 2011-05-10 12:06 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-06 11:01 - 2010-06-17 10:29 - 00001720 _____ C:\Windows\system32\config\netlogon.ftl

2013-11-06 10:20 - 2011-03-23 11:57 - 01144589 _____ C:\Windows\WindowsUpdate.log

2013-11-06 09:50 - 2013-11-06 09:50 - 00000000 ____D C:\Program Files (x86)\ESET

2013-11-06 09:49 - 2013-11-06 09:49 - 02347384 _____ (ESET) C:\Users\mjzraz\Downloads\esetsmartinstaller_enu.exe

2013-11-06 09:20 - 2013-11-05 08:55 - 00000000 ____D C:\Users\mjzraz\AppData\Local\CrashDumps

2013-11-06 09:10 - 2013-09-06 11:33 - 00004962 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {3c84602b-0e18-416d-a336-845a6e08507d} systemname

2013-11-06 09:09 - 2011-03-31 12:42 - 00002042 ____H C:\Users\mjzraz\Documents\Default.rdp

2013-11-06 02:20 - 2011-04-06 01:03 - 00037871 _____ C:\Windows\post_analyze_defrag.log

2013-11-06 02:04 - 2011-04-06 01:00 - 00037992 _____ C:\Windows\pre_analyze_defrag.log

2013-11-06 00:20 - 2011-05-10 12:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-05 14:46 - 2011-03-31 12:04 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\VMware

2013-11-05 12:11 - 2013-11-05 12:11 - 00001338 _____ C:\Users\mjzraz\Desktop\jhexfs_share_20131105.txt

2013-11-05 09:04 - 2013-10-21 10:02 - 00000995 _____ C:\Users\pbearma1053\Desktop\Quick View Folder Size.lnk

2013-11-05 09:04 - 2012-09-21 11:09 - 00000995 _____ C:\Users\mjzraz007\Desktop\Quick View Folder Size.lnk

2013-11-05 09:04 - 2011-08-03 09:53 - 00000995 _____ C:\Users\mjzraz\Desktop\Quick View Folder Size.lnk

2013-11-05 09:04 - 2011-04-05 13:07 - 00000995 _____ C:\Users\mvarga1\Desktop\Quick View Folder Size.lnk

2013-11-05 09:04 - 2011-04-05 13:07 - 00000995 _____ C:\Users\Administrator\Desktop\Quick View Folder Size.lnk

2013-11-05 09:04 - 2011-04-05 13:07 - 00000000 ____D C:\Program Files (x86)\Quick View Folder Size

2013-11-05 09:01 - 2011-04-12 09:03 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\vlc

2013-11-05 08:46 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-11-04 18:51 - 2009-07-13 23:45 - 00016176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-04 18:51 - 2009-07-13 23:45 - 00016176 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-03 08:42 - 2013-11-03 08:42 - 01060070 _____ C:\Users\mjzraz\Downloads\AdwCleaner.exe

2013-11-03 08:00 - 2013-11-03 08:00 - 00001708 _____ C:\Users\mjzraz\Desktop\JRT.txt

2013-11-03 07:52 - 2013-11-03 07:52 - 00000000 ____D C:\Windows\ERUNT

2013-11-03 07:49 - 2013-11-03 07:50 - 01033335 _____ (Thisisu) C:\Users\mjzraz\Desktop\JRT.exe

2013-11-03 07:49 - 2013-11-03 07:49 - 01033335 _____ (Thisisu) C:\Users\mjzraz\Downloads\JRT.exe

2013-11-03 07:44 - 2013-11-03 06:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-03 06:21 - 2013-11-03 06:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-03 06:15 - 2013-11-03 06:15 - 00000000 ____D C:\Users\mjzraz\Desktop\mbar

2013-11-03 06:13 - 2013-11-03 06:12 - 12576792 _____ (Malwarebytes Corp.) C:\Users\mjzraz\Downloads\mbar-1.07.0.1007.exe

2013-11-03 06:12 - 2013-11-03 06:12 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CommVault

2013-11-03 05:49 - 2013-09-30 18:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-03 05:49 - 2013-09-05 13:51 - 00000000 ____D C:\Users\mjzraz\AppData\Local\Mozilla

2013-11-03 05:49 - 2013-09-05 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-11-02 07:46 - 2013-11-02 07:46 - 00003942 _____ C:\Users\mjzraz\Downloads\galaxy (8).jnlp

2013-11-02 06:57 - 2013-11-02 06:47 - 00000000 ____D C:\Users\mjzraz\Desktop\RK_Quarantine

2013-11-02 06:56 - 2013-11-02 06:50 - 00002688 _____ C:\Users\mjzraz\Desktop\RKreport[0]_S_11022013_075042.txt

2013-11-02 06:47 - 2013-11-02 06:46 - 04012032 _____ C:\Users\mjzraz\Downloads\RogueKillerX64 (1).exe

2013-11-02 06:27 - 2013-11-02 06:27 - 04012032 _____ C:\Users\mjzraz\Downloads\RogueKillerX64.exe

2013-11-02 06:26 - 2013-11-02 06:26 - 00000000 ____D C:\Windows\ERDNT

2013-11-02 06:26 - 2013-11-02 06:26 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-11-02 06:25 - 2013-11-02 06:24 - 00791393 _____ (Lars Hederer                                                ) C:\Users\mjzraz\Downloads\erunt-setup.exe

2013-11-02 06:19 - 2011-03-28 09:10 - 00000000 ___RD C:\Users\mjzraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-11-02 06:18 - 2012-05-07 13:22 - 00000600 _____ C:\Users\mjzraz\AppData\Roaming\winscp.rnd

2013-11-02 06:15 - 2011-05-03 14:53 - 00000600 _____ C:\Users\mjzraz\AppData\Local\PUTTY.RND

2013-11-01 18:45 - 2013-11-01 18:45 - 00003942 _____ C:\Users\mjzraz\Downloads\galaxy (1).jnlp

2013-11-01 17:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

2013-10-31 16:36 - 2011-07-08 18:49 - 00000000 ____D C:\ProgramData\WebEx

2013-10-31 12:52 - 2011-07-08 18:49 - 00227344 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe

2013-10-31 12:52 - 2011-07-08 18:49 - 00137232 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

2013-10-31 12:38 - 2013-10-31 12:38 - 00000000 ____D C:\Users\mjzraz\Desktop\rkill

2013-10-31 12:31 - 2013-10-31 12:33 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\mjzraz\Desktop\rkill.exe

2013-10-31 12:31 - 2013-10-31 12:31 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\mjzraz\Downloads\rkill.exe

2013-10-30 13:29 - 2013-10-30 13:29 - 00891172 _____ C:\Users\mjzraz\Downloads\SecurityCheck.exe

2013-10-29 17:15 - 2011-03-28 09:10 - 00000000 ____D C:\Users\mjzraz

2013-10-29 16:32 - 2013-10-29 16:30 - 00688992 ____R (Swearware) C:\Users\mjzraz\Desktop\dds.com

2013-10-29 16:32 - 2013-10-29 16:29 - 00688992 _____ (Swearware) C:\Users\mjzraz\Downloads\dds.com

2013-10-29 16:32 - 2011-04-14 16:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-29 16:11 - 2009-07-13 23:51 - 00039078 _____ C:\Windows\setupact.log

2013-10-29 08:02 - 2013-09-30 22:00 - 00018794 _____ C:\Windows\jre_v16045.log

2013-10-29 08:01 - 2013-10-28 06:27 - 00000000 ____D C:\Windows\ccmcache

2013-10-29 07:33 - 2010-06-17 10:31 - 00049506 __RSH C:\ProgramData\ntuser.pol

2013-10-29 07:10 - 2013-10-29 07:01 - 00000000 ____D C:\_SMSTaskSequence

2013-10-29 07:10 - 2009-07-14 00:13 - 00773876 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-29 07:09 - 2012-11-29 03:04 - 00254620 _____ C:\Windows\SCOM2012.log

2013-10-29 07:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-10-29 07:09 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-10-29 07:08 - 2013-10-29 07:08 - 00000000 ____D C:\Program Files\System Center Operations Manager

2013-10-29 07:06 - 2012-11-29 03:02 - 00057040 _____ C:\Windows\omci8.0.1_install.log

2013-10-28 23:52 - 2010-06-17 10:32 - 00000000 ____D C:\Windows\ccmsetup

2013-10-28 15:03 - 2011-10-14 08:14 - 00001976 _____ C:\Users\mjzraz\Desktop\logon scripts.lnk

2013-10-28 15:03 - 2011-08-03 09:50 - 00002560 _____ C:\Users\mjzraz\Desktop\quick-view-folder-size.exe - Shortcut.lnk

2013-10-28 13:09 - 2010-06-17 10:34 - 00000569 _____ C:\Windows\SMSCFG.ini

2013-10-28 13:05 - 2011-05-11 13:50 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\Dropbox

2013-10-28 13:03 - 2011-05-11 13:52 - 00000000 ___RD C:\Users\mjzraz\Dropbox

2013-10-28 13:02 - 2011-05-31 14:31 - 00000000 ____D C:\Users\mjzraz\AppData\Local\LogMeIn Hamachi

2013-10-28 12:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-28 08:21 - 2011-03-28 15:35 - 00004316 __RSH C:\Users\mjzraz\ntuser.pol

2013-10-28 06:33 - 2013-10-28 06:33 - 00000000 ____D C:\Program Files\Windows Firewall Configuration Provider

2013-10-28 06:31 - 2013-10-28 06:27 - 00000000 ____D C:\Windows\CCM

2013-10-28 06:29 - 2013-10-28 06:29 - 00004764 _____ C:\Windows\system32\CcmFramework.ini

2013-10-28 06:29 - 2013-10-28 06:29 - 00000704 _____ C:\Windows\system32\InstallUtil.InstallLog

2013-10-28 06:29 - 2013-10-28 06:29 - 00000621 _____ C:\Windows\system32\CcmFramework.h

2013-10-28 06:27 - 2013-10-28 06:27 - 00000000 ____D C:\Windows\ms

2013-10-28 06:26 - 2010-06-17 10:34 - 00000000 ____D C:\Windows\SysWOW64\CCM

2013-10-28 06:25 - 2013-10-28 06:25 - 00000000 ____D C:\Program Files\Microsoft Policy Platform

2013-10-28 06:06 - 2013-04-11 03:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-28 06:06 - 2013-04-11 03:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-28 05:52 - 2013-10-28 05:52 - 00000000 __SHD C:\Windows\system32\%APPDATA%

2013-10-28 05:51 - 2010-06-17 11:24 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-25 17:00 - 2011-03-31 10:40 - 00193165 _____ C:\Windows\DCSMonitor.log

2013-10-24 08:48 - 2012-08-27 14:16 - 00112408 _____ C:\Users\mjzraz007\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-23 14:57 - 2013-10-23 14:57 - 25624576 _____ C:\security.evt

2013-10-23 13:49 - 2013-10-23 13:49 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\webex

2013-10-22 10:07 - 2013-08-28 11:19 - 00010979 _____ C:\Users\mjzraz\acelive.ini

2013-10-19 10:15 - 2012-08-23 15:27 - 00000000 ____D C:\Users\mjzraz\AppData\Roaming\KeePass

2013-10-17 08:36 - 2013-08-28 11:38 - 00044077 _____ C:\Users\mjzraz\Desktop\Project-1.npp

2013-10-17 06:33 - 2013-10-17 06:33 - 00089600 _____ C:\Users\mjzraz\Desktop\File Services (JHDFS) downtime 4AM 10 17 - Change C18268.msg

2013-10-16 12:52 - 2012-07-31 14:17 - 00000000 ____D C:\Users\mjzraz\AppData\Local\Citrix

2013-10-12 23:15 - 2011-05-10 12:06 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-12 23:15 - 2011-05-10 12:06 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-08 14:40 - 2011-03-23 11:54 - 00039312 _____ C:\Windows\PFRO.log

 

Some content of TEMP:

====================

C:\Users\mjzraz\AppData\Local\Temp\ARCompanionForSession2.exe

C:\Users\mjzraz\AppData\Local\Temp\ConfigurationWizard.exe

C:\Users\mjzraz\AppData\Local\Temp\icd53vit.dll

C:\Users\mjzraz\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\mjzraz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\mjzraz\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe

C:\Users\mjzraz\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\mjzraz\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\mjzraz\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\mjzraz\AppData\Local\Temp\JREInstall160_37.exe

C:\Users\mjzraz\AppData\Local\Temp\MDSInstall.dll

C:\Users\mjzraz\AppData\Local\Temp\ntdll_dump.dll

C:\Users\mjzraz\AppData\Local\Temp\pylC9B6.tmp.exe

C:\Users\mjzraz\AppData\Local\Temp\setup_3.06.0059.exe

C:\Users\mjzraz\AppData\Local\Temp\setup_3.07.0084.exe

C:\Users\mjzraz\AppData\Local\Temp\setup_3.08.0065.exe

C:\Users\mjzraz\AppData\Local\Temp\setup_3.08.0066.exe

C:\Users\mjzraz\AppData\Local\Temp\setup_3.11.0003.exe

C:\Users\mjzraz\AppData\Local\Temp\setup_3.15.0044.exe

C:\Users\mjzraz\AppData\Local\Temp\setup_3.16.0025.exe

C:\Users\mjzraz\AppData\Local\Temp\SkypeSetup.exe

C:\Users\mjzraz\AppData\Local\Temp\swt-win32-3448.dll

C:\Users\mjzraz\AppData\Local\Temp\xmlUpdater.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-10-30 23:21

 

==================== End Of Log ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013

Ran by mjzraz at 2013-11-06 11:39:42

Running from C:\Users\mjzraz\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Forefront Endpoint Protection 2010 (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}

AS: Microsoft Forefront Endpoint Protection 2010 (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

 

==================== Installed Programs ======================

 

Acrobat.com (x32 Version: 2.1.0)

Acrobat.com (x32 Version: 2.1.0.0)

Adobe Acrobat 9 Pro (x32 Version: 9.5.5)

Adobe Acrobat 9.5.5 - CPSID_83708 (x32)

Adobe AIR (x32 Version: 2.0.2.12610)

Adobe Anchor Service CS4 (x32 Version: 2.0)

Adobe Anchor Service x64 CS4 (Version: 2.0)

Adobe Bridge 1.0 (x32 Version: 001.000.000)

Adobe Bridge CS4 (x32 Version: 3)

Adobe CMaps CS4 (x32 Version: 2.0)

Adobe CMaps x64 CS4 (Version: 2.0)

Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)

Adobe Color EU Extra Settings CS4 (x32 Version: 2.0)

Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)

Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0)

Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)

Adobe Common File Installer (x32 Version: 1.00.0000)

Adobe CSI CS4 (x32 Version: 1)

Adobe CSI CS4 x64 (Version: 1)

Adobe Default Language CS4 (x32 Version: 2.0)

Adobe Device Central CS4 (x32 Version: 2)

Adobe Drive CS4 (x32 Version: 1)

Adobe Drive CS4 x64 (Version: 1)

Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)

Adobe Extension Manager CS4 (x32 Version: 2.0)

Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.168)

Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171)

Adobe Fonts All (x32 Version: 2.0)

Adobe Fonts All x64 (Version: 2.0)

Adobe Help Center 1.0 (x32 Version: 001.000.000)

Adobe Linguistics CS4 (x32 Version: 4.0.0)

Adobe Linguistics CS4 x64 (Version: 4.0.0)

Adobe Media Player (x32 Version: 0.0.0)

Adobe Media Player (x32 Version: 1.1)

Adobe Output Module (x32 Version: 2.0)

Adobe PDF Library Files CS4 (x32 Version: 9.0)

Adobe PDF Library Files x64 CS4 (Version: 9.0)

Adobe Photoshop CS2 (x32 Version: 9.0)

Adobe Photoshop CS4 (64 Bit) (Version: 11.0)

Adobe Photoshop CS4 (x32 Version: 11.0)

Adobe Photoshop CS4 Support (x32 Version: 11.0)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)

Adobe Search for Help (x32 Version: 1.0)

Adobe Service Manager Extension (x32 Version: 1.0)

Adobe Setup (x32 Version: 2.0)

Adobe Stock Photos 1.0 (x32 Version: 001.000.000)

Adobe Type Support CS4 (x32 Version: 9.0)

Adobe Type Support x64 CS4 (Version: 9.0)

Adobe Update Manager CS4 (x32 Version: 6.0.0)

Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)

Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)

Adobe XMP Panels CS4 (x32 Version: 2.0)

AdobeColorCommonSetCMYK (x32 Version: 2.0)

AdobeColorCommonSetRGB (x32 Version: 2.0)

AIM 7 (x32)

Alertus Desktop Alert (x32 Version: 3.0.3.156)

Apple Application Support (x32 Version: 2.1.7)

Apple Mobile Device Support (Version: 5.1.1.4)

Apple Software Update (x32 Version: 2.1.3.127)

Audacity 2.0.3 (x32 Version: 2.0.3)

Bomgar Representative Console 12.3.2 [mysupport.jhmi.edu] (HKCU Version: 12.3.2)

Bonjour (Version: 3.0.0.10)

Bonjour Print Services (Version: 2.0.2.0)

Celerra Monitor V2.3 on 10.15.90.50 (HKCU)

Celerra Monitor V2.3 on 10.173.6.100 (HKCU)

Celerra Monitor V2.3 on 10.173.6.103 (HKCU)

CelerraCifsMgmt v4.4.0.7 (x32 Version: 4.4.0.7)

Cisco Fabric Manager - 10.181.167.120 (HKCU)

Cisco WebEx Meetings (x32)

Citrix Authentication Manager (x32 Version: 4.0.0.53726)

Citrix Online Launcher (x32 Version: 1.0.135)

Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25)

Citrix Receiver (x32 Version: 13.4.0.25)

Citrix Receiver Inside (x32 Version: 3.4.0.29585)

Citrix Receiver Updater (x32 Version: 3.4.0.29577)

Citrix Receiver(Aero) (x32 Version: 13.4.0.25)

Citrix Receiver(DV) (x32 Version: 13.4.0.25)

Citrix Receiver(USB) (x32 Version: 13.4.0.25)

Configuration Manager Client (Version: 5.00.7804.1000)

Connect (x32 Version: 1.0.0.1)

CyberLink PowerDVD 9.5 (x32 Version: 9.5.0.2910)

Dell OpenManage Client Instrumentation (Version: 8.0.1.150)

Dell Touchpad (Version: 7.1107.101.210)

Dropbox (HKCU Version: 2.0.22)

ERUNT 1.1j (x32)

ESET Online Scanner v3 (x32)

Evernote v. 5.0.2 (x32 Version: 5.0.2.1392)

FileZilla Client 3.5.0 (x32 Version: 3.5.0)

Google Chrome (x32 Version: 30.0.1599.101)

Google Earth (x32 Version: 7.1.1.1888)

Google Update Helper (x32 Version: 1.3.21.165)

GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)

HP Service Manager 9.30 Client (x32)

IBM System Storage DS Command Line Interface (x32 Version: 7.6.20.510)

IBM XIV Storage Management GUI (x32 Version: 4.2.0.0)

iCloud (Version: 1.1.0.40)

Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1)

Imprivata OneSign 64-bit Agent (Version: 4.7.005.34)

iTunes (Version: 10.6.0.40)

Java 7 Update 40 (x32 Version: 7.0.400)

Java Auto Updater (x32 Version: 2.1.9.8)

Java 6 Update 45 (x32 Version: 6.0.450)

JGoodies JDiskReport 1.3.2 (x32 Version: 1.3.2 (2009-12-18 11:57:44))

KeePass Password Safe 2.19 (x32)

kuler (x32 Version: 2.0)

LAME v3.99.3 (for Windows) (x32)

LogMeIn Hamachi (x32 Version: 2.2.0.58)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MDI To TIFF File Converter (x32 Version: 12.0.6661.5002)

Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Antimalware (Version: 3.0.8107.0)

Microsoft Conferencing Add-in for Microsoft Office Outlook (x32 Version: 8.0.6362.201)

Microsoft Corporation (Version: 9.1.0.0)

Microsoft Corporation (x32 Version: 9.1.0.0)

Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Forefront Endpoint Protection 2010 (Version: 2.0.657.0)

Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 2.0.0657.0)

Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Lync 2010 (Version: 4.0.7577.4392)

Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.187)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)

Microsoft Office Project MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Project Professional 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)

Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017)

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Office Visio 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000)

Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Policy Platform (Version: 1.2.3602.0)

Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Project Professional 2010 (x32 Version: 14.0.4763.1000)

Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Microsoft Security Client (Version: 2.0.0657.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft Visio Professional 2010 (x32 Version: 14.0.4763.1000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual J# 2.0 Redistributable Package - SE (x64)

Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728)

Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017)

Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)

Mozilla Maintenance Service (x32 Version: 24.0)

Navisphere CLI (x32 Version: 1.2.0)

Navisphere Off-Array Management Server 6.26.32.0.72 (x32 Version: 26.32.0.72)

NetApp OnCommand System Manager 2.0 (x32 Version: 2.0)

NetApp System Manager 1.1 (x32 Version: 1.1)

Notepad++ (x32 Version: 5.6.6)

Octopus (x32 Version: 0.10.3.0)

Octoshape add-in for Adobe Flash Player (HKCU)

Online Plug-in (x32 Version: 13.4.0.25)

OPNET AppResponse Xpert 8.6.2 (HKCU)

Orb Runtime libraries (x32 Version: 1.0.0)

Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017)

PCL Printer Driver Uninstaller (Version: 6, 0, 0, 0)

PDF Settings CS4 (x32 Version: 9.0)

Photoshop Camera Raw (x32 Version: 5.0)

Photoshop Camera Raw_x64 (Version: 5.0)

Quest ActiveRoles Management Shell for Active Directory (x64) (Version: 1.5.1.2421)

Quest PowerGUI® 3.2 (x32 Version: 3.2.0.2237)

Quick View Folder Size 3.0 (x32)

QuickTime (x32 Version: 7.71.80.42)

Roxio Creator Audio (x32 Version: 3.7.0)

Roxio Creator Copy (x32 Version: 3.7.0)

Roxio Creator Data (x32 Version: 3.7.0)

Roxio Creator DE 10.3 (x32 Version: 10.3)

Roxio Creator DE 10.3 (x32 Version: 3.7.0)

Roxio Creator Tools (x32 Version: 3.7.0)

Roxio Express Labeler 3 (x32 Version: 3.2.2)

Roxio Update Manager (x32 Version: 6.0.0)

RVTools (x32 Version: 2.3.1)

SafeNet Authentication Client 8.0 SP2 (Version: 8.00.186.0)

SafeNet Authentication Manager Client 8.0 SP1 (Version: 8.0.110)

SCCM Client Center (Version: 2.0.4.2)

Self-service Plug-in (x32 Version: 3.4.0.33684)

SequoiaView (x32)

Skype™ 6.5 (x32 Version: 6.5.158)

Snagit 10 (x32 Version: 10.0.0)

SolarWinds Permissions Analyzer for Active Directory (x32 Version: 1.0.0.68)

SpaceMonger 2.1.1 (x32 Version: 2.1.1)

Stanza (x32)

Suite Shared Configuration CS4 (x32 Version: 1.0)

Synergy (x32 Version: 1.3.8)

System Center 2012 - Operations Manager Agent (Version: 7.0.9538.0)

TrueCrypt (x32 Version: 7.1a)

UltraMon (Version: 3.0.7)

Unisphere Server Utility 1.1.0.10366 (x32 Version: 1.1.0.10366)

Unisphere Service Manager 1.1.0.10387 (x32 Version: 1.1.0.10387)

Unreal Tournament G.O.T.Y. Edition (x32)

VLC media player 1.1.8 (x32 Version: 1.1.8)

VMware View Client (Version: 5.1.0.704644)

VMware VIX (x32 Version: 1.10.0.12331)

VMware vSphere Client 4.0 (x32 Version: 4.0.0.12305)

VMware vSphere Client 4.1 (x32 Version: 4.1.0.17435)

VMware vSphere Client 5.0 (x32 Version: 5.0.0.31955)

VMware vSphere PowerCLI (x32 Version: 5.1.0.4977)

Windows Driver Package - HID Global (cxru0x64) SmartCardReader  (05/07/2010 1.2.3.1) (Version: 05/07/2010 1.2.3.1)

Windows Firewall Configuration Provider (Version: 1.2.3412.0)

WinSCP 4.3.7 (x32 Version: 4.3.7)

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2012-03-09 16:27 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0B366921-0304-494F-ADCB-CDA1BE2FB831} - System32\Tasks\DiskMaintenance => C:\Windows\defrag_start.cmd [2007-04-30] ()

Task: {110D38C0-93DC-4319-8846-1CDF4D4F1400} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)

Task: {4E1D470F-EBB6-4282-9CF9-1B5C64F8CD2F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6F465DDB-5C21-4D7D-8F98-A179A2E56D85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {74205374-9D02-4C3D-9F2A-1A23EFE3BBE3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {3c84602b-0e18-416d-a336-845a6e08507d} systemname => C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE [2012-10-01] (Microsoft Corporation)

Task: {74783584-0484-408B-8933-0D8947F43608} - System32\Tasks\{90B23C67-1C0A-478A-BBE4-28CD2F9B9784} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.156/en/go/help.faq.installer?LastError=1618

Task: {95D37C7D-956A-4F92-B8F3-91CCC4EB157E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

Task: {99BF4CAB-6589-4C14-B5D3-9B81F2AB3044} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\CcmEval.exe [2012-11-21] (Microsoft Corporation)

Task: {C424C97C-AA7E-4001-B64A-0117F5077CF6} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection

Task: {E6ACB589-A125-4A64-A17A-954290292D90} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {FDFD6484-8F01-4A4C-91BF-80946BDFE9B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-10-26 14:18 - 2011-10-26 14:18 - 00011264 _____ () C:\Program Files\Synergy\synrgyhk.DLL

2012-10-01 19:34 - 2012-10-01 19:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2009-10-20 14:37 - 2009-10-20 14:37 - 00147456 _____ () C:\Program Files (x86)\Imprivata\OneSign Agent\ETSecure.dll

2009-10-20 14:37 - 2009-10-20 14:37 - 00059904 _____ () C:\Program Files (x86)\Imprivata\OneSign Agent\zlib1.dll

2012-04-19 11:43 - 2010-12-30 23:37 - 00057344 _____ () C:\Program Files (x86)\EMC\ServerUtility\Log.dll

2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-05-22 12:21 - 2011-05-22 12:21 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2012-10-01 19:33 - 2012-10-01 19:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-03-24 20:17 - 2010-03-24 20:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2013-10-18 19:33 - 2013-10-08 19:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll

2013-10-18 19:33 - 2013-10-08 19:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll

2013-10-18 19:33 - 2013-10-08 19:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll

2013-10-18 19:33 - 2013-10-08 19:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll

2013-10-18 19:33 - 2013-10-08 19:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/06/2013 11:34:39 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

 

Error: (11/06/2013 09:20:46 AM) (Source: Application Error) (User: )

Description: Faulting application name: AdwCleaner.exe, version: 3.0.1.0, time stamp: 0x4f25baec

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc000041d

Fault offset: 0x73fb4f0d

Faulting process id: 0xb7a70

Faulting application start time: 0xAdwCleaner.exe0

Faulting application path: AdwCleaner.exe1

Faulting module path: AdwCleaner.exe2

Report Id: AdwCleaner.exe3

 

Error: (11/05/2013 00:56:17 PM) (Source: Application Error) (User: )

Description: Faulting application name: Sequoia.exe, version: 0.0.0.0, time stamp: 0x2a425e19

Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e6605e

Exception code: 0x0eedfade

Fault offset: 0x0000c41f

Faulting process id: 0x4736c

Faulting application start time: 0xSequoia.exe0

Faulting application path: Sequoia.exe1

Faulting module path: Sequoia.exe2

Report Id: Sequoia.exe3

 

Error: (11/05/2013 09:02:00 AM) (Source: Application Error) (User: )

Description: Faulting application name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd

Faulting module name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd

Exception code: 0xc0000005

Fault offset: 0x00001818

Faulting process id: 0x3130c

Faulting application start time: 0xvlc.exe0

Faulting application path: vlc.exe1

Faulting module path: vlc.exe2

Report Id: vlc.exe3

 

Error: (11/05/2013 08:55:24 AM) (Source: Application Error) (User: )

Description: Faulting application name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd

Faulting module name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd

Exception code: 0xc0000005

Fault offset: 0x00001818

Faulting process id: 0x30188

Faulting application start time: 0xvlc.exe0

Faulting application path: vlc.exe1

Faulting module path: vlc.exe2

Report Id: vlc.exe3

 

Error: (11/05/2013 08:54:43 AM) (Source: Application Error) (User: )

Description: Faulting application name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd

Faulting module name: vlc.exe, version: 1.1.8.0, time stamp: 0x4d8945dd

Exception code: 0xc0000005

Fault offset: 0x00001818

Faulting process id: 0x2ecd4

Faulting application start time: 0xvlc.exe0

Faulting application path: vlc.exe1

Faulting module path: vlc.exe2

Report Id: vlc.exe3

 

Error: (11/03/2013 07:00:01 PM) (Source: Windows Backup) (User: )

Description: The backup did not complete because of an error writing to the backup location \\jhdfs\data\mikeztest$\. The error is: Your network credentials are not valid. (0x810000F6).

 

 

System errors:

=============

Error: (11/06/2013 11:34:37 AM) (Source: Kerberos) (User: )

Description: The kerberos SSPI package failed to find the smartcard certificate in the certificate store. To remedy, logon as user WIN\mjzraz and insert the smartcard into your smartcard reader, then use the Certificates snap-in to verify that the smartcard certificate is in the user's personal certificate store.

 

Error: (11/06/2013 10:23:54 AM) (Source: Kerberos) (User: )

Description: The kerberos SSPI package failed to find the smartcard certificate in the certificate store. To remedy, logon as user WIN\mjzraz and insert the smartcard into your smartcard reader, then use the Certificates snap-in to verify that the smartcard certificate is in the user's personal certificate store.

 

Error: (11/06/2013 09:10:49 AM) (Source: Kerberos) (User: )

Description: The kerberos SSPI package failed to find the smartcard certificate in the certificate store. To remedy, logon as user WIN\mjzraz and insert the smartcard into your smartcard reader, then use the Certificates snap-in to verify that the smartcard certificate is in the user's personal certificate store.

 

Error: (11/05/2013 00:31:49 AM) (Source: Kerberos) (User: )

Description: The kerberos SSPI package failed to find the smartcard certificate in the certificate store. To remedy, logon as user WIN\mjzraz and insert the smartcard into your smartcard reader, then use the Certificates snap-in to verify that the smartcard certificate is in the user's personal certificate store.

 

Error: (11/04/2013 10:58:16 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HealthService service.

 

Error: (11/04/2013 05:44:19 PM) (Source: DCOM) (User: )

Description: jhnasfs1

 

Error: (11/04/2013 00:59:38 PM) (Source: DCOM) (User: )

Description: JHNASEP1

 

Error: (11/04/2013 11:01:55 AM) (Source: DCOM) (User: )

Description: mtwnastest2

 

Error: (11/04/2013 11:01:38 AM) (Source: DCOM) (User: )

Description: mtwnastest1

 

Error: (11/04/2013 11:01:00 AM) (Source: Kerberos) (User: )

Description: The kerberos SSPI package failed to find the smartcard certificate in the certificate store. To remedy, logon as user WIN\mjzraz and insert the smartcard into your smartcard reader, then use the Certificates snap-in to verify that the smartcard certificate is in the user's personal certificate store.

 

 

Microsoft Office Sessions:

=========================

Error: (11/06/2013 11:34:39 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\mjzraz\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/06/2013 09:20:46 AM) (Source: Application Error)(User: )

Description: AdwCleaner.exe3.0.1.04f25baecunknown0.0.0.000000000c000041d73fb4f0db7a7001cedafa76c3b9caC:\Users\mjzraz\Downloads\AdwCleaner.exeunknowna0398469-46ee-11e3-a25f-782bcb856567

 

Error: (11/05/2013 00:56:17 PM) (Source: Application Error)(User: )

Description: Sequoia.exe0.0.0.02a425e19KERNELBASE.dll6.1.7600.1720650e6605e0eedfade0000c41f4736c01ceda4a2d57b752C:\Program Files\SequoiaView\Sequoia.exeC:\Windows\syswow64\KERNELBASE.dll91791b33-4643-11e3-a25f-782bcb856567

 

Error: (11/05/2013 09:02:00 AM) (Source: Application Error)(User: )

Description: vlc.exe1.1.8.04d8945ddvlc.exe1.1.8.04d8945ddc0000005000018183130c01ceda2f967f3e50C:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exed6a09278-4622-11e3-a25f-782bcb856567

 

Error: (11/05/2013 08:55:24 AM) (Source: Application Error)(User: )

Description: vlc.exe1.1.8.04d8945ddvlc.exe1.1.8.04d8945ddc0000005000018183018801ceda2eabcd664fC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exeeac8826f-4621-11e3-a25f-782bcb856567

 

Error: (11/05/2013 08:54:43 AM) (Source: Application Error)(User: )

Description: vlc.exe1.1.8.04d8945ddvlc.exe1.1.8.04d8945ddc0000005000018182ecd401ceda2e8e8a437eC:\Program Files (x86)\VideoLAN\VLC\vlc.exeC:\Program Files (x86)\VideoLAN\VLC\vlc.exed202a0b9-4621-11e3-a25f-782bcb856567

 

Error: (11/03/2013 07:00:01 PM) (Source: Windows Backup)(User: )

Description: \\jhdfs\data\mikeztest$\Your network credentials are not valid. (0x810000F6)

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-11-03 13:53:39.406

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 13:28:56.360

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 13:23:45.755

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 12:01:41.904

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 11:55:43.034

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 11:22:10.072

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 10:15:47.316

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 10:00:48.405

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 09:10:45.573

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-11-03 08:50:44.120

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 74%

Total physical RAM: 4022.43 MB

Available physical RAM: 1007.6 MB

Total Pagefile: 10021.56 MB

Available Pagefile: 5997.43 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: (SYSTEM) (Fixed) (Total:232.53 GB) (Free:26.25 GB) NTFS

Drive d: (OLB20130703_001) (CDROM) (Total:0.53 GB) (Free:0 GB) UDF

Drive h: (187) (Network) (Total:1024 GB) (Free:80.2 GB) NTFS

Drive z: (187) (Network) (Total:1024 GB) (Free:80.2 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BCC523DB)

Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)

 

==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Completed without the need for a reboot. 

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by mjzraz at 2013-11-07 09:28:01 Run:1
Running from C:\Users\mjzraz\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\mjzraz\backup\documents\Downloads\couponprinter.exe
C:\mjzraz\Tools\spyware\SDFix.exe
C:\Users\mjzraz\Desktop\New folder\Downloads\registrybooster.exe
C:\Users\mjzraz\Downloads\winscp437setup-sponsored.exe
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
MountPoints2: {061a3edb-64c8-11e2-abb0-782bcb856567} - E:\LaunchU3.exe -a
MountPoints2: {2ea5dca5-556e-11e0-8365-806e6f6e6963} - D:\.\LiteBox\lbxstart.exe /O=US /L
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
C:\Users\mjzraz\AppData\Local\Temp\ARCompanionForSession2.exe
C:\Users\mjzraz\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\mjzraz\AppData\Local\Temp\icd53vit.dll
C:\Users\mjzraz\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\mjzraz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\mjzraz\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\mjzraz\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\mjzraz\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\mjzraz\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\mjzraz\AppData\Local\Temp\JREInstall160_37.exe
C:\Users\mjzraz\AppData\Local\Temp\MDSInstall.dll
C:\Users\mjzraz\AppData\Local\Temp\ntdll_dump.dll
C:\Users\mjzraz\AppData\Local\Temp\pylC9B6.tmp.exe
C:\Users\mjzraz\AppData\Local\Temp\setup_3.06.0059.exe
C:\Users\mjzraz\AppData\Local\Temp\setup_3.07.0084.exe
C:\Users\mjzraz\AppData\Local\Temp\setup_3.08.0065.exe
C:\Users\mjzraz\AppData\Local\Temp\setup_3.08.0066.exe
C:\Users\mjzraz\AppData\Local\Temp\setup_3.11.0003.exe
C:\Users\mjzraz\AppData\Local\Temp\setup_3.15.0044.exe
C:\Users\mjzraz\AppData\Local\Temp\setup_3.16.0025.exe
C:\Users\mjzraz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\mjzraz\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\mjzraz\AppData\Local\Temp\xmlUpdater.exe
Task: {0B366921-0304-494F-ADCB-CDA1BE2FB831} - System32\Tasks\DiskMaintenance => C:\Windows\defrag_start.cmd [2007-04-30] ()
Task: {110D38C0-93DC-4319-8846-1CDF4D4F1400} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)
Task: {74783584-0484-408B-8933-0D8947F43608} - System32\Tasks\{90B23C67-1C0A-478A-BBE4-28CD2F9B9784} => Chrome.exe http://ui.skype.com/...?LastError=1618
Task: {FDFD6484-8F01-4A4C-91BF-80946BDFE9B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-10] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
 
 
 
*****************
 
"C:\mjzraz\backup\documents\Downloads\couponprinter.exe" => Moved successfully.
"C:\mjzraz\Tools\spyware\SDFix.exe" => Moved successfully.
C:\Users\mjzraz\Desktop\New folder\Downloads\registrybooster.exe => Moved successfully.
C:\Users\mjzraz\Downloads\winscp437setup-sponsored.exe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061a3edb-64c8-11e2-abb0-782bcb856567} => Key deleted successfully.
HKCR\CLSID\{061a3edb-64c8-11e2-abb0-782bcb856567} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea5dca5-556e-11e0-8365-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{2ea5dca5-556e-11e0-8365-806e6f6e6963} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Value deleted successfully.
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37 => Key deleted successfully.
C:\Windows\system32\npdeployJava1.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2 => Key deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2 => Key deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\ARCompanionForSession2.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\ConfigurationWizard.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\icd53vit.dll => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\JREInstall160_37.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\MDSInstall.dll => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\pylC9B6.tmp.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\setup_3.06.0059.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\setup_3.07.0084.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\setup_3.08.0065.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\setup_3.08.0066.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\setup_3.11.0003.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\setup_3.15.0044.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\setup_3.16.0025.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\swt-win32-3448.dll => Moved successfully.
C:\Users\mjzraz\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B366921-0304-494F-ADCB-CDA1BE2FB831} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B366921-0304-494F-ADCB-CDA1BE2FB831} => Key deleted successfully.
C:\Windows\System32\Tasks\DiskMaintenance => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiskMaintenance => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{110D38C0-93DC-4319-8846-1CDF4D4F1400} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{110D38C0-93DC-4319-8846-1CDF4D4F1400} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74783584-0484-408B-8933-0D8947F43608} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74783584-0484-408B-8933-0D8947F43608} => Key deleted successfully.
C:\Windows\System32\Tasks\{90B23C67-1C0A-478A-BBE4-28CD2F9B9784} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{90B23C67-1C0A-478A-BBE4-28CD2F9B9784} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDFD6484-8F01-4A4C-91BF-80946BDFE9B3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFD6484-8F01-4A4C-91BF-80946BDFE9B3} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  • RESTART THE COMPUTER

 

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 

 

Next, Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

 

 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.