a_technicality Posted January 7, 2014 ID:775106 Share Posted January 7, 2014 Hello, When I turn on my laptop, audio adds start playing in the background and there are no applications open. Here are the requested files I am supposed to post: DDS: DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.7600.16385Run by jgillis at 15:52:22 on 2014-01-07Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.893 [GMT -6:00].AV: Managed Antivirus Managed Antivirus *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Managed Antivirus Managed Antivirus *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Fingerprint Sensor\AtService.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exeC:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Program Files\Dell\DW WLAN Card\bcmwltry.exeC:\Windows\system32\conhost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exeC:\Program Files\Advanced Monitoring Agent\winagent.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exec:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exeC:\Program Files\LogMeIn\x86\LMIGuardianSvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exeC:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exeC:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Program Files\TeamViewer\Version8\TeamViewer.exeC:\Windows\Explorer.EXEC:\dell\DBRM\Reminder\DbrmTrayicon.exeC:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exeC:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exeC:\Program Files\IDT\WDM\sttray.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exeC:\Program Files\Dell\DW WLAN Card\WLTRAY.EXEC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\TeamViewer\Version8\tv_w32.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\AT&T\AT&T Communication Manager\attcm.exeC:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exeC:\Program Files\DellTPad\HidFind.exeC:\PROGRA~1\ADVANC~1\managedav\SBAMSvc.exeC:\Windows\system32\igfxext.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\Advanced Monitoring Agent\systray\SysTray.exeC:\Windows\system32\conhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\ADVANC~1\managedav\SBAMTray.exeC:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted.============== Pseudo HJT Report ===============.BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [attcm.exe] c:\program files\at&t\at&t communication manager\attcm.exemRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exemRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exemRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exemRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exemRun: [Apoint] c:\program files\delltpad\Apoint.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"mRun: [attcm_AppStart.exe] "c:\program files\at&t\at&t communication manager\attcm_AppStart.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [AdvancedMonitoringSysTray] "c:\progra~1\advanc~1\systray\Launcher.exe"mRun: [sBAMTray] "c:\progra~1\advanc~1\managedav\SBAMTray.exe"mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTCP: NameServer = 192.168.0.10 192.168.0.12TCP: Interfaces\{A246D26D-E6E2-44ED-8BCC-BFEAA3F9960D} : DHCPNameServer = 192.168.0.10 192.168.0.12TCP: Interfaces\{A246D26D-E6E2-44ED-8BCC-BFEAA3F9960D}\E4544574541425 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{A64470D5-1BFE-48B4-A4F1-1577B263624A} : DHCPNameServer = 192.168.0.10 192.168.0.12Notify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>LSA: Authentication Packages = msv1_0 wvauth.============= SERVICES / DRIVERS ===============.R2 Advanced Monitoring Agent;Advanced Monitoring Agent;c:\program files\advanced monitoring agent\winagent.exe [2013-6-6 6996480]R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-8-29 81920]R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-5-10 1803584]R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 386928]R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 13624]R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-1 47640]R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2013-5-7 68904]R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-8-29 260648]R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-9-27 43368]R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-9-27 24040]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-8-29 126976]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-7 22856]S1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2010-10-1 87064]S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-8-29 47104]S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-8-29 49152]S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-8-29 38400]S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [2011-3-4 78720]S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016].=============== Created Last 30 ================.2014-01-07 16:37:42 -------- d-----w- c:\users\jgillis\appdata\roaming\Malwarebytes2014-01-07 16:37:33 -------- d-----w- c:\programdata\Malwarebytes2014-01-07 16:37:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-01-07 16:37:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-01-07 16:37:16 -------- d-----w- c:\users\jgillis\appdata\local\Programs.==================== Find3M ====================.2013-12-16 19:00:58 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2013-12-16 19:00:58 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll2013-12-16 19:00:57 31560 ----a-w- c:\windows\system32\LMIport.dll2013-12-16 19:00:56 85832 ----a-w- c:\windows\system32\LMIinit.dll.============= FINISH: 15:54:03.64 =============== ATTACH: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 9/3/2010 8:20:35 AMSystem Uptime: 1/7/2014 3:19:19 PM (0 hours ago).Motherboard: Dell Inc. | | 0DW634Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 2268/266mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 223 GiB total, 180.001 GiB free.D: is CDROM ()E: is RemovableF: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet P3010 SeriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: Hewlett-PackardName: HP LaserJet P3010 SeriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet 4050 SeriesDevice ID: ROOT\MULTIFUNCTION\0001Manufacturer: Hewlett-PackardName: HP LaserJet 4050 SeriesPNP Device ID: ROOT\MULTIFUNCTION\0001Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: ML320/1TURBODevice ID: ROOT\MULTIFUNCTION\0002Manufacturer: OKI DATA CORPName: ML320/1TURBOPNP Device ID: ROOT\MULTIFUNCTION\0002Service:.Class GUID:Description: HP LaserJet Professional P 1102wDevice ID: ROOT\MULTIFUNCTION\0003Manufacturer:Name: HP LaserJet Professional P 1102wPNP Device ID: ROOT\MULTIFUNCTION\0003Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet Professional P 1102wDevice ID: ROOT\MULTIFUNCTION\0004Manufacturer: Hewlett-PackardName: HP LaserJet Professional P 1102wPNP Device ID: ROOT\MULTIFUNCTION\0004Service:.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: SBREDevice ID: ROOT\LEGACY_SBRE\0000Manufacturer:Name: SBREPNP Device ID: ROOT\LEGACY_SBRE\0000Service: SBRE.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: SonicWALL Virtual NICDevice ID: ROOT\SWVNIC\0000Manufacturer: SonicWALLName: SonicWALL Virtual NICPNP Device ID: ROOT\SWVNIC\0000Service: SWVNIC.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: SonicWALL IPsec DriverDevice ID: ROOT\LEGACY_SWIPSEC\0000Manufacturer:Name: SonicWALL IPsec DriverPNP Device ID: ROOT\LEGACY_SWIPSEC\0000Service: SWIPsec.==== System Restore Points ===================.RP143: 6/14/2013 12:00:01 AM - Scheduled CheckpointRP144: 6/22/2013 12:00:01 AM - Scheduled CheckpointRP145: 6/30/2013 12:00:03 AM - Scheduled CheckpointRP146: 7/8/2013 12:00:01 AM - Scheduled CheckpointRP147: 7/15/2013 12:00:02 AM - Scheduled CheckpointRP148: 7/23/2013 12:00:02 AM - Scheduled CheckpointRP149: 7/30/2013 12:00:03 AM - Scheduled CheckpointRP150: 8/7/2013 12:00:01 AM - Scheduled CheckpointRP151: 8/14/2013 12:00:02 AM - Scheduled CheckpointRP152: 8/22/2013 12:00:02 AM - Scheduled CheckpointRP153: 1/6/2014 8:15:38 PM - Scheduled Checkpoint.==== Installed Programs ======================.32 Bit HP CIO Components Installer470_Help470_ReadmeAdobe Acrobat 9 Standard - English, Français, DeutschAdobe Acrobat 9.5.5 - CPSID_83708Adobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAdvanced Monitoring AgentApple Application SupportApple Mobile Device SupportApple Software UpdateAT&T Communication ManagerAuthenTec Fingerprint SoftwareBioAPI FrameworkBonjourBPDSoftwareBPDSoftware_IniBroadcom NetXtreme-I Netlink Driver and Management InstallerBufferChmBusiness Contact Manager for Outlook 2007 SP2Cisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleDell Backup and Recovery ManagerDell Control PointDell ControlPoint Connection ManagerDell ControlPoint Security ManagerDell ControlPoint System ManagerDell Edoc ViewerDell Embassy Trust Suite by Wave SystemsDell Security Device Driver PackDell TouchpadDeviceDiscoveryDocument Manager LiteDW WLAN Card UtilityEMBASSY Security CenterEMBASSY Security SetupESC Home Page PluginGemaltoGPBaseService2H470HP Customer Participation Program 13.0HP Imaging Device Functions 13.0HP OfficeJet H470HP Smart Web Printing 4.51HP Solution Center 13.0HP UpdateHPProductAssistantHPSSupplyIntel® Graphics Media Accelerator DriveriTunesJava Auto UpdaterJava 6 Update 18Junk Mail filter updateLogMeInMalwarebytes Anti-Malware version 1.75.0.1300Managed AntivirusMarketResearchMFCLOCMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office Excel MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Small Business 2007Microsoft Office Small Business Connectivity ComponentsMicrosoft Office Word MUI (English) 2007Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17MPMMSVCRTNetworkNTRU TCG Software StackPowerDVD DXPreboot ManagerPrivate Information ManagerProductContextQuickTimeRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DE 10.3Roxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSecurity WizardsShop for HP SuppliesSmartWebPrintingSolutionCenterSonicWALL Global VPN ClientStatusTeamViewer 8 HostToolboxTrayAppTrusted Drive ManagerUpdate for Microsoft Office Word 2007 (KB974631)UPEK TouchChip Fingerprint ReaderWave Infrastructure InstallerWave Support SoftwareWebClientWebRegWindows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Upload ToolWindows Live Writer.==== Event Viewer Messages From Past Week ========.1/7/2014 7:37:24 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.1/7/2014 3:19:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE SWIPsec1/7/2014 3:19:40 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain DUTCHGROUP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.1/7/2014 3:19:39 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.1/7/2014 3:19:39 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.1/7/2014 3:17:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.1/7/2014 3:17:42 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.1/7/2014 3:17:42 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.1/7/2014 3:17:04 PM, Error: Service Control Manager [7034] - The AuthenTec Fingerprint Service service terminated unexpectedly. It has done this 1 time(s).1/7/2014 12:38:58 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.1/7/2014 11:49:50 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.1/7/2014 10:27:02 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-21474178311/6/2014 2:11:09 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.1/6/2014 11:42:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.1/6/2014 11:42:23 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted January 7, 2014 ID:775108 Share Posted January 7, 2014 Welcome to the forum. Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
a_technicality Posted January 9, 2014 Author ID:775746 Share Posted January 9, 2014 Here are the RogueKiller results: RogueKiller V8.8.0 [Dec 27 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 32 bits versionStarted in : Normal modeUser : jgillis [Admin rights]Mode : Scan -- Date : 01/09/2014 08:06:34| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9250315AS +++++--- User ---[MBR] df56605857a93641a067c771ab8ec75a[bSP] 7e93fb82420baa3ee535c3ecef09c40b : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 9642 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 19941376 | Size: 228737 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Lexar JumpDrive USB Device +++++--- User ---[MBR] 9963b4d5a7b2d0c294d9856f43555487[bSP] 33f57e43fc374c847ac869b9340e0664 : Windows XP MBR CodePartition table:0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 128 | Size: 30539 MoUser = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_01092014_080634.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted January 9, 2014 ID:775752 Share Posted January 9, 2014 Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please make sure you click download buttons that look similar to this, not "sponsored ad links": Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
a_technicality Posted January 9, 2014 Author ID:775785 Share Posted January 9, 2014 Here is the ComboFix Log: ComboFix 14-01-08.03 - jgillis 01/09/2014 10:00:46.1.2 - x86Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2143 [GMT -6:00]Running from: c:\users\jgillis\Desktop\ComboFix.exeAV: Managed Antivirus Managed Antivirus *Disabled/Outdated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}SP: Managed Antivirus Managed Antivirus *Disabled/Outdated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\SET8A06.tmpc:\windows\system32\test..((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))..2014-01-09 16:05 . 2014-01-09 16:06 -------- d-----w- c:\users\jgillis\AppData\Local\temp2014-01-09 16:05 . 2014-01-09 16:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-01-09 16:05 . 2014-01-09 16:05 -------- d-----w- c:\users\setup\AppData\Local\temp2014-01-09 16:05 . 2014-01-09 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-09 16:05 . 2014-01-09 16:05 -------- d-----w- c:\users\administrator\AppData\Local\temp2014-01-08 22:22 . 2014-01-08 22:22 -------- d-----w- c:\users\administrator\AppData\Roaming\Managed Antivirus2014-01-07 22:55 . 2014-01-07 22:55 -------- d-----w- C:\Logs2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\users\jgillis\AppData\Roaming\Malwarebytes2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\programdata\Malwarebytes2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-01-07 16:37 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\users\jgillis\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-09 14:06 . 2014-01-09 14:06 93696 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 132352 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 43600 ----a-w- c:\windows\system32\drivers\winhv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 35840 ----a-w- c:\windows\system32\drivers\winusb.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 229888 ----a-w- c:\windows\system32\drivers\WavxDMgr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 53312 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 5632 ----a-w- c:\windows\system32\drivers\vms3cap.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 40896 ----a-w- c:\windows\system32\drivers\vmstorfl.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17920 ----a-w- c:\windows\system32\drivers\VMBusHID.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 175824 ----a-w- c:\windows\system32\drivers\vmbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 159824 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 74752 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 35840 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 75264 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 74240 ----a-w- c:\windows\system32\drivers\tdx.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 51776 ----a-w- c:\windows\system32\drivers\termdd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 30208 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 34816 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 21016 ----a-w- c:\windows\system32\drivers\SWVNIC.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 1285712 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 78720 ----a-w- c:\windows\system32\drivers\swiwdmbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 87064 ----a-w- c:\windows\system32\drivers\SWIPsec.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 28224 ----a-w- c:\windows\system32\drivers\storvsc.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 144960 ----a-w- c:\windows\system32\drivers\storport.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 306688 ----a-w- c:\windows\system32\drivers\srv2.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 140368 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 26624 ----a-w- c:\windows\system32\drivers\scfilter.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 85568 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 68904 ----a-w- c:\windows\system32\drivers\sbapifs.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 60928 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2009-07-14 . 428111B8B878533131FBCD442685D701 . 376320 . . [6.1.7600.16385] . . c:\windows\System32\rpcss.dll[7] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 166936]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 175640]"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-08-29 4685824]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-18 278528]"AdvancedMonitoringSysTray"="c:\progra~1\ADVANC~1\systray\Launcher.exe" [2013-02-22 291328]"SBAMTray"="c:\progra~1\ADVANC~1\managedav\SBAMTray.exe" [2013-05-28 3232152].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 wvauth.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnkbackup=c:\windows\pss\Dell ControlPoint System Manager.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\attcm_AppStart.exe]2010-09-24 18:28 203776 ----a-w- c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]2009-11-02 16:40 657920 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]2010-05-31 16:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]2009-06-25 01:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 87064]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]R2 SBAMSvc;Managed Antivirus;c:\progra~1\ADVANC~1\managedav\SBAMSvc.exe [2013-05-28 3681016]R3 EraserUtilDrvI11;EraserUtilDrvI11;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [x]R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-09-04 24040]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-04 21016]S2 Advanced Monitoring Agent;Advanced Monitoring Agent;c:\program files\Advanced Monitoring Agent\winagent.exe [2013-11-28 6996480]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 386928]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-12-16 375120]S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-06-01 13624]S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2013-05-08 68904]S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 227352]S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2010-09-13 230768]S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5091168]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - GFIARK.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000Trusted Zone: thedutchgroup.net\webmailTCP: DhcpNameServer = 192.168.0.10 192.168.0.12.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]"ImagePath"="\??\".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(560)c:\windows\system32\wvauth.DLL.Completion time: 2014-01-09 10:07:31ComboFix-quarantined-files.txt 2014-01-09 16:07.Pre-Run: 191,801,847,808 bytes freePost-Run: 193,551,200,256 bytes free.- - End Of File - - B243C0C8CE8158F96B085D05C36D49E5A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
MrCharlie Posted January 9, 2014 ID:775835 Share Posted January 9, 2014 Using ComboFix...... 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Download the attached CFScript.txt, place it next to ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall. After reboot, (in case it asks to reboot)...... Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply. Then........ Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Make sure you click on download buttons that look similar to this, not "sponsored ad links": Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. ------------------------------------ Sometimes Google Chrome is also infected, if so just reset it or re-install it: Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=en Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
a_technicality Posted January 10, 2014 Author ID:776146 Share Posted January 10, 2014 The audio adds have not been playing since I ran AdwCleaner and ComboFix with the script you attached. Here are the logs for Combofix, AdwCleaner, and MalwareBytes AntiMalware: COMBOFIX: ComboFix 14-01-08.03 - jgillis 01/09/2014 14:52:19.2.2 - x86Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3539.2404 [GMT -6:00]Running from: c:\users\jgillis\Desktop\ComboFix.exeCommand switches used :: c:\users\jgillis\Desktop\CFScript.txtAV: Managed Antivirus Managed Antivirus *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}SP: Managed Antivirus Managed Antivirus *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...--------------- FCopy ---------------.c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll --> c:\windows\System32\rpcss.dll.((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))..2014-01-09 21:00 . 2014-01-09 21:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-01-09 21:00 . 2014-01-09 21:00 -------- d-----w- c:\users\setup\AppData\Local\temp2014-01-09 21:00 . 2014-01-09 21:00 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-09 21:00 . 2014-01-09 21:00 -------- d-----w- c:\users\administrator\AppData\Local\temp2014-01-09 16:07 . 2014-01-09 21:00 -------- d-----w- c:\users\jgillis\AppData\Local\temp2014-01-08 22:22 . 2014-01-08 22:22 -------- d-----w- c:\users\administrator\AppData\Roaming\Managed Antivirus2014-01-07 22:55 . 2014-01-07 22:55 -------- d-----w- C:\Logs2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\users\jgillis\AppData\Roaming\Malwarebytes2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\programdata\Malwarebytes2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2014-01-07 16:37 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2014-01-07 16:37 . 2014-01-07 16:37 -------- d-----w- c:\users\jgillis\AppData\Local\Programs...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-09 20:48 . 2010-09-07 13:40 0 ----a-w- c:\users\jgillis\AppData\Local\WavXMapDrive.bat2014-01-09 14:06 . 2014-01-09 14:06 93696 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 132352 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 16384 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 43600 ----a-w- c:\windows\system32\drivers\winhv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 35840 ----a-w- c:\windows\system32\drivers\winusb.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19008 ----a-w- c:\windows\system32\drivers\wimmount.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 14912 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 63488 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 35328 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 229888 ----a-w- c:\windows\system32\drivers\WavxDMgr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 21632 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19024 ----a-w- c:\windows\system32\drivers\wd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 14336 ----a-w- c:\windows\system32\drivers\vwifimp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 48128 ----a-w- c:\windows\system32\drivers\vwififlt.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 297040 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19968 ----a-w- c:\windows\system32\drivers\vwifibus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 141904 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 53312 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 5632 ----a-w- c:\windows\system32\drivers\vms3cap.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 40896 ----a-w- c:\windows\system32\drivers\vmstorfl.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17920 ----a-w- c:\windows\system32\drivers\VMBusHID.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 175824 ----a-w- c:\windows\system32\drivers\vmbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 53328 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 52736 ----a-w- c:\windows\system32\drivers\viac7.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 16976 ----a-w- c:\windows\system32\drivers\viaide.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 159824 ----a-w- c:\windows\system32\drivers\vhdmp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 111616 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 74752 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 35840 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 32832 ----a-w- c:\windows\system32\drivers\vdrvroot.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 26112 ----a-w- c:\windows\system32\drivers\usbrpm.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19968 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 75264 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 8192 ----a-w- c:\windows\system32\drivers\umpass.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 39936 ----a-w- c:\windows\system32\drivers\umbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 57424 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 74240 ----a-w- c:\windows\system32\drivers\tdx.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 55888 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 51776 ----a-w- c:\windows\system32\drivers\termdd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 30208 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 246784 ----a-w- c:\windows\system32\drivers\udfs.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 108544 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 34816 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 21016 ----a-w- c:\windows\system32\drivers\SWVNIC.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 1285712 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 78720 ----a-w- c:\windows\system32\drivers\swiwdmbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 87064 ----a-w- c:\windows\system32\drivers\SWIPsec.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 53632 ----a-w- c:\windows\system32\drivers\stream.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 28224 ----a-w- c:\windows\system32\drivers\storvsc.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 144960 ----a-w- c:\windows\system32\drivers\storport.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 12240 ----a-w- c:\windows\system32\drivers\swenum.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 21072 ----a-w- c:\windows\system32\drivers\stexstor.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 405504 ----a-w- c:\windows\system32\drivers\spsys.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 310784 ----a-w- c:\windows\system32\drivers\srv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 306688 ----a-w- c:\windows\system32\drivers\srv2.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17472 ----a-w- c:\windows\system32\drivers\spldr.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 77888 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 71168 ----a-w- c:\windows\system32\drivers\smb.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 52304 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak2014-01-09 14:06 . 2014-01-09 14:06 40016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 11264 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 140368 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 26624 ----a-w- c:\windows\system32\drivers\scfilter.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 85568 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak2014-01-09 14:06 . 2014-01-09 14:06 68904 ----a-w- c:\windows\system32\drivers\sbapifs.sys.bak..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 166936]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 175640]"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-08-29 4685824]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-18 278528]"AdvancedMonitoringSysTray"="c:\progra~1\ADVANC~1\systray\Launcher.exe" [2013-02-22 291328]"SBAMTray"="c:\progra~1\ADVANC~1\managedav\SBAMTray.exe" [2013-05-28 3232152].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 wvauth.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnkbackup=c:\windows\pss\Dell ControlPoint System Manager.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupbackupExtension=.CommonStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]2013-05-08 08:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]2013-05-08 19:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\attcm_AppStart.exe]2010-09-24 18:28 203776 ----a-w- c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]2009-11-02 16:40 657920 ----a-w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]2010-05-31 16:31 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]2009-06-25 01:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [2009-03-06 87064]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]R3 EraserUtilDrvI11;EraserUtilDrvI11;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI11.sys [x]R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-09-04 24040]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [2009-03-04 21016]S2 Advanced Monitoring Agent;Advanced Monitoring Agent;c:\program files\Advanced Monitoring Agent\winagent.exe [2013-11-28 6996480]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-02-08 386928]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2013-12-16 375120]S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2013-06-01 13624]S2 SBAMSvc;Managed Antivirus;c:\progra~1\ADVANC~1\managedav\SBAMSvc.exe [2013-05-28 3681016]S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2013-05-08 68904]S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 227352]S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2010-09-13 230768]S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5091168]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000Trusted Zone: thedutchgroup.net\webmailTCP: DhcpNameServer = 192.168.0.10 192.168.0.12.- - - - ORPHANS REMOVED - - - -.SafeBoot-Wdf01000.sys...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrueSight]"ImagePath"="\??\".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(528)c:\windows\system32\wvauth.DLL.- - - - - - - > 'Explorer.exe'(3688)c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.Completion time: 2014-01-09 15:02:18ComboFix-quarantined-files.txt 2014-01-09 21:02ComboFix2.txt 2014-01-09 16:07.Pre-Run: 193,680,084,992 bytes freePost-Run: 193,660,973,056 bytes free.- - End Of File - - 9407DB17CE64AD44CC31BC2B68C9B3EBA36C5E4F47E84449FF07ED3517B43A31 AdwCleaner: # AdwCleaner v3.016 - Report created 09/01/2014 at 15:16:21# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Professional (32 bits)# Username : jgillis - JGE5500# Running from : C:\Users\jgillis\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536***** [ Browsers ] *****-\\ Internet Explorer v8.0.7600.16385*************************AdwCleaner[R0].txt - [2297 octets] - [09/01/2014 15:05:40]AdwCleaner[s0].txt - [2252 octets] - [09/01/2014 15:16:21]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2312 octets] ########## MalwareBytes: Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.09.08Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385jgillis :: JGE5500 [administrator]Protection: Enabled1/9/2014 3:22:06 PMmbam-log-2014-01-09 (15-22-06).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 354540Time elapsed: 1 hour(s), 20 minute(s), 45 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Besides deleteing the programs that were run and the log files should I run anything else to make sure this malware is removed? Link to post Share on other sites More sharing options...
MrCharlie Posted January 10, 2014 ID:776159 Share Posted January 10, 2014 Good.....The main problem was an infected rpcss.dll, which we replaced with a good copy using ComboFix:c:\windows\System32\rpcss.dllLets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
gwmarthe Posted January 10, 2014 ID:776230 Share Posted January 10, 2014 Thanks so much for your help! How do you think that file got infected? Email?? Link to post Share on other sites More sharing options...
MrCharlie Posted January 10, 2014 ID:776261 Share Posted January 10, 2014 I really don't know but e-mail is one way. Did you run Security Check???? Log???? MrC Link to post Share on other sites More sharing options...
MrCharlie Posted January 12, 2014 ID:777021 Share Posted January 12, 2014 How are we doing?? Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
LDTate Posted January 14, 2014 ID:777913 Share Posted January 14, 2014 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts