Jump to content

Fake Adobe Flash Update Virus


Recommended Posts

I've got a particularly annoying virus giving me fits on a remote user's computer that I've been fighting for the past few days. 

 

The virus presents itself as a UAC prompt needing administrative permission to install "UpdateFlashPlayer_XXXXXXXX.exe", with the X's being a random assortment of numbers and letters that changes every time.

 

So far I've had very little luck finding similar instances of this infection online to help me fight it. 

 

I initially ran MBAM, which found some 87 objects on the machine. It was a variety of trojans and spyware. MBAM went through and cleared most of it out. In fact, initially subsequent scans showed no objects, and the flash player update UAC disappeared. 

 

Once we rebooted the machine, the issue was back. Now every scan seems to detect two objects: Trojan.Zbot.CXgen, file and process. 

 

Since I cannot seem to get rid of them, I'm currently stuck. Any suggestion/removal guides would be greatly appreciated. 

 

Thanks.

 

post-171110-0-90123200-1407876801_thumb.

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-08-2014 02

Ran by adminlocal (administrator) on LAT5430-0549 on 14-08-2014 13:35:30

Running from C:\Users\b.atkinson\Desktop

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\NTRtScan.exe

(O2Micro International) C:\Windows\System32\o2flash.exe

() C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe

(Sage Inc.) C:\Program Files\Timberline Office\Shared\PEPWindowsService.exe

(Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\TmListen.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe

(Sage Inc.) C:\Program Files\Common Files\Sage\LS1\ServiceHost\9.8\Sage.LS1.ServiceHost.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\TmProxy.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe

(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

() C:\Program Files\Sage\SIM\Client\SimNotify.exe

() C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe

(Maskiseft Corporatien) C:\Users\b.atkinson\AppData\Roaming\Ydurhyz\abgocas.exe

(Maskiseft Corporatien) C:\Users\b.atkinson\AppData\Roaming\Edytybyt\igoqizg.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Maskisift Corporatien) C:\Users\b.atkinson\AppData\Roaming\Wyowakf\ifzaebz.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Mozilla Corporation) C:\Users\b.atkinson\AppData\Local\ojwbppfw.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\RunOnce: [DCERegBootClean] => C:\Windows\RegBootClean.exe [181272 2014-08-14] ()

HKLM\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] => C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe [54072 2014-06-02] (Malwarebytes Corporation)

Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)

HKU\S-1-5-21-1736462797-154043553-2916750946-1000\...\MountPoints2: {1ee8b7ba-1377-11e2-8d08-806e6f6e6963} - D:\SETUP.EXE

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [attcm.exe] => C:\Program Files\AT&T\AT&T Communication Manager\attcm.exe [206472 2011-08-04] (AT&T)

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Zifomyxuibe] => "C:\Users\b.atkinson\AppData\Roaming\Iwqefaaz\atyfa.exe"

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Zogeloysxaagw] => "C:\Users\b.atkinson\AppData\Roaming\Ruvozusi\asarmir.exe"

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [ucepi] => "C:\Users\b.atkinson\AppData\Roaming\Bayvikci\ekozwy.exe"

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Ypfyygacpueqyk] => "C:\Users\b.atkinson\AppData\Roaming\Wuemeqe\yfgazu.exe"

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Vaalhoapy] => C:\Users\b.atkinson\AppData\Roaming\Edytybyt\igoqizg.exe [306819 2013-08-28] (Maskiseft Corporatien)

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [ufqvtvht] => "C:\Users\b.atkinson\AppData\Local\scdvvoug.exe"

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Rivao] => C:\Users\b.atkinson\AppData\Roaming\Ydurhyz\abgocas.exe [307412 2013-04-08] (Maskiseft Corporatien)

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Zytuhoda] => C:\Users\b.atkinson\AppData\Roaming\Digiuxi\emcee.exe

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [sepieiqf] => C:\Users\b.atkinson\AppData\Local\xatbgodk.exe [159744 2014-08-12] ()

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [acfumhai] => C:\Users\b.atkinson\AppData\Local\fddkevfe.exe [157696 2014-08-14] ()

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Ryzyzeuwmyyzsod] => C:\Users\b.atkinson\AppData\Roaming\Liarhu\suohyge.exe

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Puqaumosohgeoca] => C:\Users\b.atkinson\AppData\Roaming\Bafyift\kimya.exe

HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Etafymreuqil] => C:\Users\b.atkinson\AppData\Roaming\Wyowakf\ifzaebz.exe [304818 2013-07-08] (Maskisift Corporatien)

Lsa: [Authentication Packages] msv1_0 wvauth

Startup: C:\Users\adminlocal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk

ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\Windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()

Startup: C:\Users\b.atkinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\b.atkinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

Startup: C:\Users\ryan.wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\b.atkinson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\ryan.wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk

ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)

ShellIconOverlayIdentifiers: 0000BoxSyncFileLocked -> {b973655f-b823-3729-abea-e88cb316ddd4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: 0000BoxSyncNotSynced -> {a316141f-fa66-334c-8d40-a8f4e6d21080} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: 0000BoxSyncProblem -> {a74ad9e8-37eb-31db-9026-8eda10d85860} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: 0000BoxSyncSynced -> {c3de22fc-b307-320f-ba41-27d95101bbf3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - DefaultScope {60FADE9C-C751-412B-91C6-C3DBDC804C79} URL = 

BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)




Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension

FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension [2014-08-11]

 

Chrome: 

=======

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1787720 2012-02-02] (AuthenTec, Inc.)

S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [27672 2014-04-14] (Box, Inc.)

R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [131072 2011-11-30] (Broadcom Corporation) [File not signed]

S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276248 2012-04-25] (Intel Corporation)

R2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [1568664 2011-08-24] (Dell Inc.)

R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [179592 2012-01-17] ()

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel® Corporation)

R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 ntrtscan; C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe [2275336 2012-12-18] (Trend Micro Inc.)

R2 Sage.LS1.ServiceHost.9.8; C:\Program Files\Common Files\Sage\LS1\ServiceHost\9.8\Sage.LS1.ServiceHost.exe [107848 2011-08-18] (Sage Inc.)

R2 SageInstMgrClient; C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [15688 2011-08-22] ()

R2 SagePEPService; C:\Program Files\Timberline Office\Shared\PEPWindowsService.exe [19272 2011-10-28] (Sage Inc.)

S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1517448 2011-11-11] (Wave Systems Corp.)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [290898 2012-02-13] (IDT, Inc.)

R2 SwiCardDetectSvc; C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe [238960 2011-05-20] (Sierra Wireless, Inc.)

S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]

R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2864496 2011-12-08] (Wave Systems Corp.)

R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345648 2012-10-30] (Trend Micro Inc.)

R2 tmlisten; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [2288976 2012-12-18] (Trend Micro Inc.)

R3 TmProxy; C:\Program Files\Trend Micro\Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)

R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1189376 2012-01-05] (Wave Systems Corp.) [File not signed]

R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5512192 2012-01-18] (Dell Inc.) [File not signed]

S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [145408 2012-01-16] (Wave Systems Corp.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2012-01-18] (Broadcom Corporation)

S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [103936 2011-08-22] (Broadcom Corporation)

S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [11008 2011-07-19] (Dell Inc.)

R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-02-27] (Intel Corporation)

R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-02-27] (Intel Corporation)

R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-02-27] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)

S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)

S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )

S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )

R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [64872 2011-11-14] (O2Micro )

R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2012-10-11] (Dell Inc)

R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)

R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [59888 2011-11-04] (STMicroelectronics)

S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)

R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [74600 2012-10-30] (Trend Micro Inc.)

R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [258976 2012-11-13] (Trend Micro Inc.)

R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62728 2012-10-30] (Trend Micro Inc.)

R2 TmFilter; C:\Program Files\Trend Micro\Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)

R2 TmPreFilter; C:\Program Files\Trend Micro\Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90448 2011-08-31] (Trend Micro Inc.)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2012-10-11] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2012-10-11] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2012-10-11] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296192 2012-10-11] (Microsoft Corporation)

R2 VSApiNt; C:\Program Files\Trend Micro\Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)

S1 guhynkaz; \??\C:\Windows\system32\drivers\guhynkaz.sys [X]

S1 tocwjkhd; \??\C:\Windows\system32\drivers\tocwjkhd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-14 13:35 - 2014-08-14 13:36 - 00023038 _____ () C:\Users\b.atkinson\Desktop\FRST.txt

2014-08-14 13:34 - 2014-08-14 13:34 - 01092096 _____ (Farbar) C:\Users\b.atkinson\Desktop\FRST.exe

2014-08-14 13:33 - 2014-08-14 13:35 - 00000000 ____D () C:\FRST

2014-08-14 13:31 - 2014-08-14 13:31 - 00086016 _____ (Mozilla Corporation) C:\Users\b.atkinson\AppData\Local\ojwbppfw.exe

2014-08-14 09:23 - 2014-08-14 13:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ahopxoeg

2014-08-14 08:49 - 2014-08-14 08:49 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Wyowakf

2014-08-14 08:12 - 2014-08-14 13:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Bafyift

2014-08-14 06:56 - 2014-08-14 13:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Liarhu

2014-08-14 06:55 - 2014-08-14 06:55 - 00157696 _____ () C:\Users\b.atkinson\AppData\Local\fddkevfe.exe

2014-08-14 06:55 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-14 06:55 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-14 06:55 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-14 06:55 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-13 22:58 - 2014-08-13 23:29 - 00014552 _____ () C:\Users\b.atkinson\Desktop\july14 visa.xlsx

2014-08-13 11:10 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-13 11:10 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-13 11:10 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-13 11:10 - 2014-07-25 08:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-13 11:10 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-13 11:10 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-13 11:10 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-13 11:10 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-13 11:10 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-13 11:10 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-13 11:10 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-13 11:10 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-13 11:10 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-13 11:10 - 2014-07-25 07:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-13 11:10 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-13 11:10 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-13 11:10 - 2014-07-25 06:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-13 11:10 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-13 11:10 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-13 11:10 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-13 11:10 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-13 11:10 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-13 11:10 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-13 11:10 - 2014-07-25 06:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-13 11:10 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-13 11:10 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-13 11:10 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-13 11:10 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-13 11:10 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-13 11:10 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-13 11:10 - 2014-07-13 20:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-13 11:10 - 2014-06-15 20:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-13 11:10 - 2014-06-15 20:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2014-08-13 11:10 - 2014-06-15 20:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-08-13 11:09 - 2014-07-15 21:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-13 11:09 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-13 11:09 - 2014-07-15 20:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-13 11:09 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-13 11:09 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-13 11:09 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-13 11:09 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-13 11:09 - 2014-07-08 20:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-13 11:09 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-13 11:09 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-13 11:09 - 2014-06-03 04:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-13 11:09 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-13 11:09 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-13 11:09 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 16:18 - 2014-08-12 16:18 - 00000000 ____D () C:\Program Files\Box

2014-08-12 15:30 - 2014-08-14 09:44 - 00181272 _____ () C:\Windows\RegBootClean.exe

2014-08-12 15:30 - 2014-08-14 09:44 - 00011838 _____ () C:\Windows\RegBootClean.CFG

2014-08-12 15:22 - 2014-08-12 15:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-08-12 15:22 - 2014-08-12 15:22 - 00159744 _____ () C:\Users\b.atkinson\AppData\Local\xatbgodk.exe

2014-08-12 15:20 - 2014-08-12 15:40 - 00000000 ____D () C:\Users\adminlocal\Desktop\mbar

2014-08-12 13:14 - 2014-08-14 13:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Digiuxi

2014-08-12 12:40 - 2014-08-14 13:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Zidyudib

2014-08-12 11:15 - 2014-08-12 11:15 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ydurhyz

2014-08-12 09:18 - 2014-08-12 09:18 - 00000000 ____D () C:\Users\b.atkinson\AppData\Local\HP

2014-08-12 09:16 - 2014-08-12 09:16 - 00002214 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk

2014-08-12 09:16 - 2014-08-12 09:16 - 00001161 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk

2014-08-12 09:16 - 2014-08-12 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-08-12 09:16 - 2013-08-13 12:45 - 00596000 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll

2014-08-12 09:15 - 2014-08-12 09:15 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-08-12 09:15 - 2014-08-12 09:15 - 00000000 ____D () C:\ProgramData\HP

2014-08-12 09:15 - 2014-08-12 09:15 - 00000000 ____D () C:\Program Files\HP

2014-08-12 09:14 - 2014-08-12 09:14 - 00000000 ____D () C:\Users\ryan.wilson\AppData\Local\HP

2014-08-12 09:00 - 2014-08-12 09:00 - 00000000 ____D () C:\Users\b.atkinson\Documents\Outlook Files

2014-08-12 07:37 - 2014-08-12 07:37 - 00003480 ____N () C:\bootsqm.dat

2014-08-12 07:35 - 2014-08-12 07:35 - 00000000 __SHD () C:\found.000

2014-08-11 17:14 - 2014-08-12 12:16 - 00001954 _____ () C:\Users\b.atkinson\Desktop\Koontz Webmail.lnk

2014-08-11 17:13 - 2014-08-11 17:13 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-11 17:13 - 2014-08-11 17:13 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-11 17:13 - 2014-08-11 17:13 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-11 17:13 - 2014-08-11 17:13 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-08-11 17:13 - 2014-08-11 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-11 16:52 - 2014-08-11 16:55 - 00013652 _____ () C:\Windows\cfgall.ini

2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 _____ () C:\Windows\system32\diagnostic.log

2014-08-11 16:50 - 2014-08-11 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent

2014-08-11 16:49 - 2014-08-11 16:49 - 00000000 __SHD () C:\Users\ryan.wilson\AppData\Local\EmieUserList

2014-08-11 16:49 - 2014-08-11 16:49 - 00000000 __SHD () C:\Users\ryan.wilson\AppData\Local\EmieSiteList

2014-08-11 16:49 - 2014-08-11 16:49 - 00000000 ____D () C:\Users\ryan.wilson\AppData\Roaming\Box Sync

2014-08-11 15:46 - 2010-09-30 16:01 - 00203600 _____ (Trend Micro Inc.) C:\Windows\TmNSCIns.dll

2014-08-11 15:46 - 2006-11-01 23:21 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll

2014-08-11 15:16 - 2014-08-12 15:22 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-11 15:16 - 2014-08-12 15:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-11 15:16 - 2014-08-11 15:16 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\Users\adminlocal\AppData\Local\Box Sync

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-11 15:16 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-11 15:16 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-11 15:10 - 2014-08-14 13:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Wiosgux

2014-08-11 14:53 - 2013-10-23 15:21 - 00000342 _____ () C:\Users\b.atkinson\Desktop\VPNhack.reg

2014-08-11 14:20 - 2014-08-12 08:14 - 00230703 _____ () C:\Users\b.atkinson\Desktop\CCHEADEND 4.xlsx

2014-08-11 14:17 - 2014-08-11 14:17 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Edytybyt

2014-08-04 14:34 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Nepuugs

2014-08-04 13:18 - 2014-08-11 14:22 - 00230630 _____ () C:\Users\b.atkinson\Desktop\conway corp headend 3.xlsx

2014-07-28 15:40 - 2014-08-11 15:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ubheenat

2014-07-28 13:40 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Qoalul

2014-07-28 13:19 - 2014-08-12 08:17 - 00230699 _____ () C:\Users\b.atkinson\Desktop\Two RIVERS.xlsx

2014-07-22 08:47 - 2014-08-11 15:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Sadyyvp

2014-07-21 12:46 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Yhgyhiz

2014-07-15 08:46 - 2014-08-11 15:28 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Kohanu

2014-07-15 07:33 - 2014-08-11 15:30 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ifdoihol

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-14 13:36 - 2014-08-14 13:35 - 00023038 _____ () C:\Users\b.atkinson\Desktop\FRST.txt

2014-08-14 13:35 - 2014-08-14 13:33 - 00000000 ____D () C:\FRST

2014-08-14 13:34 - 2014-08-14 13:34 - 01092096 _____ (Farbar) C:\Users\b.atkinson\Desktop\FRST.exe

2014-08-14 13:31 - 2014-08-14 13:31 - 00086016 _____ (Mozilla Corporation) C:\Users\b.atkinson\AppData\Local\ojwbppfw.exe

2014-08-14 13:31 - 2012-10-11 00:47 - 01561897 _____ () C:\Windows\WindowsUpdate.log

2014-08-14 13:28 - 2014-08-14 09:23 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ahopxoeg

2014-08-14 13:28 - 2014-08-14 08:12 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Bafyift

2014-08-14 13:28 - 2014-08-14 06:56 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Liarhu

2014-08-14 13:28 - 2014-08-12 13:14 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Digiuxi

2014-08-14 13:28 - 2014-08-12 12:40 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Zidyudib

2014-08-14 13:28 - 2014-08-11 15:10 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Wiosgux

2014-08-14 13:17 - 2012-11-02 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-14 09:58 - 2010-11-20 16:01 - 00811624 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-14 09:44 - 2014-08-12 15:30 - 00181272 _____ () C:\Windows\RegBootClean.exe

2014-08-14 09:44 - 2014-08-12 15:30 - 00011838 _____ () C:\Windows\RegBootClean.CFG

2014-08-14 09:00 - 2012-07-17 11:45 - 00002220 ____H () C:\Users\b.atkinson\Documents\Default.rdp

2014-08-14 08:58 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-08-14 08:49 - 2014-08-14 08:49 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Wyowakf

2014-08-14 08:04 - 2014-02-14 10:35 - 00000000 ____D () C:\Users\b.atkinson\AppData\Local\Box Sync

2014-08-14 08:04 - 2012-11-05 19:46 - 00000000 ____D () C:\Users\b.atkinson\AppData\Local\attcm

2014-08-14 08:03 - 2012-11-02 10:44 - 00000000 ___RD () C:\Users\b.atkinson\Virtual Machines

2014-08-14 07:29 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-08-14 07:25 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-14 07:25 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-14 07:24 - 2012-10-11 01:23 - 00216114 _____ () C:\Windows\system32\TmInstall.log

2014-08-14 07:20 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-14 07:19 - 2009-07-13 23:39 - 00050286 _____ () C:\Windows\setupact.log

2014-08-14 07:19 - 2009-07-13 23:33 - 00496416 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-14 07:02 - 2012-10-31 13:50 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-14 06:58 - 2013-09-06 16:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-14 06:58 - 2012-10-31 13:11 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-14 06:55 - 2014-08-14 06:55 - 00157696 _____ () C:\Users\b.atkinson\AppData\Local\fddkevfe.exe

2014-08-14 06:44 - 2010-11-20 16:48 - 00183818 _____ () C:\Windows\PFRO.log

2014-08-13 23:29 - 2014-08-13 22:58 - 00014552 _____ () C:\Users\b.atkinson\Desktop\july14 visa.xlsx

2014-08-12 17:07 - 2014-04-25 10:25 - 00000000 ____D () C:\Program Files\Citrix

2014-08-12 16:19 - 2014-02-14 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync

2014-08-12 16:18 - 2014-08-12 16:18 - 00000000 ____D () C:\Program Files\Box

2014-08-12 16:11 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\addins

2014-08-12 15:40 - 2014-08-12 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-08-12 15:40 - 2014-08-12 15:20 - 00000000 ____D () C:\Users\adminlocal\Desktop\mbar

2014-08-12 15:22 - 2014-08-12 15:22 - 00159744 _____ () C:\Users\b.atkinson\AppData\Local\xatbgodk.exe

2014-08-12 15:22 - 2014-08-11 15:16 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-12 15:20 - 2014-08-11 15:16 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-12 12:16 - 2014-08-11 17:14 - 00001954 _____ () C:\Users\b.atkinson\Desktop\Koontz Webmail.lnk

2014-08-12 12:16 - 2012-10-31 11:40 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl

2014-08-12 11:15 - 2014-08-12 11:15 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ydurhyz

2014-08-12 09:18 - 2014-08-12 09:18 - 00000000 ____D () C:\Users\b.atkinson\AppData\Local\HP

2014-08-12 09:16 - 2014-08-12 09:16 - 00002214 _____ () C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk

2014-08-12 09:16 - 2014-08-12 09:16 - 00001161 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk

2014-08-12 09:16 - 2014-08-12 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2014-08-12 09:15 - 2014-08-12 09:15 - 00000057 _____ () C:\ProgramData\Ament.ini

2014-08-12 09:15 - 2014-08-12 09:15 - 00000000 ____D () C:\ProgramData\HP

2014-08-12 09:15 - 2014-08-12 09:15 - 00000000 ____D () C:\Program Files\HP

2014-08-12 09:15 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\twain_32

2014-08-12 09:14 - 2014-08-12 09:14 - 00000000 ____D () C:\Users\ryan.wilson\AppData\Local\HP

2014-08-12 09:00 - 2014-08-12 09:00 - 00000000 ____D () C:\Users\b.atkinson\Documents\Outlook Files

2014-08-12 08:46 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-08-12 08:17 - 2014-07-28 13:19 - 00230699 _____ () C:\Users\b.atkinson\Desktop\Two RIVERS.xlsx

2014-08-12 08:14 - 2014-08-11 14:20 - 00230703 _____ () C:\Users\b.atkinson\Desktop\CCHEADEND 4.xlsx

2014-08-12 07:37 - 2014-08-12 07:37 - 00003480 ____N () C:\bootsqm.dat

2014-08-12 07:35 - 2014-08-12 07:35 - 00000000 __SHD () C:\found.000

2014-08-11 17:15 - 2012-10-31 14:15 - 00000000 ____D () C:\ProgramData\Apple

2014-08-11 17:14 - 2012-11-02 10:44 - 00004762 __RSH () C:\Users\b.atkinson\ntuser.pol

2014-08-11 17:14 - 2012-11-02 10:44 - 00000000 ____D () C:\Users\b.atkinson

2014-08-11 17:14 - 2012-11-02 10:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-08-11 17:14 - 2012-11-02 10:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-08-11 17:13 - 2014-08-11 17:13 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-11 17:13 - 2014-08-11 17:13 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-11 17:13 - 2014-08-11 17:13 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-11 17:13 - 2014-08-11 17:13 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-08-11 17:13 - 2014-08-11 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-11 17:11 - 2012-10-31 14:37 - 00000000 ____D () C:\Program Files\Trend Micro

2014-08-11 16:55 - 2014-08-11 16:52 - 00013652 _____ () C:\Windows\cfgall.ini

2014-08-11 16:53 - 2012-11-02 10:37 - 00000000 ____D () C:\Users\ryan.wilson\AppData\Local\VirtualStore

2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 _____ () C:\Windows\system32\diagnostic.log

2014-08-11 16:51 - 2012-10-31 14:38 - 00000000 ____D () C:\ProgramData\Trend Micro

2014-08-11 16:50 - 2014-08-11 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent

2014-08-11 16:49 - 2014-08-11 16:49 - 00000000 __SHD () C:\Users\ryan.wilson\AppData\Local\EmieUserList

2014-08-11 16:49 - 2014-08-11 16:49 - 00000000 __SHD () C:\Users\ryan.wilson\AppData\Local\EmieSiteList

2014-08-11 16:49 - 2014-08-11 16:49 - 00000000 ____D () C:\Users\ryan.wilson\AppData\Roaming\Box Sync

2014-08-11 16:49 - 2012-11-02 12:00 - 00000000 ____D () C:\Users\ryan.wilson\AppData\Local\attcm

2014-08-11 16:49 - 2012-11-02 10:38 - 00000000 ___RD () C:\Users\ryan.wilson\Virtual Machines

2014-08-11 16:49 - 2012-11-02 10:37 - 00004762 __RSH () C:\Users\ryan.wilson\ntuser.pol

2014-08-11 16:49 - 2012-11-02 10:37 - 00000000 ____D () C:\Users\ryan.wilson

2014-08-11 15:30 - 2014-08-04 14:34 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Nepuugs

2014-08-11 15:30 - 2014-07-28 13:40 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Qoalul

2014-08-11 15:30 - 2014-07-21 12:46 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Yhgyhiz

2014-08-11 15:30 - 2014-07-15 07:33 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ifdoihol

2014-08-11 15:30 - 2014-06-29 14:09 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Kaosikvu

2014-08-11 15:30 - 2014-05-15 12:07 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Mowohya

2014-08-11 15:30 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\Performance

2014-08-11 15:28 - 2014-07-28 15:40 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ubheenat

2014-08-11 15:28 - 2014-07-22 08:47 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Sadyyvp

2014-08-11 15:28 - 2014-07-15 08:46 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Kohanu

2014-08-11 15:16 - 2014-08-11 15:16 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\Users\adminlocal\AppData\Local\Box Sync

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-11 15:16 - 2014-08-11 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-11 14:57 - 2012-10-11 01:02 - 00021024 __RSH () C:\ProgramData\ntuser.pol

2014-08-11 14:55 - 2012-10-11 01:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-11 14:49 - 2009-07-13 23:53 - 00029452 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-11 14:22 - 2014-08-04 13:18 - 00230630 _____ () C:\Users\b.atkinson\Desktop\conway corp headend 3.xlsx

2014-08-11 14:17 - 2014-08-11 14:17 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Edytybyt

2014-07-31 18:16 - 2014-08-13 11:10 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-28 13:31 - 2013-02-26 13:56 - 00000000 ____D () C:\Users\b.atkinson\AppData\Local\Microsoft Help

2014-07-28 06:44 - 2012-10-11 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 08:51 - 2014-08-13 11:10 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-25 08:04 - 2014-08-13 11:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-25 08:03 - 2014-08-13 11:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-25 07:34 - 2014-08-13 11:10 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-25 07:34 - 2014-08-13 11:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-25 07:33 - 2014-08-13 11:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-25 07:30 - 2014-08-13 11:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-25 07:21 - 2014-08-13 11:10 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-25 07:18 - 2014-08-13 11:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-25 07:17 - 2014-08-13 11:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-25 07:12 - 2014-08-13 11:10 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-25 07:10 - 2014-08-13 11:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-25 07:10 - 2014-08-13 11:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-25 07:08 - 2014-08-13 11:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-25 07:06 - 2014-08-13 11:10 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-25 06:59 - 2014-08-13 11:10 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-25 06:52 - 2014-08-13 11:10 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-25 06:43 - 2014-08-13 11:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-25 06:36 - 2014-08-13 11:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-25 06:34 - 2014-08-13 11:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-25 06:29 - 2014-08-13 11:10 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-25 06:13 - 2014-08-13 11:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-25 06:09 - 2014-08-13 11:10 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-25 06:07 - 2014-08-13 11:10 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-25 06:07 - 2014-08-13 11:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-25 06:03 - 2014-08-13 11:10 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-25 05:09 - 2014-08-13 11:10 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-25 05:05 - 2014-08-13 11:10 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-25 05:00 - 2014-08-13 11:10 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-21 12:44 - 2014-03-16 20:40 - 00231847 _____ () C:\Users\b.atkinson\Desktop\conway corp 1.xlsx

2014-07-15 21:47 - 2014-08-13 11:09 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-07-15 21:46 - 2014-08-13 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-07-15 20:47 - 2014-08-13 11:09 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-15 07:55 - 2014-07-14 20:50 - 00036352 _____ () C:\Users\b.atkinson\Documents\visa june 14.xls

 

Files to move or delete:

====================

C:\Users\b.atkinson\g2ax_customer_downloadhelper_win32_x86.exe

 

 

Some content of TEMP:

====================

C:\Users\adminlocal\AppData\Local\Temp\AcDeltree.exe

C:\Users\adminlocal\AppData\Local\Temp\AskSLib.dll

C:\Users\adminlocal\AppData\Local\Temp\ose00000.exe

C:\Users\adminlocal\AppData\Local\Temp\SageSystemVerifierSA.exe

C:\Users\b.atkinson\AppData\Local\Temp\Foxit Updater.exe

C:\Users\b.atkinson\AppData\Local\Temp\UpdateFlashPlayer_21bc1e38.exe

C:\Users\ryan.wilson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmporwznt.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-04-14 19:29

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-08-2014 02

Ran by adminlocal at 2014-08-14 13:36:42

Running from C:\Users\b.atkinson\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Trend Micro Security Agent (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}

AS: Trend Micro Security Agent Anti-spyware (Disabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 14 ActiveX (HKLM\...\{C4B95D2E-BDE6-412D-AF7B-EC43A298C55B}) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)

AT&T Communication Manager (HKLM\...\{C4C2BFEC-EA45-4097-A0F5-EFA0DEE38B2E}) (Version: 9.1.196.7 - SmartCom)

AuthenTec Fingerprint Software (Version: 8.4.4.39 - AuthenTec, Inc.) Hidden

Barracuda Message Archiver Outlook Add-In 2.1.12 (HKLM\...\{FD3AAD0F-6E97-4C5D-AA7D-0B62E913D8B0}) (Version: 2.1.12.0 - Barracuda Networks)

Bentley View XM Edition 08.09.04.51 (HKLM\...\{E8BBE015-FCFC-40C1-8CF5-D53D59F966F4}) (Version: 08.09.04051 - Bentley Systems, Incorporated.)

BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden

Box Sync (HKLM\...\{24F228C2-3505-49FC-A53F-4D39FAB3F32D}) (Version: 4.0.4758.0 - Box, Inc.)

Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{9B34CC4C-E7FF-4AC8-B771-1D09612D6430}) (Version: 15.0.8.5 - Broadcom Corporation)

Chameleon Client 2.7 Update 3 (HKLM\...\{85AEEF27-C12F-4FBE-B484-E89F4355E58B}) (Version: 2.7.158 - Construction Imaging Systems, Inc.)

Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden

Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden

Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden

Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)

Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)

Dell Client System Update (HKLM\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.3 - Dell Inc.)

Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.008 - Dell Inc.)

Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)

Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.1.000 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1211.101.114 - ALPS ELECTRIC CO., LTD.)

Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)

DellAccess (Version: 01.00.00.149 - Wave Systems Corp.) Hidden

DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)

DWG TrueView 2008 (HKLM\...\DWG TrueView 2008) (Version: 17.1.65.0 - )

DWG TrueView 2008 (Version: 17.1.65.0 - Autodesk) Hidden

EMBASSY Client Core (Version: 01.00.00.055 - Wave Systems Corp.) Hidden

Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.2.901 - Foxit Corporation)

Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden

HP Deskjet 2540 series Basic Device Software (HKLM\...\{575A25F9-3018-46F6-AB97-552B52770877}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)

Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)

Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{51A66ED3-200E-4147-8D1E-E8D30936FD26}) (Version: 1.23.605.1 - Intel Corporation)

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)

iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden

O2Micro OZ776 SCR Driver (Version: 1.1.4.213 - O2Micro) Hidden

Office Connector (Remove Only) (HKLM\...\Office Connector) (Version:  - )

PC-CCID (Version: 2.0.0 - Gemalto) Hidden

Pervasive PSQL v10 SP3 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP3 Workgroup (32-bit)) (Version: 10.30.013 - Pervasive Software)

Pervasive PSQL v10 SP3 Workgroup (32-bit) (Version: 10.30.013 - Pervasive Software) Hidden

Preboot Manager (Version: 03.02.00.119 - Wave Systems Corp.) Hidden

Private Information Manager (Version: 07.00.00.059 - Wave Systems Corp.) Hidden

QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Sage Timberline Office Accounting Client (HKLM\...\{C45CFB94-B918-4D44-98F8-F849718C7C41}) (Version: 9.8.0 - Sage)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden

SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden

ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0016 - ST Microelectronics)

Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 18.0.1267 - Trend Micro Inc.)

Trend Micro Worry-Free Business Security Agent (Version: 8.0 - Trend Micro Inc.) Hidden

Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden

Visual Basic for Applications ® Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden

Visual Basic for Applications ® Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden

Wave Infrastructure Installer (Version: 07.03.60.0020 - Wave Systems Corp) Hidden

Wave Support Software Installer (Version: 05.12.00.068 - Wave Systems Corp) Hidden

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (12/23/2011 8.4.4.25) (HKLM\...\B04E2F50E30B1E11964CD418CDF70A03C76B3051) (Version: 12/23/2011 8.4.4.25 - AuthenTec Inc.)

Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1736462797-154043553-2916750946-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\DWG TrueView 2008\DWGVIEWRficn.dll (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1736462797-154043553-2916750946-1000_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program Files\DWG TrueView 2008\DWGVIEWR.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1736462797-154043553-2916750946-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\DWG TrueView 2008\DWGVIEWR.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-74934771-1797745153-1190612905-3821_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\DWG TrueView 2008\DWGVIEWRficn.dll (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-74934771-1797745153-1190612905-3821_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program Files\DWG TrueView 2008\DWGVIEWR.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-74934771-1797745153-1190612905-3821_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\DWG TrueView 2008\DWGVIEWR.exe (Autodesk, Inc.)

 

==================== Restore Points  =========================

 

31-10-2012 15:59:03 Windows Update

12-08-2014 21:17:12 Installed Box Sync

12-08-2014 21:18:33 Installed Box Sync

14-08-2014 11:49:35 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1BC0CAA2-5FE2-4FE7-BAA9-7850D81E52C7} - \Security Center Update - 411730872 No Task File <==== ATTENTION

Task: {29917F69-1CC4-4D90-BCD5-CFE54F704DA2} - \Security Center Update - 1857792033 No Task File <==== ATTENTION

Task: {343142AF-081D-4E5E-90DF-29160CCA3311} - \Security Center Update - 3345149571 No Task File <==== ATTENTION

Task: {4AF7233A-0CDF-45B8-8B18-274D1DE81AE0} - \Security Center Update - 202701589 No Task File <==== ATTENTION

Task: {4C9E79DA-FAD3-4636-BF83-99B09E0A14F8} - System32\Tasks\hpUtility.exe_{A29BCE39-8853-4B86-A8E7-E9C5B4AAA551} => C:\Program Files\HP\HP Deskjet 2540 series\Bin\utils\hpUtility.exe [2013-08-13] (Hewlett-Packard Co.)

Task: {510878BA-E22E-4F85-9503-85E12CF614D6} - \Security Center Update - 728545702 No Task File <==== ATTENTION

Task: {589FD7F8-22A4-408A-BD3B-F09C0C26BADC} - \Security Center Update - 532944418 No Task File <==== ATTENTION

Task: {5E79AFA6-6B9D-4D1E-86AF-4F7F776E24C8} - \Security Center Update - 1370327593 No Task File <==== ATTENTION

Task: {78B2C743-5B11-4B75-AD6D-0C969474B450} - \Security Center Update - 2982894261 No Task File <==== ATTENTION

Task: {793CBAE1-38B1-4848-B3FC-55DC89FB7EA7} - \Security Center Update - 1278577450 No Task File <==== ATTENTION

Task: {7EDD05DB-B171-4E1C-AD75-712F613FAED8} - \Security Center Update - 1768730736 No Task File <==== ATTENTION

Task: {7F2BDD02-A471-4997-893C-84A5CBA1425E} - \Security Center Update - 532673617 No Task File <==== ATTENTION

Task: {C2DC3A9D-DE63-4E8A-BEDE-93E3C79ED271} - \Security Center Update - 2210079819 No Task File <==== ATTENTION

Task: {C4773432-A519-4C10-8600-C622C48E428A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-11] (Adobe Systems Incorporated)

Task: {D8298E50-FFC7-48C9-9EC6-D17765B81B95} - \Security Center Update - 3796193760 No Task File <==== ATTENTION

Task: {E72A8CE6-DD9D-4EF2-AF3E-A3BAAFFAE274} - \Security Center Update - 3277216943 No Task File <==== ATTENTION

Task: {EBA244EB-9D92-4D95-8092-54A7D9C8EF09} - \Security Center Update - 2532022997 No Task File <==== ATTENTION

Task: {F258E305-1F1B-444B-9A49-82B4270AEFCE} - \Security Center Update - 2429450365 No Task File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-01-17 10:37 - 2012-01-17 10:37 - 00179592 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe

2012-01-17 10:36 - 2012-01-17 10:36 - 00030600 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll

2011-10-08 22:56 - 2011-10-08 22:56 - 00003072 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

2011-11-07 06:24 - 2011-11-07 06:24 - 00084992 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll

2011-08-31 13:55 - 2011-08-31 13:55 - 00499712 _____ () C:\Program Files\Trend Micro\Security Agent\sqlite3.dll

2011-08-22 15:28 - 2011-08-22 15:28 - 00015688 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe

2011-08-22 15:28 - 2011-08-22 15:28 - 00075592 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.Core.dll

2011-08-22 15:27 - 2011-08-22 15:27 - 00069960 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.dll

2011-08-22 15:27 - 2011-08-22 15:27 - 00021832 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginManager.dll

2011-08-22 15:27 - 2011-08-22 15:27 - 00015688 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.Service.dll

2011-08-22 15:27 - 2011-08-22 15:27 - 00011080 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.ClientShared.dll

2011-08-22 15:28 - 2011-08-22 15:28 - 00015176 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Client.ServerCallbackService.dll

2011-08-22 15:27 - 2011-08-22 15:27 - 00014152 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProducts.dll

2011-08-22 15:27 - 2011-08-22 15:27 - 00015688 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.Shared.ManagedProductPluginWrapper.dll

2012-10-11 01:10 - 2012-05-30 13:55 - 00059904 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-10-11 01:07 - 2012-02-21 05:39 - 01198872 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-10-11 02:32 - 2012-03-26 22:33 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

2011-08-18 12:12 - 2011-08-18 12:12 - 00061504 _____ () C:\Program Files\Timberline Office\Shared\w3isr101.dll

2011-08-22 15:28 - 2011-08-22 15:28 - 00038216 _____ () C:\Program Files\Sage\SIM\Client\SimNotify.exe

2011-08-22 15:28 - 2011-08-22 15:28 - 00033608 _____ () C:\Program Files\Sage\SIM\Client\Sage.Sim.DesktopNotification.ClientLibrary.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00210568 _____ () C:\Program Files\AT&T\AT&T Communication Manager\attcm_AppStart.exe

2011-08-04 12:15 - 2011-08-04 12:15 - 00061888 _____ () C:\Program Files\AT&T\AT&T Communication Manager\DriveDetector.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00608704 _____ () C:\Program Files\AT&T\AT&T Communication Manager\Toolkit.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00147904 _____ () C:\Program Files\AT&T\AT&T Communication Manager\pcre3.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00861120 _____ () C:\Program Files\AT&T\AT&T Communication Manager\UIToolkit.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00393664 _____ () C:\Program Files\AT&T\AT&T Communication Manager\WebClient.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00096704 _____ () C:\Program Files\AT&T\AT&T Communication Manager\ComCore.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00049600 _____ () C:\Program Files\AT&T\AT&T Communication Manager\Preferences.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00247744 _____ () C:\Program Files\AT&T\AT&T Communication Manager\DB.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00132032 _____ () C:\Program Files\AT&T\AT&T Communication Manager\Discovery.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00368576 _____ () C:\Program Files\AT&T\AT&T Communication Manager\Device.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00016896 _____ () C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\ContextSwitcher.plugin

2011-08-04 12:15 - 2011-08-04 12:15 - 00033280 _____ () C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryGeneric.plugin

2011-08-04 12:15 - 2011-08-04 12:15 - 00099776 _____ () C:\Program Files\AT&T\AT&T Communication Manager\System.dll

2011-08-04 12:15 - 2011-08-04 12:15 - 00028160 _____ () C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryMobileBroadband.plugin

2011-08-04 12:15 - 2011-08-04 12:15 - 00018944 _____ () C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryNdis.plugin

2011-08-04 12:15 - 2011-08-04 12:15 - 00029696 _____ () C:\Program Files\AT&T\AT&T Communication Manager\ressources\plugins\DiscoveryVPorts.plugin

2014-08-14 08:04 - 2014-08-14 08:04 - 00285184 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_hashlib.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00098816 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32api.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00110080 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\pywintypes27.dll

2014-08-14 08:04 - 2014-08-14 08:04 - 00364544 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\pythoncom27.dll

2014-08-14 08:04 - 2014-08-14 08:04 - 00074240 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_ctypes.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00686592 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\unicodedata.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00040960 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_socket.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00721920 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_ssl.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00003584 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\clr.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00025600 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32cred.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00029184 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\Crypto.Cipher._AES.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00007168 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\Crypto.Util.strxor.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00009728 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\Crypto.Random.OSRNG.winrandom.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00010240 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\Crypto.Util._counter.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00009728 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\select.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00024576 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\ujson.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00320512 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32com.shell.shell.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00018432 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32event.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00108544 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32security.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00041984 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_sqlite3.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00337920 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\sqlite3.dll

2014-08-14 08:04 - 2014-08-14 08:04 - 00035328 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_psutil_mswindows.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00119808 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32file.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00035840 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32process.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00070656 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_elementtree.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00103424 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\pyexpat.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00023552 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_multiprocessing.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00042496 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32service.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00016384 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\_yappi.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00017920 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32clipboard.pyd

2014-08-14 08:04 - 2014-08-14 08:04 - 00167936 _____ () C:\Users\B3E4E~1.ATK\AppData\Local\Temp\_MEI23962\win32gui.pyd

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/14/2014 07:20:23 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/14/2014 06:44:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/13/2014 11:13:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: xcefsekg.exe, version: 0.0.0.0, time stamp: 0x53e7c86f

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c

Exception code: 0xc0000005

Fault offset: 0x000533b1

Faulting process id: 0x1e60

Faulting application start time: 0xxcefsekg.exe0

Faulting application path: xcefsekg.exe1

Faulting module path: xcefsekg.exe2

Report Id: xcefsekg.exe3

 

Error: (08/13/2014 10:34:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: uovcaewh.exe, version: 0.0.0.0, time stamp: 0x53e7c86f

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c

Exception code: 0xc0000005

Fault offset: 0x000533b1

Faulting process id: 0x18c0

Faulting application start time: 0xuovcaewh.exe0

Faulting application path: uovcaewh.exe1

Faulting module path: uovcaewh.exe2

Report Id: uovcaewh.exe3

 

Error: (08/12/2014 04:11:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 03:12:46 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 02:14:30 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 01:58:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 07:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/11/2014 05:15:42 PM) (Source: MsiInstaller) (EventID: 11309) (User: NT AUTHORITY)

Description: Product: Apple Application Support -- Error 1309. Error reading from file: \\kstore\software\_Autodeploy\itunes\iTunesSetup\AppleApplicationSupport.msi.  System error 64.  Verify that the file exists and that you can access it.

 

 

System errors:

=============

Error: (08/14/2014 01:19:06 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/14/2014 00:53:58 PM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain KECI due to the following: 

%%1311

 

This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.

 

 

 

ADDITIONAL INFO

 

If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.

 

Error: (08/14/2014 00:42:06 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/14/2014 00:40:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

Error: (08/14/2014 11:18:21 AM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/14/2014 09:57:07 AM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/14/2014 08:05:54 AM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/14/2014 08:03:50 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: KECI)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (08/14/2014 07:22:27 AM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/14/2014 07:21:32 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

 

 

Microsoft Office Sessions:

=========================

Error: (08/14/2014 07:20:23 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/14/2014 06:44:52 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/13/2014 11:13:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: xcefsekg.exe0.0.0.053e7c86fntdll.dll6.1.7601.18247521ea91cc0000005000533b11e6001cfb7761ed523f9C:\Users\b.atkinson\AppData\Local\xcefsekg.exeC:\Windows\SYSTEM32\ntdll.dll5d5f0ed3-2369-11e4-8270-d4bed96f30ca

 

Error: (08/13/2014 10:34:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: uovcaewh.exe0.0.0.053e7c86fntdll.dll6.1.7601.18247521ea91cc0000005000533b118c001cfb770b6e9604aC:\Users\b.atkinson\AppData\Local\uovcaewh.exeC:\Windows\SYSTEM32\ntdll.dllf5d4e38f-2363-11e4-8270-d4bed96f30ca

 

Error: (08/12/2014 04:11:35 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 03:12:46 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 02:14:30 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 01:58:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/12/2014 07:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/11/2014 05:15:42 PM) (Source: MsiInstaller) (EventID: 11309) (User: NT AUTHORITY)

Description: Product: Apple Application Support -- Error 1309. Error reading from file: \\kstore\software\_Autodeploy\itunes\iTunesSetup\AppleApplicationSupport.msi.  System error 64.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-3210M CPU @ 2.50GHz

Percentage of memory in use: 66%

Total physical RAM: 3492.61 MB

Available physical RAM: 1158.94 MB

Total Pagefile: 6983.52 MB

Available Pagefile: 4255.74 MB

Total Virtual: 2047.88 MB

Available Virtual: 1918.38 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:297.32 GB) (Free:256.16 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: E7148D90)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=297 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).

    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
Link to post
Share on other sites

I can paste it just fine from a separate machine:

 

ComboFix 14-08-14.02 - adminlocal 08/14/2014  16:03:09.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3493.2039 [GMT -5:00]
Running from: c:\users\b.atkinson\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\b.atkinson\AppData\Local\dwekqhuo.exe
c:\users\b.atkinson\AppData\Local\fddkevfe.exe
c:\users\b.atkinson\AppData\Local\ojwbppfw.exe
c:\users\b.atkinson\AppData\Local\xatbgodk.exe
c:\users\b.atkinson\g2ax_customer_downloadhelper_win32_x86.exe
c:\windows\system32\drivers\npf.sys
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-14 to 2014-08-14  )))))))))))))))))))))))))))))))
.
.
2014-08-14 18:33 . 2014-08-14 18:38 -------- d-----w- C:\FRST
2014-08-14 14:23 . 2014-08-14 18:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Ahopxoeg
2014-08-14 13:49 . 2014-08-14 13:49 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Wyowakf
2014-08-14 13:12 . 2014-08-14 18:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Bafyift
2014-08-14 11:56 . 2014-08-14 18:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Liarhu
2014-08-14 11:55 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 11:55 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 11:55 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 11:55 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 16:09 . 2014-07-16 02:47 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-13 16:09 . 2014-07-16 01:47 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-13 16:09 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 16:09 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-13 16:09 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 16:09 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-13 16:09 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-13 16:09 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 16:09 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-12 21:18 . 2014-08-12 21:18 -------- d-----w- c:\program files\Box
2014-08-12 20:30 . 2014-08-14 14:44 181272 ----a-w- c:\windows\RegBootClean.exe
2014-08-12 20:22 . 2014-08-14 20:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-08-12 18:14 . 2014-08-14 18:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Digiuxi
2014-08-12 17:40 . 2014-08-14 18:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Zidyudib
2014-08-12 16:20 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7CECE1C-4CF1-4968-8A46-95904F6DED2A}\mpengine.dll
2014-08-12 16:15 . 2014-08-12 16:15 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Ydurhyz
2014-08-12 14:18 . 2014-08-12 14:18 -------- d-----w- c:\users\b.atkinson\AppData\Local\HP
2014-08-12 14:16 . 2013-08-13 17:45 596000 ------w- c:\windows\system32\HPDiscoPMC211.dll
2014-08-12 14:15 . 2014-08-12 14:15 -------- d-----w- c:\programdata\HP
2014-08-12 14:15 . 2014-08-12 14:15 -------- d-----w- c:\program files\HP
2014-08-12 14:14 . 2014-08-12 14:14 -------- d-----w- c:\users\ryan.wilson\AppData\Local\HP
2014-08-12 12:35 . 2014-08-12 12:35 -------- d-----w- C:\found.000
2014-08-11 22:13 . 2014-08-11 22:13 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-11 21:49 . 2014-08-11 21:49 -------- d-sh--w- c:\users\ryan.wilson\AppData\Local\EmieUserList
2014-08-11 21:49 . 2014-08-11 21:49 -------- d-sh--w- c:\users\ryan.wilson\AppData\Local\EmieSiteList
2014-08-11 21:49 . 2014-08-11 21:49 -------- d-----w- c:\users\ryan.wilson\AppData\Roaming\Box Sync
2014-08-11 21:49 . 2014-08-11 21:49 -------- d-----w- c:\users\ryan.wilson\AppData\Roaming\Box Desktop
2014-08-11 20:46 . 2010-09-30 21:01 203600 ----a-w- c:\windows\TmNSCIns.dll
2014-08-11 20:46 . 2006-11-02 04:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-08-11 20:16 . 2014-08-12 20:22 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-11 20:16 . 2014-08-11 20:16 -------- d-----w- c:\users\adminlocal\AppData\Local\Box Sync
2014-08-11 20:16 . 2014-08-12 20:20 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-11 20:16 . 2014-08-11 20:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-11 20:16 . 2014-08-11 20:16 -------- d-----w- c:\programdata\Malwarebytes
2014-08-11 20:16 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-11 20:16 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-11 20:16 . 2014-08-11 20:16 -------- d-----w- c:\users\adminlocal\AppData\Local\Programs
2014-08-11 20:10 . 2014-08-14 18:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Wiosgux
2014-08-11 19:17 . 2014-08-11 19:17 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Edytybyt
2014-08-04 19:34 . 2014-08-11 20:30 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Nepuugs
2014-07-31 13:09 . 2014-08-11 20:30 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Dygyen
2014-07-28 20:40 . 2014-08-11 20:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Ubheenat
2014-07-28 18:40 . 2014-08-11 20:30 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Qoalul
2014-07-22 13:47 . 2014-08-11 20:28 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Sadyyvp
2014-07-21 17:46 . 2014-08-11 20:30 -------- d-----w- c:\users\b.atkinson\AppData\Roaming\Yhgyhiz
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-11 22:14 . 2012-11-02 15:43 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-11 22:14 . 2012-11-02 15:43 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 01:51 . 2014-07-14 15:47 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-06 09:44 . 2014-07-14 15:47 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-14 15:47 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-14 15:47 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-14 15:47 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-14 15:47 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-14 15:47 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-14 15:47 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-14 15:47 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-14 15:47 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-14 15:47 338944 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{b973655f-b823-3729-abea-e88cb316ddd4}"
[HKEY_CLASSES_ROOT\CLSID\{b973655f-b823-3729-abea-e88cb316ddd4}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{a316141f-fa66-334c-8d40-a8f4e6d21080}"
[HKEY_CLASSES_ROOT\CLSID\{a316141f-fa66-334c-8d40-a8f4e6d21080}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{a74ad9e8-37eb-31db-9026-8eda10d85860}"
[HKEY_CLASSES_ROOT\CLSID\{a74ad9e8-37eb-31db-9026-8eda10d85860}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{c3de22fc-b307-320f-ba41-27d95101bbf3}"
[HKEY_CLASSES_ROOT\CLSID\{c3de22fc-b307-320f-ba41-27d95101bbf3}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 15:38 121208 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 15:38 121208 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-01-25 509816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-02-13 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 187672]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-01-18 6802432]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 6306712]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 323952]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-28 133400]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SimNotify.exe"="c:\program files\Sage\SIM\Client\SimNotify.exe" [2011-08-22 38216]
"attcm_AppStart.exe"="c:\program files\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2011-08-04 210568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-04-14 12289520]
.
c:\users\ryan.wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\b.atkinson\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-31 32179440]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\users\adminlocal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\users\b.atkinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 2540 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN45A3F0TR0604;CONNECTION=USB;MONITOR=1; [2009-7-13 44544]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe -SRDE [2012-10-31 92854]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-24 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-74934771-1797745153-1190612905-3821\Scripts\Logon\0\0]
"Script"=\\keci.com\SysVol\keci.com\scripts\custom\logon\netdrives.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-74934771-1797745153-1190612905-5289\Scripts\Logon\0\0]
"Script"=\\keci.com\SysVol\keci.com\scripts\custom\logon\netdrives.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
R1 guhynkaz;guhynkaz;c:\windows\system32\drivers\guhynkaz.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe [2014-04-14 27672]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-01-04 62440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 13592]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 17904]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2012-02-02 1787720]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2011-12-01 131072]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 1568664]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-01-17 179592]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 458464]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2011-05-20 238960]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-09-10 147360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 280576]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 348440]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 792856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [2011-11-14 64872]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys [2011-11-04 59888]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - tmactmon
*Deregistered* - tmcomm
*Deregistered* - tmevtmgr
*Deregistered* - TmFilter
*Deregistered* - VSApiNt
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 22:14]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
DPF: {00134F72-5284-44F7-95A8-52A619F70752} - hxxps://keciscr1:4343/officescan/console/ClientInstall/WinNTChk.cab?ver=18,0,0,1315
DPF: {8157E81A-275D-4BE8-A7A9-E36E62DF9C68} - hxxps://keciscr1:4343/SMB/console/html/root/AtxEnc.cab?ver=18,0,0,1315
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://kecifs4:4343/SMB/console/html/root/AtxEnc.cab?ver=17,0,0,2360
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-74934771-1797745153-1190612905-3821\Software\÷@*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\wvauth.DLL
.
Completion time: 2014-08-14  16:08:31
ComboFix-quarantined-files.txt  2014-08-14 21:08
.
Pre-Run: 275,380,682,752 bytes free
Post-Run: 277,169,205,248 bytes free
.
- - End Of File - - D414804EAF24BDE228281F5AD24A39DD
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

Hi,

good job! ;)

 

Step 1

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

 

 

Step 2

 

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Zifomyxuibe] => "C:\Users\b.atkinson\AppData\Roaming\Iwqefaaz\atyfa.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Zogeloysxaagw] => "C:\Users\b.atkinson\AppData\Roaming\Ruvozusi\asarmir.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Ucepi] => "C:\Users\b.atkinson\AppData\Roaming\Bayvikci\ekozwy.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Ypfyygacpueqyk] => "C:\Users\b.atkinson\AppData\Roaming\Wuemeqe\yfgazu.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [ufqvtvht] => "C:\Users\b.atkinson\AppData\Local\scdvvoug.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Zytuhoda] => C:\Users\b.atkinson\AppData\Roaming\Digiuxi\emcee.exeHKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [sepieiqf] => "C:\Users\b.atkinson\AppData\Local\xatbgodk.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [acfumhai] => "C:\Users\b.atkinson\AppData\Local\fddkevfe.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Ryzyzeuwmyyzsod] => C:\Users\b.atkinson\AppData\Roaming\Liarhu\suohyge.exeHKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Puqaumosohgeoca] => C:\Users\b.atkinson\AppData\Roaming\Bafyift\kimya.exeHKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [lkreegxx] => "C:\Users\b.atkinson\AppData\Local\dwekqhuo.exe"HKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Vaalhoapy] => C:\Users\b.atkinson\AppData\Roaming\Edytybyt\igoqizg.exeHKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Rivao] => C:\Users\b.atkinson\AppData\Roaming\Ydurhyz\abgocas.exeHKU\S-1-5-21-74934771-1797745153-1190612905-3821\...\Run: [Etafymreuqil] => C:\Users\b.atkinson\AppData\Roaming\Wyowakf\ifzaebz.exeC:\Users\b.atkinson\AppData\Roaming\IwqefaazC:\Users\b.atkinson\AppData\Roaming\RuvozusiC:\Users\b.atkinson\AppData\Roaming\BayvikciC:\Users\b.atkinson\AppData\Roaming\WuemeqeC:\Users\b.atkinson\AppData\Local\scdvvoug.exeC:\Users\b.atkinson\AppData\Roaming\DigiuxiC:\Users\b.atkinson\AppData\Local\xatbgodk.exeC:\Users\b.atkinson\AppData\Local\fddkevfe.exeC:\Users\b.atkinson\AppData\Roaming\LiarhuC:\Users\b.atkinson\AppData\Roaming\BafyiftC:\Users\b.atkinson\AppData\Local\dwekqhuo.exeC:\Users\b.atkinson\AppData\Roaming\EdytybytC:\Users\b.atkinson\AppData\Roaming\Ydurhyz\C:\Users\b.atkinson\AppData\Roaming\Wyowakf2014-08-14 13:28 - 2014-08-14 09:23 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ahopxoeg2014-08-14 13:28 - 2014-08-12 12:40 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Zidyudib2014-08-14 13:28 - 2014-08-11 15:10 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Wiosgux2014-08-11 15:30 - 2014-08-04 14:34 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Nepuugs2014-08-11 15:30 - 2014-07-28 13:40 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Qoalul2014-08-11 15:30 - 2014-07-21 12:46 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Yhgyhiz2014-08-11 15:30 - 2014-07-15 07:33 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ifdoihol2014-08-11 15:30 - 2014-06-29 14:09 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Kaosikvu2014-08-11 15:30 - 2014-05-15 12:07 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Mowohya2014-08-11 15:28 - 2014-07-28 15:40 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Ubheenat2014-08-11 15:28 - 2014-07-22 08:47 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\Sadyyvp2014-08-11 15:28 - 2014-07-15 08:46 - 00000000 ____D () C:\Users\b.atkinson\AppData\Roaming\KohanuEmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

After the reboot:

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

Link to post
Share on other sites

Hi, good job! :)

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Link to post
Share on other sites

OK!

Let's do a final check up:

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

No problem! :)

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.