Jump to content

Recommended Posts

Kevin has been awesome enough to debug me twice already this year, and I think I need him or someone like him again.

Computer is running very slow.

Here's my FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 01
Ran by Mlaukha (administrator) on CDG07001538 on 15-10-2014 14:21:32
Running from C:\Users\mlaukha\Desktop
Loaded Profile: Mlaukha (Available profiles: a010534 & a003765 & Mlaukha & bradmin)
Platform: Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Specops Software) C:\Windows\System32\SppClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sysinternals) C:\Windows\Scripts\BGinfo\Bginfo.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprostat.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bGInfo] => C:\Windows\Scripts\BGINFO.bat [97 2011-03-08] ()
HKLM\...\Run: [specops Password Client] => C:\Windows\system32\SppClient.exe [858328 2010-11-23] (Specops Software)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-150485414-301174314-2440751699-8203\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-03-07] (SUPERAntiSpyware.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyPro Status.lnk
ShortcutTarget: MozyPro Status.lnk -> C:\Program Files\MozyPro\mozyprostat.exe (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozypro] -> {71B8CED8-5D67-4f57-89B1-F64CE6302A1E} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozypro2] -> {CBAFE103-79DA-46ca-BD9A-63CBF6282882} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozypro3] -> {8B99EA55-1AFF-4539-80A0-A71C6011CD84} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Updater For Verizon Toolbar -> {96673559-e653-4cdc-8923-f89347a952c0} -> C:\Program Files\verizontb\auxi\verizonAu.dll (Visicom Media)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://usherwip12:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://usherwip12:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://usherwip12:4343/officescan/console/html/root/AtxEnc.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {9B815712-2EF0-4F81-8505-72EDC73B5626} https://na19.salesforce.com/dwnld/offline2/offline2.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bio-rad.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bio-rad.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8A2314A-16E1-48CB-8EE7-A221207CBEEE} http://usherisx01.global.bio-rad.com/ucontent/8acc281bae9f42d187f9ee729af1a677_en-US/gh/html//assets/cab/rwdsot.CAB
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\mlaukha\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension [2013-05-22]

Chrome:
=======
CHR Profile: C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01]
CHR Extension: (Google Search) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-01]
CHR Extension: (Gmail) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)
S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149416 2011-01-12] (Dell Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
R2 Lotus Notes Diagnostics; C:\Program Files\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 mozyprobackup; C:\Program Files\MozyPro\mozyprobackup.exe [54600 2013-12-11] (Mozy, Inc.)
S3 MSSQL$NR2007; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Multi-user Cleanup Service; C:\Program Files\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2320640 2013-11-16] (Trend Micro Inc.)
R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72296 2011-07-08] (O2Micro International)
S3 PSEXESVC; C:\WINDOWS\PSEXESVC.EXE [181064 2014-02-20] (Sysinternals)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [497272 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)
S2 Winmgmt; C:\WINDOWS\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [43888 2011-07-08] (ST Microelectronics)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-15] (Malwarebytes Corporation)
S3 MEI; C:\WINDOWS\system32\drivers\HECI.sys [41088 2011-07-08] (Intel Corporation)
R1 mozyproFilter; C:\WINDOWS\System32\DRIVERS\mozypro.sys [55520 2013-12-11] (Mozy, Inc.)
R3 NETwNs32; C:\WINDOWS\System32\DRIVERS\NETwNs32.sys [7434240 2011-07-08] (Intel Corporation)
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [62208 2011-07-08] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [141568 2011-07-08] (Renesas Electronics Corporation)
S3 O2MDFRDR; C:\WINDOWS\system32\drivers\O2MDFw7.sys [60904 2011-07-08] (O2Micro )
S3 O2MDRRDR; C:\WINDOWS\system32\drivers\O2MDRw7.sys [62440 2011-07-08] (O2Micro )
R3 O2SDJRDR; C:\WINDOWS\System32\DRIVERS\o2sdjw7.sys [63976 2011-07-08] (O2Micro )
S3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)
R2 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [146232 2012-06-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [282936 2012-06-21] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 14:21 - 2014-10-15 14:21 - 00018047 _____ () C:\Users\mlaukha\Desktop\FRST.txt
2014-10-15 14:21 - 2014-10-15 14:21 - 00000000 ____D () C:\FRST
2014-10-15 14:20 - 2014-10-15 14:21 - 01102336 _____ (Farbar) C:\Users\mlaukha\Desktop\FRST.exe
2014-10-12 20:53 - 2014-10-12 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Specops Software
2014-10-10 22:08 - 2014-10-10 22:08 - 12005946 _____ () C:\Users\mlaukha\Downloads\mymarie.mp4
2014-09-30 19:20 - 2014-10-15 14:16 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-09-23 16:54 - 2014-09-23 16:54 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-23 16:52 - 2014-09-23 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 15:41 - 2014-09-23 15:53 - 00109662 _____ () C:\Users\mlaukha\Desktop\2014 Forecast MA Region Update Oct 2014.xlsx
2014-09-22 21:52 - 2014-09-22 21:57 - 00000000 ____D () C:\Users\mlaukha\Doctor Web
2014-09-22 09:16 - 2014-09-22 09:22 - 30856384 _____ (Microsoft Corporation) C:\Users\mlaukha\Downloads\Windows-KB890830-V5.16.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 12363264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 09739776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 03695416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dat
2014-09-18 06:21 - 2014-09-18 06:21 - 02382848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-18 06:21 - 2014-09-18 06:21 - 01810432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 01427968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-18 06:21 - 2014-09-18 06:21 - 01137664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 01129472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-09-18 06:21 - 2014-09-18 06:21 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00353584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieaksie.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieakui.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msls31.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieakeng.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\admparse.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetIEInstalledDate.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RegisterIEPKEYs.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\icardie.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-09-18 06:21 - 2014-09-18 06:21 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmler.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-09-18 06:21 - 2014-09-18 06:21 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-09-18 06:21 - 2014-09-18 06:21 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-09-18 06:20 - 2014-09-18 06:22 - 00003629 _____ () C:\WINDOWS\IE9_main.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 14:19 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 14:19 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 14:15 - 2012-04-24 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-15 14:01 - 2014-04-11 15:32 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 13:32 - 2011-02-08 14:21 - 00005800 _____ () C:\WINDOWS\mozypro.blk
2014-10-15 13:32 - 2011-02-08 14:21 - 00001254 _____ () C:\WINDOWS\mozypro.flt
2014-10-15 13:12 - 2011-09-29 15:20 - 01258963 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-14 21:07 - 2011-09-29 15:46 - 00001032 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-10-13 15:12 - 2014-04-11 15:31 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 15:12 - 2014-04-11 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 15:12 - 2014-04-11 15:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-13 14:33 - 2011-09-29 15:47 - 00029310 __RSH () C:\ProgramData\ntuser.pol
2014-10-12 21:20 - 2011-12-09 10:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-12 21:16 - 2011-05-09 14:46 - 00036438 _____ () C:\WINDOWS\setupact.log
2014-10-12 21:16 - 2009-07-14 00:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-12 21:15 - 2011-11-24 18:59 - 00001897 _____ () C:\WINDOWS\TMFilter.log
2014-10-03 14:04 - 2011-10-05 16:56 - 01969256 _____ () C:\WINDOWS\PFRO.log
2014-10-01 11:11 - 2014-04-11 15:31 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-04-11 15:31 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-11 15:31 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-24 13:20 - 2009-07-13 22:37 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-23 23:15 - 2012-04-24 16:02 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-23 23:15 - 2011-11-07 14:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-23 16:58 - 2014-04-11 18:32 - 00000740 _____ () C:\DelFix.txt
2014-09-23 16:53 - 2014-08-14 09:01 - 00000000 ____D () C:\Users\mlaukha\AppData\Local\Adobe
2014-09-23 16:52 - 2011-09-29 15:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-23 16:52 - 2011-03-10 00:22 - 00000000 ____D () C:\Program Files\Adobe
2014-09-23 16:52 - 2011-03-10 00:21 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 23:12 - 2011-10-05 12:53 - 00000000 ____D () C:\Users\mlaukha
2014-09-18 18:52 - 2009-07-13 22:37 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-18 06:47 - 2013-11-22 12:29 - 00001413 _____ () C:\Users\mlaukha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-15 09:06 - 2011-03-10 00:11 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-06 00:49

==================== End Of Log ============================

 

And the addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014 01
Ran by Mlaukha at 2014-10-15 14:22:05
Running from C:\Users\mlaukha\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Dell OpenManage Inventory Agent (for Dell Business Client Systems) (HKLM\...\{0804D011-EFDC-4d47-81A5-390092FA38BD}) (Version: 1.4.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
IHA_MessageCenter (HKLM\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2901 - Bandoo Media Inc) <==== ATTENTION
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14951 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.1.2.5973 - Juniper Networks)
Livelink Office Editor 3.2.3 (HKLM\...\{909D1BEB-08B6-4AE6-A848-95F95CEFA15F}) (Version: 3.2.3.368 - Open Text Corporation)
Lotus Notes 8.5.2 (HKLM\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (NR2007) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MozyPro (HKLM\...\{F7CED389-F093-D2B8-8495-7DDA8FF0D356}) (Version: 2.24.2.360 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Neat ADF Scanner 2008 Driver (HKLM\...\{A4A42670-82B9-4A58-8955-20271DBBF29F}) (Version: 2.0.0.61 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{58155B30-6BE9-4268-A059-149629149C63}) (Version: 2.0.0.56 - The Neat Company)
Neat Mobile Scanner (Silver) Driver (HKLM\...\{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{57F5920A-9897-4830-BD4A-BE85DA9734FF}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}) (Version: 2.0.0.122 - The Neat Company)
NeatWorks (HKLM\...\NeatWorks) (Version: 4.9.1.8 - The Neat Company)
NeatWorks Core Files (Version: 4.9.1.8 - The Neat Company) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
salesforce.com Offline Edition 2.0 (HKLM\...\{8F8E3F13-79E2-4045-8522-0CAE2FDDDFBC}) (Version: 1.235.228 - salesforce.com)
SAP BusinessObjects Analysis, edition for Microsoft Office (HKLM\...\SBOPAdvancedAnalysis) (Version: 1.3 - SAP AG)
SAP GUI for Windows 7.20 (HKLM\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Simple Adblock (HKLM\...\{B4920103-09F6-4AD2-B150-CFC4474D2DDC}) (Version: 1.1.5 - Simple Adblock)
Specops Password Client (x86) (HKLM\...\{933A3C30-6302-44D2-8FA5-918D22A8FD46}) (Version: 4.1.1122.1 - Specops Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: 10.6.5162 - Trend Micro)
True Burner 1.1 (HKLM\...\True Burner_is1) (Version:  - Glorylogic)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Verizon Toolbar (HKLM\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-150485414-301174314-2440751699-8203_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-150485414-301174314-2440751699-8203_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-10-14 21:59 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
                          

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BF7407-F2D9-4BFA-BF3E-CBB8BFD3D606} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {23C9DC85-46AD-4D58-8CB1-5864CA5FBF7E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {60138A5B-A88E-4182-89D6-DB0ED86D2074} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {739DD3B2-469D-4274-8CEE-B51752924289} - System32\Tasks\{DA2EB3F7-F17D-88FA-9A29-3BD9AFF5AA9F} => C:\WINDOWS\system32\ctwvddy.dll/s "C:\WINDOWS\system32\ctwvddy.dll"
Task: {E628823A-29C8-40F8-9499-F04EC491D8CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F64152CF-3C6E-4A64-BED5-A14CFCD4D83C} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-03-11 15:59 - 2001-10-28 20:42 - 00116224 _____ () C:\WINDOWS\System32\pdfcmnnt.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-22 17:45 - 2011-04-01 13:53 - 00499712 _____ () C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
2011-09-22 15:26 - 2011-07-08 08:37 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^mlaukha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^9bjqlj6.lnk => C:\WINDOWS\pss\9bjqlj6.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1817078517-3534338127-3063044471-500 - Administrator - Enabled)
bradmin (S-1-5-21-1817078517-3534338127-3063044471-1000 - Administrator - Enabled) => C:\Users\bradmin
brguest (S-1-5-21-1817078517-3534338127-3063044471-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2014 02:16:20 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/15/2014 01:28:00 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/15/2014 07:33:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042

Error: (10/15/2014 07:33:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042

Error: (10/15/2014 07:33:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7660

Error: (10/14/2014 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7660

Error: (10/14/2014 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 09:59:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039

Error: (10/14/2014 09:59:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039

System errors:
=============
Error: (10/15/2014 02:28:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:27:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:27:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:26:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:26:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:25:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:25:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:24:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:24:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/15/2014 02:23:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (10/15/2014 02:16:20 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/15/2014 01:28:00 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/15/2014 07:33:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042

Error: (10/15/2014 07:33:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042

Error: (10/15/2014 07:33:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7660

Error: (10/14/2014 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7660

Error: (10/14/2014 09:59:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/14/2014 09:59:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5039

Error: (10/14/2014 09:59:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5039

CodeIntegrity Errors:
===================================
  Date: 2014-02-20 16:52:09.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-20 16:30:44.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-20 16:17:27.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:52:28.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:44:28.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:27:52.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:15:33.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:02:12.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 13:51:09.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 18:24:22.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 56%
Total physical RAM: 3240.9 MB
Available physical RAM: 1400.39 MB
Total Pagefile: 6480.09 MB
Available Pagefile: 4116.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:161.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DBCEB924)
Partition 1: (Not Active) - (Size=100 MB) - (Type=12)
Partition 2: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Link to post
Share on other sites

Hello MCL, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
STEP 1
xGfiJrQ9.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • TDSSKiller log (attached)
Link to post
Share on other sites

Hi Adam,

I'm Mike and thanks a bunch for helping me.

Here is the MBAM log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/19/2014
Scan Time: 12:27:01 PM
Logfile: MBAM 10-19-14.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.19.07
Rootkit Database: v2014.10.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Mlaukha

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447774
Time Elapsed: 39 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

And I've attached the TDSS Killer log

 

TDSSKiller.3.0.0.40_19.10.2014_13.31.15_log.txt

Link to post
Share on other sites

Nice to meet you, Mike. 

Please work your way through the following.

 

STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.

 

STEP 3
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

 

======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[s0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Hi Adam,

Sorry for the delay. The JRT scan takes a long time.

 

First the AdWCleaner log:

# AdwCleaner v4.000 - Report created 20/10/2014 at 06:23:10
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Mlaukha - CDG07001538
# Running from : C:\Users\mlaukha\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\iLivid
Folder Deleted : C:\Program Files\verizontb
Folder Deleted : C:\ProgramData\WeCareReminder

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_true-burner[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_true-burner[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B90F32AD-859E-4EDD-BFAE-C9216849520C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C08AB035-3820-4FA7-9420-B0259A4DA2B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAADF07B-7D06-4AF4-B3CA-6144830077EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Surf Canyon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16575

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [6655 octets] - [20/10/2014 06:17:22]
AdwCleaner[R1].txt - [6715 octets] - [20/10/2014 06:21:56]
AdwCleaner[s0].txt - [6605 octets] - [20/10/2014 06:23:10]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6665 octets] ##########

 

Now the JRT:
 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Enterprise x86
Ran by Mlaukha on Mon 10/20/2014 at 21:58:26.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update wiseenhance
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util wiseenhance
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ntaskldr_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ntaskldr_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r367-n-bi[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r367-n-bi[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r394-n-bi[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r394-n-bi[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setup_wiseenhance_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setup_wiseenhance_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWiseEnhance_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateWiseEnhance_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWiseEnhance_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWiseEnhance_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WiseEnhance_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WiseEnhance_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WiseEnhance_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\WiseEnhance_Setup_RASMANCS

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\mlaukha\appdata\locallow\verizontb"
Successfully deleted: [Folder] "C:\Users\mlaukha\Local Settings\Application Data\ilivid"
Successfully deleted: [Folder] "C:\Users\mlaukha\documents\optimizer pro"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/21/2014 at  1:20:19.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 01
Ran by Mlaukha (administrator) on CDG07001538 on 21-10-2014 06:08:23
Running from C:\Users\mlaukha\Desktop
Loaded Profile: Mlaukha (Available profiles: a010534 & a003765 & Mlaukha & bradmin)
Platform: Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\nsd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Specops Software) C:\Windows\System32\SppClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sysinternals) C:\Windows\Scripts\BGinfo\Bginfo.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprostat.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\nlnotes.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20110310-0045\win32\x86\notes2.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntaskldr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Juniper Networks) C:\Users\mlaukha\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bGInfo] => C:\Windows\Scripts\BGINFO.bat [97 2011-03-08] ()
HKLM\...\Run: [specops Password Client] => C:\Windows\system32\SppClient.exe [858328 2010-11-23] (Specops Software)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-150485414-301174314-2440751699-8203\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-03-07] (SUPERAntiSpyware.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyPro Status.lnk
ShortcutTarget: MozyPro Status.lnk -> C:\Program Files\MozyPro\mozyprostat.exe (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozypro] -> {71B8CED8-5D67-4f57-89B1-F64CE6302A1E} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozypro2] -> {CBAFE103-79DA-46ca-BD9A-63CBF6282882} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozypro3] -> {8B99EA55-1AFF-4539-80A0-A71C6011CD84} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://usherwip12:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://usherwip12:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://usherwip12:4343/officescan/console/html/root/AtxEnc.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {9B815712-2EF0-4F81-8505-72EDC73B5626} https://na19.salesforce.com/dwnld/offline2/offline2.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bio-rad.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bio-rad.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8A2314A-16E1-48CB-8EE7-A221207CBEEE} http://usherisx01.global.bio-rad.com/ucontent/8acc281bae9f42d187f9ee729af1a677_en-US/gh/html//assets/cab/rwdsot.CAB
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\mlaukha\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension [2013-05-22]

Chrome:
=======
CHR Profile: C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01]
CHR Extension: (Google Search) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-01]
CHR Extension: (Gmail) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)
S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149416 2011-01-12] (Dell Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 Lotus Notes Diagnostics; C:\Program Files\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 mozyprobackup; C:\Program Files\MozyPro\mozyprobackup.exe [54600 2013-12-11] (Mozy, Inc.)
S3 MSSQL$NR2007; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Multi-user Cleanup Service; C:\Program Files\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2320640 2013-11-16] (Trend Micro Inc.)
R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72296 2011-07-08] (O2Micro International)
S3 PSEXESVC; C:\WINDOWS\PSEXESVC.EXE [181064 2014-02-20] (Sysinternals)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [497272 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)
S2 Winmgmt; C:\WINDOWS\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [43888 2011-07-08] (ST Microelectronics)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-21] (Malwarebytes Corporation)
S3 MEI; C:\WINDOWS\system32\drivers\HECI.sys [41088 2011-07-08] (Intel Corporation)
R1 mozyproFilter; C:\WINDOWS\System32\DRIVERS\mozypro.sys [55520 2013-12-11] (Mozy, Inc.)
R3 NETwNs32; C:\WINDOWS\System32\DRIVERS\NETwNs32.sys [7434240 2011-07-08] (Intel Corporation)
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [62208 2011-07-08] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [141568 2011-07-08] (Renesas Electronics Corporation)
S3 O2MDFRDR; C:\WINDOWS\system32\drivers\O2MDFw7.sys [60904 2011-07-08] (O2Micro )
S3 O2MDRRDR; C:\WINDOWS\system32\drivers\O2MDRw7.sys [62440 2011-07-08] (O2Micro )
R3 O2SDJRDR; C:\WINDOWS\System32\DRIVERS\o2sdjw7.sys [63976 2011-07-08] (O2Micro )
S3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)
R2 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [146232 2012-06-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [282936 2012-06-21] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 01:23 - 2014-10-21 01:20 - 00003114 _____ () C:\Users\mlaukha\Desktop\JRT.txt
2014-10-20 08:52 - 2014-10-20 08:52 - 01705698 _____ (Thisisu) C:\Users\mlaukha\Desktop\JRT.exe
2014-10-20 08:49 - 2014-10-20 08:49 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\smkits
2014-10-20 06:57 - 2014-10-20 06:57 - 00006745 _____ () C:\Users\mlaukha\Desktop\AdwCleaner[s0].txt
2014-10-20 06:16 - 2014-10-20 06:23 - 00000000 ____D () C:\AdwCleaner
2014-10-20 06:16 - 2014-10-20 06:16 - 01976320 _____ () C:\Users\mlaukha\Desktop\AdwCleaner.exe
2014-10-19 13:30 - 2014-10-19 13:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\mlaukha\Desktop\tdsskiller.exe
2014-10-19 13:29 - 2014-10-19 13:29 - 00001069 _____ () C:\Users\mlaukha\Desktop\MBAM 10-19-14.txt
2014-10-15 14:22 - 2014-10-15 14:28 - 00023898 _____ () C:\Users\mlaukha\Desktop\Addition.txt
2014-10-15 14:21 - 2014-10-21 06:08 - 00018431 _____ () C:\Users\mlaukha\Desktop\FRST.txt
2014-10-15 14:21 - 2014-10-21 06:08 - 00000000 ____D () C:\FRST
2014-10-15 14:20 - 2014-10-15 14:21 - 01102336 _____ (Farbar) C:\Users\mlaukha\Desktop\FRST.exe
2014-10-12 20:53 - 2014-10-12 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Specops Software
2014-10-10 22:08 - 2014-10-10 22:08 - 12005946 _____ () C:\Users\mlaukha\Downloads\mymarie.mp4
2014-09-30 19:20 - 2014-10-21 01:11 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-09-23 16:54 - 2014-10-20 08:57 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-23 16:52 - 2014-09-23 16:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-23 15:41 - 2014-09-23 15:53 - 00109662 _____ () C:\Users\mlaukha\Desktop\2014 Forecast MA Region Update Oct 2014.xlsx
2014-09-22 21:52 - 2014-09-22 21:57 - 00000000 ____D () C:\Users\mlaukha\Doctor Web
2014-09-22 09:16 - 2014-09-22 09:22 - 30856384 _____ (Microsoft Corporation) C:\Users\mlaukha\Downloads\Windows-KB890830-V5.16.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-21 05:15 - 2012-04-24 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-21 05:14 - 2011-09-29 15:20 - 01331963 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-21 04:31 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 04:31 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 02:33 - 2014-04-11 15:32 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 00:48 - 2011-02-08 14:21 - 00005800 _____ () C:\WINDOWS\mozypro.blk
2014-10-21 00:48 - 2011-02-08 14:21 - 00001254 _____ () C:\WINDOWS\mozypro.flt
2014-10-20 15:23 - 2011-09-29 15:46 - 00001032 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-10-20 06:43 - 2011-05-09 14:46 - 00036494 _____ () C:\WINDOWS\setupact.log
2014-10-20 06:43 - 2009-07-14 00:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-20 06:42 - 2011-10-05 16:56 - 01969818 _____ () C:\WINDOWS\PFRO.log
2014-10-16 09:54 - 2011-09-29 15:47 - 00029564 __RSH () C:\ProgramData\ntuser.pol
2014-10-13 15:12 - 2014-04-11 15:31 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-13 15:12 - 2014-04-11 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 15:12 - 2014-04-11 15:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-12 21:20 - 2011-12-09 10:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-12 21:15 - 2011-11-24 18:59 - 00001897 _____ () C:\WINDOWS\TMFilter.log
2014-10-02 15:53 - 2011-03-10 00:11 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-04-11 15:31 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-04-11 15:31 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2014-04-11 15:31 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-24 13:20 - 2009-07-13 22:37 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-23 23:15 - 2012-04-24 16:02 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-23 23:15 - 2011-11-07 14:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-23 16:58 - 2014-04-11 18:32 - 00000740 _____ () C:\DelFix.txt
2014-09-23 16:53 - 2014-08-14 09:01 - 00000000 ____D () C:\Users\mlaukha\AppData\Local\Adobe
2014-09-23 16:52 - 2011-09-29 15:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-23 16:52 - 2011-03-10 00:22 - 00000000 ____D () C:\Program Files\Adobe
2014-09-23 16:52 - 2011-03-10 00:21 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-22 23:12 - 2011-10-05 12:53 - 00000000 ____D () C:\Users\mlaukha

Some content of TEMP:
====================
C:\Users\mlaukha\AppData\Local\temp\Quarantine.exe
C:\Users\mlaukha\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:44

 

And the Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014 01
Ran by Mlaukha at 2014-10-21 06:08:55
Running from C:\Users\mlaukha\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio FREE v.1.12.0 (HKLM\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden
Dell OpenManage Inventory Agent (for Dell Business Client Systems) (HKLM\...\{0804D011-EFDC-4d47-81A5-390092FA38BD}) (Version: 1.4.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
IHA_MessageCenter (HKLM\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14951 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.1.2.5973 - Juniper Networks)
Livelink Office Editor 3.2.3 (HKLM\...\{909D1BEB-08B6-4AE6-A848-95F95CEFA15F}) (Version: 3.2.3.368 - Open Text Corporation)
Lotus Notes 8.5.2 (HKLM\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (NR2007) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MozyPro (HKLM\...\{F7CED389-F093-D2B8-8495-7DDA8FF0D356}) (Version: 2.24.2.360 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Neat ADF Scanner 2008 Driver (HKLM\...\{A4A42670-82B9-4A58-8955-20271DBBF29F}) (Version: 2.0.0.61 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{58155B30-6BE9-4268-A059-149629149C63}) (Version: 2.0.0.56 - The Neat Company)
Neat Mobile Scanner (Silver) Driver (HKLM\...\{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{57F5920A-9897-4830-BD4A-BE85DA9734FF}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}) (Version: 2.0.0.122 - The Neat Company)
NeatWorks (HKLM\...\NeatWorks) (Version: 4.9.1.8 - The Neat Company)
NeatWorks Core Files (Version: 4.9.1.8 - The Neat Company) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
salesforce.com Offline Edition 2.0 (HKLM\...\{8F8E3F13-79E2-4045-8522-0CAE2FDDDFBC}) (Version: 1.235.228 - salesforce.com)
SAP BusinessObjects Analysis, edition for Microsoft Office (HKLM\...\SBOPAdvancedAnalysis) (Version: 1.3 - SAP AG)
SAP GUI for Windows 7.20 (HKLM\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Simple Adblock (HKLM\...\{B4920103-09F6-4AD2-B150-CFC4474D2DDC}) (Version: 1.1.5 - Simple Adblock)
Specops Password Client (x86) (HKLM\...\{933A3C30-6302-44D2-8FA5-918D22A8FD46}) (Version: 4.1.1122.1 - Specops Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)
Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: 10.6.5162 - Trend Micro)
True Burner 1.1 (HKLM\...\True Burner_is1) (Version:  - Glorylogic)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Verizon Toolbar (HKLM\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-150485414-301174314-2440751699-8203_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-150485414-301174314-2440751699-8203_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-10-20 15:51 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
                          

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BF7407-F2D9-4BFA-BF3E-CBB8BFD3D606} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {23C9DC85-46AD-4D58-8CB1-5864CA5FBF7E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {60138A5B-A88E-4182-89D6-DB0ED86D2074} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {739DD3B2-469D-4274-8CEE-B51752924289} - System32\Tasks\{DA2EB3F7-F17D-88FA-9A29-3BD9AFF5AA9F} => C:\WINDOWS\system32\ctwvddy.dll/s "C:\WINDOWS\system32\ctwvddy.dll"
Task: {E628823A-29C8-40F8-9499-F04EC491D8CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F64152CF-3C6E-4A64-BED5-A14CFCD4D83C} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-03-11 15:59 - 2001-10-28 20:42 - 00116224 _____ () C:\WINDOWS\System32\pdfcmnnt.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-22 17:45 - 2011-04-01 13:53 - 00499712 _____ () C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
2011-09-22 15:26 - 2011-07-08 08:37 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2011-05-09 14:18 - 2011-05-09 14:18 - 00081920 _____ () C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20110310-0045\win32\x86\eclipse_1118.dll
2011-10-05 13:20 - 2011-10-05 13:20 - 00065536 _____ () C:\Users\mlaukha\AppData\Local\Lotus\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\138\1\.cp\swtIbmWrapper.dll
2010-07-29 19:15 - 2010-07-29 19:15 - 00204800 _____ () C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.2.20100729-1241\os\win32\x86\os.dll
2011-03-11 12:23 - 2011-03-11 12:23 - 00106496 _____ () C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.2.20100729-1241\os\win32\x86\comex.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^mlaukha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^9bjqlj6.lnk => C:\WINDOWS\pss\9bjqlj6.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1817078517-3534338127-3063044471-500 - Administrator - Enabled)
bradmin (S-1-5-21-1817078517-3534338127-3063044471-1000 - Administrator - Enabled) => C:\Users\bradmin
brguest (S-1-5-21-1817078517-3534338127-3063044471-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/21/2014 06:11:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:10:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:09:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:09:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:08:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:05:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:05:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:04:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:04:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Error: (10/21/2014 06:03:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%2

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-20 16:52:09.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-20 16:30:44.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-20 16:17:27.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:52:28.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:44:28.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:27:52.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:15:33.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 14:02:12.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-09 13:51:09.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2011-05-05 18:24:22.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 56%
Total physical RAM: 3240.9 MB
Available physical RAM: 1393.74 MB
Total Pagefile: 6480.09 MB
Available Pagefile: 3794.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:161.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DBCEB924)
Partition 1: (Not Active) - (Size=100 MB) - (Type=12)
Partition 2: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hi Mike, 

 

Please run the following programmes. If you encounter any issues with aswMBR, please skip and move on to MBAR. 

 

STEP 1
aA7bkRO.png aswMBR

  • Please download aswMBR and save the file to your Desktop
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click aswMBR.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears. 
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop. 
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.

 

 

STEP 2

iAdP9bf.png Malwarebytes Anti-Rootkit (MBAR)

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Double-click MBAR.exe to run the installer.
  • Select a convenient location to extract the contents and click OK. Navigate to the location you selected.
  • Right-Click MBAR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts to update the programme and scan your computer. 
  • Upon completion, click Cleanup and reboot your computer. 
  • After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more. 
  • Upon completion, two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder

 

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • aswMBR log
  • mbar-log.txt
  • system-log.txt
Link to post
Share on other sites

Hi Adam,

Here is the aswMBR log:

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-21 15:57:04
-----------------------------
15:57:04.481    OS Version: Windows 6.1.7601 Service Pack 1
15:57:04.481    Number of processors: 4 586 0x2A07
15:57:04.481    ComputerName: CDG07001538  UserName: Mlaukha
15:57:05.183    Initialize success
15:57:05.308    VM: initialized successfully
15:57:05.339    VM: Intel CPU supported
15:57:19.043    VM: disk I/O iaStor.sys
15:59:11.816    AVAST engine defs: 14102100
15:59:46.619    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:59:46.619    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
15:59:46.760    Disk 0 MBR read successfully
15:59:46.760    Disk 0 MBR scan
15:59:46.807    Disk 0 Windows 7 default MBR code
15:59:46.838    Disk 0 Partition 1 00     12  Compaq diag               100 MB offset 2048
15:59:46.853    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       238373 MB offset 206848
15:59:46.869    Disk 0 default boot code
15:59:46.885    Disk 0 scanning sectors +488394752
15:59:46.963    Disk 0 scanning C:\WINDOWS\system32\drivers
16:00:05.792    Service scanning
16:00:34.574    Service TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
16:00:35.058    Service TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
16:00:37.959    Service VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
16:00:41.797    Modules scanning
16:01:14.728    Disk 0 trace - called modules:
16:01:14.744    ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys halmacpi.dll
16:01:14.744    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87b8f030]
16:01:14.744    3 CLASSPNP.SYS[8c19859e] -> nt!IofCallDriver -> [0x87b8e678]
16:01:14.760    5 stdcfltn.sys[8c3c5896] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86014028]
16:01:16.195    AVAST engine scan C:\
16:22:05.208    File: C:\Users\mlaukha\AppData\LocalLow\amjyazm.dll  **INFECTED** Win32:Dropper-gen [Drp]
16:22:07.392    File: C:\Users\mlaukha\AppData\LocalLow\ftpitm.dll  **INFECTED** Win32:Malware-gen
16:23:15.569    File: C:\Users\mlaukha\AppData\Roaming\cmljgc.dll  **INFECTED** Win32:Blackbeard-BR [Rtk]
16:23:15.725    File: C:\Users\mlaukha\AppData\Roaming\gkditw.dll  **INFECTED** Win32:Blackbeard-BR [Rtk]
16:23:56.998    File: C:\Users\mlaukha\AppData\Roaming\rtbuay.dll  **INFECTED** Win32:Blackbeard-BR [Rtk]
16:56:50.854    Scan finished successfully
20:26:43.076    Disk 0 MBR has been saved successfully to "C:\Users\mlaukha\Desktop\MBR.dat"
20:26:43.091    The log file has been saved successfully to "C:\Users\mlaukha\Desktop\aswMBR.txt"

 

The mbar-log.txt:

mbar-log-2014-10-21 (20-32-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 448956
Time elapsed: 35 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

system-log.txt:

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_45

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 3398328320, free: 1198530560

Could not load protection driver
Downloaded database version: v2014.10.21.11
Downloaded database version: v2014.10.21.01
Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DBCEB924

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 488187904
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

 

 

 

Link to post
Share on other sites

Hello Mike, 

 

Please work your way through the following, and let me know how you get on. 

The log produced in STEP 1 may be large, so please attach the file if this is the case. If you're unable to attach, please upload to my channel.

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startSearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^mlaukha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^9bjqlj6.lnk" /fC:\Users\mlaukha\AppData\LocalLow\amjyazm.dllC:\Users\mlaukha\AppData\LocalLow\ftpitm.dllC:\Users\mlaukha\AppData\Roaming\cmljgc.dll C:\Users\mlaukha\AppData\Roaming\gkditw.dll C:\Users\mlaukha\AppData\Roaming\rtbuay.dll Folder: C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}Folder: C:\Users\mlaukha\AppData\RoamingFolder: C:\Users\mlaukha\AppData\LocalLowEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the file in your next reply. 
     

STEP 2
nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 3
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\WINDOWS\system32\ctwvddy.dll
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
  • Please do the same for the files below:
    • C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll
       

STEP 4
gxJsKn9.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the following items are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Defender
    • Other Services
  • Click YMLYaf6.png.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt (attached)
  • VirusTotal Results
  • FSS.txt
Link to post
Share on other sites

Hi Adam,

Item #1 fixlog.txt

I attached it. It's huge

 

Item #2 Virus Total:

This file wasn't in that spot. C:\WINDOWS\system32\ctwvddy.dll

 

The other file, C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll said it was in use and had to be stopped before opening.

 

Item #3 FSS.txt:

Farbar Service Scanner Version: 21-07-2014
Ran by Mlaukha (administrator) on 22-10-2014 at 17:22:53
Running from "C:\Users\mlaukha\Desktop"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
Unable to retrieve ServiceDll of winmgmt. The value does not exist.

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\nsisvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\WINDOWS\system32\dhcpcore.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\mpssvc.dll => File is digitally signed
C:\WINDOWS\system32\bfe.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\WINDOWS\system32\SDRSVC.dll => File is digitally signed
C:\WINDOWS\system32\vssvc.exe => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed

**** End of log ****

Link to post
Share on other sites

Hello Mike, 

 

Try this instead. 

 

MgeHyNE.png Boot into Safe Mode

  • Restart your PC.
  • As soon as the BIOS is loaded, begin repeatedly tapping the F8 key until the Advanced Options menu appears.  
  • Using the arrow keys, select Safe Mode
  • Press the Enter key.

----------------

  • Navigate to C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
  • Right-click fwcfg.dll and click Copy
  • Navigate to your Desktop, right-click click Paste
     
  • Navigate to C:\WINDOWS\system32
  • Right-click ctwvddy.dll and click Copy.
  • Navigate to your Desktop, right-click click Paste
  • Boot normally into Windows. 

----------------

  • Repeat the VirusTotal step, only this time scanning the copied files on your Desktop. 
Link to post
Share on other sites

Hi Adam,

My apologies for this delay. Real life intruded and I had to fix my son's car.

I did like you said with unchecking folders, rebooted into Safe Mode and still couldn't find ctwvddy.dll

I did get fwcfg.dll and here is the link to the VirusTotal scan:

https://www.virustotal.com/en/file/dbcfbf7b33994a22c3e27ee56053c39dab755b84c4184ed8675e1949b1f040f8/analysis/1414330473/

Link to post
Share on other sites

No problem, Mike. 

Please do the following. 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start2014-07-30 20:41 - 2014-07-30 20:41 - 0000000 _____ () C:\Users\mlaukha\AppData\LocalLow\seetla.dll2014-02-08 22:33 - 2014-02-08 22:33 - 0000000 ____D () C:\Users\mlaukha\AppData\LocalLow\{5906EDCD-785C-EBA1-0931-8FF91EEC360D}File: C:\WINDOWS\system32\ctwvddy.dllCMD: ipconfig /flushdnsEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

Hi Adam,

Here's the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014
Ran by Mlaukha at 2014-10-26 12:50:29 Run:2
Running from C:\Users\mlaukha\Desktop
Loaded Profile: Mlaukha (Available profiles: Mlaukha & bradmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
2014-07-30 20:41 - 2014-07-30 20:41 - 0000000 _____ () C:\Users\mlaukha\AppData\LocalLow\seetla.dll
2014-02-08 22:33 - 2014-02-08 22:33 - 0000000 ____D () C:\Users\mlaukha\AppData\LocalLow\{5906EDCD-785C-EBA1-0931-8FF91EEC360D}
File: C:\WINDOWS\system32\ctwvddy.dll
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

C:\Users\mlaukha\AppData\LocalLow\seetla.dll => Moved successfully.
C:\Users\mlaukha\AppData\LocalLow\{5906EDCD-785C-EBA1-0931-8FF91EEC360D} => Moved successfully.

========================= File: C:\WINDOWS\system32\ctwvddy.dll ========================

"C:\WINDOWS\system32\ctwvddy.dll" not found.
====== End Of File: ======

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 332.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Good job.
Please work your way through the following. This will repair one of your damaged services. 
 
STEP 1
MgeHyNE.png System File Checker (SFC)

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    sfc /scannowfindstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcresults.txt"notepad %userprofile%\Desktop\sfcresults.txtdel %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file querysfc.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate querysfc.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Upon completion, a log (sfcresults.txt) will open on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
MgeHyNE.png ESET Services Repair

  • Please download ESET Services Repair and save the file to your Desktop.
  • Right-Click Services.Repair.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Reboot your computer.
     

STEP 3
gxJsKn9.png Farbar Service Scanner (FSS)

  • Right-Click FSS.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Place a checkmark next to each checkable item. 
  • Click Scan.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • sfcresults.txt
  • Did ESET Services Repair run successfully?
  • FSS.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Okay, two posts.

First sfcresults.txt:

2014-10-26 14:07:56, Info                  CSI    00000009 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:07:56, Info                  CSI    0000000a [sR] Beginning Verify and Repair transaction
2014-10-26 14:07:58, Info                  CSI    0000000c [sR] Verify complete
2014-10-26 14:07:58, Info                  CSI    0000000d [sR] Verifying 100 (0x00000064) components
2014-10-26 14:07:58, Info                  CSI    0000000e [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:00, Info                  CSI    00000010 [sR] Verify complete
2014-10-26 14:08:00, Info                  CSI    00000011 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:00, Info                  CSI    00000012 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:03, Info                  CSI    00000014 [sR] Verify complete
2014-10-26 14:08:03, Info                  CSI    00000015 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:03, Info                  CSI    00000016 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:04, Info                  CSI    00000018 [sR] Verify complete
2014-10-26 14:08:05, Info                  CSI    00000019 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:05, Info                  CSI    0000001a [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:07, Info                  CSI    0000001c [sR] Verify complete
2014-10-26 14:08:07, Info                  CSI    0000001d [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:07, Info                  CSI    0000001e [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:09, Info                  CSI    00000020 [sR] Verify complete
2014-10-26 14:08:10, Info                  CSI    00000021 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:10, Info                  CSI    00000022 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:11, Info                  CSI    00000024 [sR] Verify complete
2014-10-26 14:08:11, Info                  CSI    00000025 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:11, Info                  CSI    00000026 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:14, Info                  CSI    00000028 [sR] Verify complete
2014-10-26 14:08:14, Info                  CSI    00000029 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:14, Info                  CSI    0000002a [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:17, Info                  CSI    0000002c [sR] Verify complete
2014-10-26 14:08:17, Info                  CSI    0000002d [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:17, Info                  CSI    0000002e [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:19, Info                  CSI    00000030 [sR] Verify complete
2014-10-26 14:08:19, Info                  CSI    00000031 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:19, Info                  CSI    00000032 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:22, Info                  CSI    00000034 [sR] Verify complete
2014-10-26 14:08:22, Info                  CSI    00000035 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:22, Info                  CSI    00000036 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:27, Info                  CSI    00000038 [sR] Verify complete
2014-10-26 14:08:28, Info                  CSI    00000039 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:28, Info                  CSI    0000003a [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:31, Info                  CSI    0000003f [sR] Verify complete
2014-10-26 14:08:31, Info                  CSI    00000040 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:31, Info                  CSI    00000041 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:34, Info                  CSI    00000044 [sR] Verify complete
2014-10-26 14:08:34, Info                  CSI    00000045 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:34, Info                  CSI    00000046 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:37, Info                  CSI    0000004a [sR] Verify complete
2014-10-26 14:08:38, Info                  CSI    0000004b [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:38, Info                  CSI    0000004c [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:44, Info                  CSI    00000055 [sR] Verify complete
2014-10-26 14:08:44, Info                  CSI    00000056 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:44, Info                  CSI    00000057 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:48, Info                  CSI    0000005a [sR] Verify complete
2014-10-26 14:08:49, Info                  CSI    0000005b [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:49, Info                  CSI    0000005c [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:53, Info                  CSI    0000005e [sR] Verify complete
2014-10-26 14:08:53, Info                  CSI    0000005f [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:53, Info                  CSI    00000060 [sR] Beginning Verify and Repair transaction
2014-10-26 14:08:57, Info                  CSI    00000062 [sR] Verify complete
2014-10-26 14:08:57, Info                  CSI    00000063 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:08:57, Info                  CSI    00000064 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:01, Info                  CSI    00000066 [sR] Verify complete
2014-10-26 14:09:01, Info                  CSI    00000067 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:01, Info                  CSI    00000068 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:05, Info                  CSI    0000006a [sR] Verify complete
2014-10-26 14:09:05, Info                  CSI    0000006b [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:05, Info                  CSI    0000006c [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:11, Info                  CSI    00000070 [sR] Verify complete
2014-10-26 14:09:11, Info                  CSI    00000071 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:11, Info                  CSI    00000072 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:17, Info                  CSI    00000074 [sR] Verify complete
2014-10-26 14:09:18, Info                  CSI    00000075 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:18, Info                  CSI    00000076 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:25, Info                  CSI    00000078 [sR] Verify complete
2014-10-26 14:09:26, Info                  CSI    00000079 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:26, Info                  CSI    0000007a [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:35, Info                  CSI    0000007c [sR] Verify complete
2014-10-26 14:09:36, Info                  CSI    0000007d [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:36, Info                  CSI    0000007e [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:38, Info                  CSI    00000080 [sR] Verify complete
2014-10-26 14:09:38, Info                  CSI    00000081 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:38, Info                  CSI    00000082 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:40, Info                  CSI    00000084 [sR] Verify complete
2014-10-26 14:09:40, Info                  CSI    00000085 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:40, Info                  CSI    00000086 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:41, Info                  CSI    00000088 [sR] Verify complete
2014-10-26 14:09:41, Info                  CSI    00000089 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:41, Info                  CSI    0000008a [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:45, Info                  CSI    00000090 [sR] Verify complete
2014-10-26 14:09:46, Info                  CSI    00000091 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:46, Info                  CSI    00000092 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:51, Info                  CSI    000000ac [sR] Verify complete
2014-10-26 14:09:51, Info                  CSI    000000ad [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:51, Info                  CSI    000000ae [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:52, Info                  CSI    000000b0 [sR] Verify complete
2014-10-26 14:09:52, Info                  CSI    000000b1 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:52, Info                  CSI    000000b2 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:55, Info                  CSI    000000b4 [sR] Verify complete
2014-10-26 14:09:55, Info                  CSI    000000b5 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:55, Info                  CSI    000000b6 [sR] Beginning Verify and Repair transaction
2014-10-26 14:09:58, Info                  CSI    000000b8 [sR] Verify complete
2014-10-26 14:09:58, Info                  CSI    000000b9 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:09:58, Info                  CSI    000000ba [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:04, Info                  CSI    000000bc [sR] Verify complete
2014-10-26 14:10:04, Info                  CSI    000000bd [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:04, Info                  CSI    000000be [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:09, Info                  CSI    000000c1 [sR] Verify complete
2014-10-26 14:10:09, Info                  CSI    000000c2 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:09, Info                  CSI    000000c3 [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:10, Info                  CSI    000000c5 [sR] Verify complete
2014-10-26 14:10:10, Info                  CSI    000000c6 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:10, Info                  CSI    000000c7 [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:12, Info                  CSI    000000c9 [sR] Verify complete
2014-10-26 14:10:12, Info                  CSI    000000ca [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:12, Info                  CSI    000000cb [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:19, Info                  CSI    000000cd [sR] Verify complete
2014-10-26 14:10:20, Info                  CSI    000000ce [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:20, Info                  CSI    000000cf [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:24, Info                  CSI    000000d1 [sR] Verify complete
2014-10-26 14:10:25, Info                  CSI    000000d2 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:25, Info                  CSI    000000d3 [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:29, Info                  CSI    000000d5 [sR] Verify complete
2014-10-26 14:10:29, Info                  CSI    000000d6 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:29, Info                  CSI    000000d7 [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:37, Info                  CSI    000000ed [sR] Verify complete
2014-10-26 14:10:37, Info                  CSI    000000ee [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:37, Info                  CSI    000000ef [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:42, Info                  CSI    00000101 [sR] Verify complete
2014-10-26 14:10:42, Info                  CSI    00000102 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:42, Info                  CSI    00000103 [sR] Beginning Verify and Repair transaction
2014-10-26 14:10:48, Info                  CSI    00000105 [sR] Verify complete
2014-10-26 14:10:48, Info                  CSI    00000106 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:10:48, Info                  CSI    00000107 [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:06, Info                  CSI    00000109 [sR] Verify complete
2014-10-26 14:11:06, Info                  CSI    0000010a [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:06, Info                  CSI    0000010b [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:16, Info                  CSI    0000010e [sR] Verify complete
2014-10-26 14:11:17, Info                  CSI    0000010f [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:17, Info                  CSI    00000110 [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:24, Info                  CSI    00000112 [sR] Verify complete
2014-10-26 14:11:24, Info                  CSI    00000113 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:24, Info                  CSI    00000114 [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:28, Info                  CSI    00000116 [sR] Verify complete
2014-10-26 14:11:28, Info                  CSI    00000117 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:28, Info                  CSI    00000118 [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:32, Info                  CSI    0000011a [sR] Verify complete
2014-10-26 14:11:33, Info                  CSI    0000011b [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:33, Info                  CSI    0000011c [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:35, Info                  CSI    0000011e [sR] Verify complete
2014-10-26 14:11:35, Info                  CSI    0000011f [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:35, Info                  CSI    00000120 [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:39, Info                  CSI    00000123 [sR] Verify complete
2014-10-26 14:11:40, Info                  CSI    00000124 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:40, Info                  CSI    00000125 [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:43, Info                  CSI    00000127 [sR] Verify complete
2014-10-26 14:11:44, Info                  CSI    00000128 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:44, Info                  CSI    00000129 [sR] Beginning Verify and Repair transaction
2014-10-26 14:11:57, Info                  CSI    0000012c [sR] Verify complete
2014-10-26 14:11:57, Info                  CSI    0000012d [sR] Verifying 100 (0x00000064) components
2014-10-26 14:11:57, Info                  CSI    0000012e [sR] Beginning Verify and Repair transaction
2014-10-26 14:12:06, Info                  CSI    00000130 [sR] Verify complete
2014-10-26 14:12:06, Info                  CSI    00000131 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:12:06, Info                  CSI    00000132 [sR] Beginning Verify and Repair transaction
2014-10-26 14:12:12, Info                  CSI    00000134 [sR] Verify complete
2014-10-26 14:12:12, Info                  CSI    00000135 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:12:12, Info                  CSI    00000136 [sR] Beginning Verify and Repair transaction
2014-10-26 14:12:26, Info                  CSI    00000139 [sR] Verify complete
2014-10-26 14:12:26, Info                  CSI    0000013a [sR] Verifying 100 (0x00000064) components
2014-10-26 14:12:26, Info                  CSI    0000013b [sR] Beginning Verify and Repair transaction
2014-10-26 14:12:35, Info                  CSI    0000013d [sR] Verify complete
2014-10-26 14:12:35, Info                  CSI    0000013e [sR] Verifying 100 (0x00000064) components
2014-10-26 14:12:35, Info                  CSI    0000013f [sR] Beginning Verify and Repair transaction
2014-10-26 14:12:39, Info                  CSI    00000141 [sR] Verify complete
2014-10-26 14:12:40, Info                  CSI    00000142 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:12:40, Info                  CSI    00000143 [sR] Beginning Verify and Repair transaction
2014-10-26 14:12:47, Info                  CSI    00000145 [sR] Verify complete
2014-10-26 14:12:47, Info                  CSI    00000146 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:12:47, Info                  CSI    00000147 [sR] Beginning Verify and Repair transaction
2014-10-26 14:12:54, Info                  CSI    0000014a [sR] Verify complete
2014-10-26 14:12:54, Info                  CSI    0000014b [sR] Verifying 100 (0x00000064) components
2014-10-26 14:12:54, Info                  CSI    0000014c [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:00, Info                  CSI    0000014e [sR] Verify complete
2014-10-26 14:13:00, Info                  CSI    0000014f [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:00, Info                  CSI    00000150 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:03, Info                  CSI    00000152 [sR] Verify complete
2014-10-26 14:13:03, Info                  CSI    00000153 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:03, Info                  CSI    00000154 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:15, Info                  CSI    00000156 [sR] Verify complete
2014-10-26 14:13:15, Info                  CSI    00000157 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:15, Info                  CSI    00000158 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:21, Info                  CSI    0000015b [sR] Verify complete
2014-10-26 14:13:21, Info                  CSI    0000015c [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:21, Info                  CSI    0000015d [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:28, Info                  CSI    0000015f [sR] Verify complete
2014-10-26 14:13:28, Info                  CSI    00000160 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:28, Info                  CSI    00000161 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:34, Info                  CSI    00000163 [sR] Verify complete
2014-10-26 14:13:34, Info                  CSI    00000164 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:34, Info                  CSI    00000165 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:40, Info                  CSI    00000167 [sR] Verify complete
2014-10-26 14:13:40, Info                  CSI    00000168 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:40, Info                  CSI    00000169 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:46, Info                  CSI    0000016b [sR] Verify complete
2014-10-26 14:13:46, Info                  CSI    0000016c [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:46, Info                  CSI    0000016d [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:48, Info                  CSI    0000016f [sR] Verify complete
2014-10-26 14:13:48, Info                  CSI    00000170 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:48, Info                  CSI    00000171 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:51, Info                  CSI    00000173 [sR] Verify complete
2014-10-26 14:13:51, Info                  CSI    00000174 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:51, Info                  CSI    00000175 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:55, Info                  CSI    00000177 [sR] Verify complete
2014-10-26 14:13:55, Info                  CSI    00000178 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:55, Info                  CSI    00000179 [sR] Beginning Verify and Repair transaction
2014-10-26 14:13:59, Info                  CSI    0000017b [sR] Verify complete
2014-10-26 14:13:59, Info                  CSI    0000017c [sR] Verifying 100 (0x00000064) components
2014-10-26 14:13:59, Info                  CSI    0000017d [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:01, Info                  CSI    0000017f [sR] Verify complete
2014-10-26 14:14:01, Info                  CSI    00000180 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:01, Info                  CSI    00000181 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:05, Info                  CSI    00000183 [sR] Verify complete
2014-10-26 14:14:05, Info                  CSI    00000184 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:05, Info                  CSI    00000185 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:15, Info                  CSI    00000187 [sR] Verify complete
2014-10-26 14:14:15, Info                  CSI    00000188 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:15, Info                  CSI    00000189 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:32, Info                  CSI    0000018b [sR] Verify complete
2014-10-26 14:14:32, Info                  CSI    0000018c [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:32, Info                  CSI    0000018d [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:36, Info                  CSI    0000018f [sR] Verify complete
2014-10-26 14:14:36, Info                  CSI    00000190 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:36, Info                  CSI    00000191 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:40, Info                  CSI    00000193 [sR] Verify complete
2014-10-26 14:14:40, Info                  CSI    00000194 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:40, Info                  CSI    00000195 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:42, Info                  CSI    00000197 [sR] Verify complete
2014-10-26 14:14:42, Info                  CSI    00000198 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:42, Info                  CSI    00000199 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:44, Info                  CSI    0000019b [sR] Verify complete
2014-10-26 14:14:45, Info                  CSI    0000019c [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:45, Info                  CSI    0000019d [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:47, Info                  CSI    0000019f [sR] Verify complete
2014-10-26 14:14:47, Info                  CSI    000001a0 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:47, Info                  CSI    000001a1 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:50, Info                  CSI    000001a3 [sR] Verify complete
2014-10-26 14:14:50, Info                  CSI    000001a4 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:50, Info                  CSI    000001a5 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:52, Info                  CSI    000001a7 [sR] Verify complete
2014-10-26 14:14:52, Info                  CSI    000001a8 [sR] Verifying 100 (0x00000064) components
2014-10-26 14:14:52, Info                  CSI    000001a9 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:55, Info                  CSI    000001ab [sR] Verify complete
2014-10-26 14:14:55, Info                  CSI    000001ac [sR] Verifying 74 (0x0000004a) components
2014-10-26 14:14:55, Info                  CSI    000001ad [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:57, Info                  CSI    000001af [sR] Verify complete
2014-10-26 14:14:57, Info                  CSI    000001b0 [sR] Repairing 0 components
2014-10-26 14:14:57, Info                  CSI    000001b1 [sR] Beginning Verify and Repair transaction
2014-10-26 14:14:57, Info                  CSI    000001b3 [sR] Repair complete
 

ESET ran successfully

 

FSS.txt:

Farbar Service Scanner Version: 21-07-2014
Ran by Mlaukha (administrator) on 26-10-2014 at 14:20:38
Running from "C:\Users\mlaukha\Desktop"
Windows 7 Enterprise Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
Unable to retrieve ServiceDll of winmgmt. The value does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\nsisvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\WINDOWS\system32\dhcpcore.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\mpssvc.dll => File is digitally signed
C:\WINDOWS\system32\bfe.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\WINDOWS\system32\SDRSVC.dll => File is digitally signed
C:\WINDOWS\system32\vssvc.exe => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuaueng.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed

**** End of log ****

Link to post
Share on other sites

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014

Ran by Mlaukha (administrator) on CDG07001538 on 26-10-2014 14:22:32

Running from C:\Users\mlaukha\Desktop

Loaded Profile: Mlaukha (Available profiles: Mlaukha & bradmin)

Platform: Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

(IBM) C:\Program Files\IBM\Lotus\Notes\nsd.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe

(Specops Software) C:\Windows\System32\SppClient.exe

(Sysinternals) C:\Windows\Scripts\BGinfo\Bginfo.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Mozy, Inc.) C:\Program Files\MozyPro\mozyprostat.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe

(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe

(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bGInfo] => C:\Windows\Scripts\BGINFO.bat [97 2011-03-08] ()

HKLM\...\Run: [specops Password Client] => C:\Windows\system32\SppClient.exe [858328 2010-11-23] (Specops Software)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)

HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

HKU\S-1-5-21-150485414-301174314-2440751699-8203\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-03-07] (SUPERAntiSpyware.com)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyPro Status.lnk

ShortcutTarget: MozyPro Status.lnk -> C:\Program Files\MozyPro\mozyprostat.exe (Mozy, Inc.)

ShellIconOverlayIdentifiers: [mozypro] -> {71B8CED8-5D67-4f57-89B1-F64CE6302A1E} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)

ShellIconOverlayIdentifiers: [mozypro2] -> {CBAFE103-79DA-46ca-BD9A-63CBF6282882} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)

ShellIconOverlayIdentifiers: [mozypro3] -> {8B99EA55-1AFF-4539-80A0-A71C6011CD84} => C:\Program Files\MozyPro\mozyproshell.dll (Mozy, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://usherwip12:4343/officescan/console/html/ClientInstall/WinNTChk.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://usherwip12:4343/officescan/console/html/ClientInstall/setup.cab

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab

DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://usherwip12:4343/officescan/console/html/root/AtxEnc.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {9B815712-2EF0-4F81-8505-72EDC73B5626} https://na19.salesforce.com/dwnld/offline2/offline2.cab

DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bio-rad.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bio-rad.com/dana-cached/sc/JuniperSetupClient.cab

DPF: {F8A2314A-16E1-48CB-8EE7-A221207CBEEE} http://usherisx01.global.bio-rad.com/ucontent/8acc281bae9f42d187f9ee729af1a677_en-US/gh/html//assets/cab/rwdsot.CAB

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\mlaukha\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)

FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension

FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension [2013-05-22]

Chrome:

=======

CHR Profile: C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01]

CHR Extension: (Google Search) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-01]

CHR Extension: (Gmail) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]

R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)

S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)

S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149416 2011-01-12] (Dell Inc.)

R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks)

R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)

R2 Lotus Notes Diagnostics; C:\Program Files\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)

S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 mozyprobackup; C:\Program Files\MozyPro\mozyprobackup.exe [54600 2013-12-11] (Mozy, Inc.)

S3 MSSQL$NR2007; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 Multi-user Cleanup Service; C:\Program Files\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)

R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2320640 2013-11-16] (Trend Micro Inc.)

R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72296 2011-07-08] (O2Micro International)

S3 PSEXESVC; C:\WINDOWS\PSEXESVC.EXE [181064 2014-02-20] (Sysinternals)

S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)

R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)

S2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)

S3 TmPfw; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [497272 2011-04-15] (Trend Micro Inc.)

S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)

S2 Winmgmt; C:\WINDOWS\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [43888 2011-07-08] (ST Microelectronics)

R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)

R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-26] (Malwarebytes Corporation)

S3 MEI; C:\WINDOWS\system32\drivers\HECI.sys [41088 2011-07-08] (Intel Corporation)

R1 mozyproFilter; C:\WINDOWS\System32\DRIVERS\mozypro.sys [55520 2013-12-11] (Mozy, Inc.)

R3 NETwNs32; C:\WINDOWS\System32\DRIVERS\NETwNs32.sys [7434240 2011-07-08] (Intel Corporation)

S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [62208 2011-07-08] (Renesas Electronics Corporation)

S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [141568 2011-07-08] (Renesas Electronics Corporation)

S3 O2MDFRDR; C:\WINDOWS\system32\drivers\O2MDFw7.sys [60904 2011-07-08] (O2Micro )

S3 O2MDRRDR; C:\WINDOWS\system32\drivers\O2MDRw7.sys [62440 2011-07-08] (O2Micro )

R3 O2SDJRDR; C:\WINDOWS\System32\DRIVERS\o2sdjw7.sys [63976 2011-07-08] (O2Micro )

S3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)

R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)

R2 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)

R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)

R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)

R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [146232 2012-06-21] (Trend Micro Inc.)

R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)

R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)

R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [282936 2012-06-21] (Trend Micro Inc.)

R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 14:16 - 2014-10-26 14:16 - 00000000 ____D () C:\Users\Public\Desktop\CC Support

2014-10-26 14:15 - 2014-10-26 14:15 - 04009167 _____ () C:\Users\mlaukha\Desktop\ServicesRepair.exe

2014-10-26 14:15 - 2014-10-26 14:15 - 00024549 _____ () C:\Users\mlaukha\Desktop\sfcresults.txt

2014-10-26 09:22 - 2014-10-24 09:27 - 00179200 _____ (Microsoft) C:\Users\mlaukha\Desktop\fwcfg.dll

2014-10-22 17:22 - 2014-10-26 14:20 - 00002889 _____ () C:\Users\mlaukha\Desktop\FSS.txt

2014-10-22 17:21 - 2014-10-22 17:21 - 00415232 _____ (Farbar) C:\Users\mlaukha\Desktop\FSS.exe

2014-10-22 16:45 - 2014-10-26 12:50 - 00000000 ____D () C:\Users\mlaukha\Desktop\FRST-OlderVersion

2014-10-21 20:32 - 2014-10-21 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-10-21 20:31 - 2014-10-21 21:22 - 00000000 ____D () C:\Users\mlaukha\Desktop\mbar

2014-10-21 20:30 - 2014-10-21 20:30 - 14349744 _____ (Malwarebytes Corp.) C:\Users\mlaukha\Desktop\mbar-1.07.0.1012.exe

2014-10-21 20:26 - 2014-10-21 20:26 - 00002733 _____ () C:\Users\mlaukha\Desktop\aswMBR.txt

2014-10-21 20:26 - 2014-10-21 20:26 - 00000512 _____ () C:\Users\mlaukha\Desktop\MBR.dat

2014-10-21 15:56 - 2014-10-21 15:56 - 05185536 _____ (AVAST Software) C:\Users\mlaukha\Desktop\aswMBR.exe

2014-10-21 01:23 - 2014-10-21 01:20 - 00003114 _____ () C:\Users\mlaukha\Desktop\JRT.txt

2014-10-20 08:52 - 2014-10-20 08:52 - 01705698 _____ (Thisisu) C:\Users\mlaukha\Desktop\JRT.exe

2014-10-20 08:49 - 2014-10-20 08:49 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\smkits

2014-10-20 06:57 - 2014-10-20 06:57 - 00006745 _____ () C:\Users\mlaukha\Desktop\AdwCleaner[s0].txt

2014-10-20 06:16 - 2014-10-20 06:23 - 00000000 ____D () C:\AdwCleaner

2014-10-20 06:16 - 2014-10-20 06:16 - 01976320 _____ () C:\Users\mlaukha\Desktop\AdwCleaner.exe

2014-10-19 13:30 - 2014-10-19 13:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\mlaukha\Desktop\tdsskiller.exe

2014-10-19 13:29 - 2014-10-19 13:29 - 00001069 _____ () C:\Users\mlaukha\Desktop\MBAM 10-19-14.txt

2014-10-15 14:22 - 2014-10-21 06:11 - 00021503 _____ () C:\Users\mlaukha\Desktop\Addition.txt

2014-10-15 14:21 - 2014-10-26 14:22 - 00017419 _____ () C:\Users\mlaukha\Desktop\FRST.txt

2014-10-15 14:21 - 2014-10-26 14:22 - 00000000 ____D () C:\FRST

2014-10-15 14:20 - 2014-10-26 12:50 - 01104896 _____ (Farbar) C:\Users\mlaukha\Desktop\FRST.exe

2014-10-12 20:53 - 2014-10-12 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Specops Software

2014-10-10 22:08 - 2014-10-10 22:08 - 12005946 _____ () C:\Users\mlaukha\Downloads\mymarie.mp4

2014-09-30 19:20 - 2014-10-26 14:18 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-26 14:22 - 2011-09-29 15:20 - 01402790 _____ () C:\WINDOWS\WindowsUpdate.log

2014-10-26 14:17 - 2011-05-09 14:46 - 00036886 _____ () C:\WINDOWS\setupact.log

2014-10-26 14:17 - 2009-07-14 00:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-10-26 14:16 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-26 14:16 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-26 14:15 - 2012-04-24 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-10-26 13:07 - 2014-04-11 15:32 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-10-26 11:16 - 2011-02-08 14:21 - 00005800 _____ () C:\WINDOWS\mozypro.blk

2014-10-26 11:16 - 2011-02-08 14:21 - 00001254 _____ () C:\WINDOWS\mozypro.flt

2014-10-26 09:16 - 2011-10-05 16:56 - 01970908 _____ () C:\WINDOWS\PFRO.log

2014-10-26 07:57 - 2010-11-20 20:31 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents

2014-10-22 16:42 - 2011-09-29 15:46 - 00001032 _____ () C:\WINDOWS\system32\config\netlogon.ftl

2014-10-21 20:31 - 2014-04-11 15:31 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-10-20 08:57 - 2014-09-23 16:54 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-10-16 09:54 - 2011-09-29 15:47 - 00029564 __RSH () C:\ProgramData\ntuser.pol

2014-10-13 15:12 - 2014-04-11 15:31 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-13 15:12 - 2014-04-11 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-13 15:12 - 2014-04-11 15:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-10-12 21:20 - 2011-12-09 10:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-10-12 21:15 - 2011-11-24 18:59 - 00001897 _____ () C:\WINDOWS\TMFilter.log

2014-10-02 15:53 - 2011-03-10 00:11 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-10-01 11:11 - 2014-04-11 15:31 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-10-01 11:11 - 2014-04-11 15:31 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 08:28

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014

Ran by Mlaukha at 2014-10-26 14:23:20

Running from C:\Users\mlaukha\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )

Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)

Adblock Plus for IE (HKLM\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ashampoo Burning Studio FREE v.1.12.0 (HKLM\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.12.0 - Ashampoo GmbH & Co. KG)

BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

CleanUp! (HKLM\...\CleanUp!) (Version: - )

Configuration Manager Client (Version: 5.00.7804.1000 - Microsoft Corporation) Hidden

Dell OpenManage Inventory Agent (for Dell Business Client Systems) (HKLM\...\{0804D011-EFDC-4d47-81A5-390092FA38BD}) (Version: 1.4.1 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.125 - ALPS ELECTRIC CO., LTD.)

GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)

IHA_MessageCenter (HKLM\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)

iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)

Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)

Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden

Java 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)

join.me (HKCU\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)

Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.14951 - Juniper Networks)

Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.1.2.5973 - Juniper Networks)

Livelink Office Editor 3.2.3 (HKLM\...\{909D1BEB-08B6-4AE6-A848-95F95CEFA15F}) (Version: 3.2.3.368 - Open Text Corporation)

Lotus Notes 8.5.2 (HKLM\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)

Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)

Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

MozyPro (HKLM\...\{F7CED389-F093-D2B8-8495-7DDA8FF0D356}) (Version: 2.24.2.360 - Mozy, Inc.)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

Neat ADF Scanner 2008 Driver (HKLM\...\{A4A42670-82B9-4A58-8955-20271DBBF29F}) (Version: 2.0.0.61 - The Neat Company)

Neat ADF Scanner Driver (HKLM\...\{58155B30-6BE9-4268-A059-149629149C63}) (Version: 2.0.0.56 - The Neat Company)

Neat Mobile Scanner (Silver) Driver (HKLM\...\{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}) (Version: 2.0.0.63 - The Neat Company)

Neat Mobile Scanner 2008 Driver (HKLM\...\{57F5920A-9897-4830-BD4A-BE85DA9734FF}) (Version: 2.0.0.69 - The Neat Company)

Neat Mobile Scanner Driver (HKLM\...\{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}) (Version: 2.0.0.122 - The Neat Company)

NeatWorks (HKLM\...\NeatWorks) (Version: 4.9.1.8 - The Neat Company)

NeatWorks Core Files (Version: 4.9.1.8 - The Neat Company) Hidden

PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

salesforce.com Offline Edition 2.0 (HKLM\...\{8F8E3F13-79E2-4045-8522-0CAE2FDDDFBC}) (Version: 1.235.228 - salesforce.com)

SAP BusinessObjects Analysis, edition for Microsoft Office (HKLM\...\SBOPAdvancedAnalysis) (Version: 1.3 - SAP AG)

SAP GUI for Windows 7.20 (HKLM\...\SAPGUI710) (Version: 7.20 Compilation 3 - SAP)

Simple Adblock (HKLM\...\{B4920103-09F6-4AD2-B150-CFC4474D2DDC}) (Version: 1.1.5 - Simple Adblock)

Specops Password Client (x86) (HKLM\...\{933A3C30-6302-44D2-8FA5-918D22A8FD46}) (Version: 4.1.1122.1 - Specops Software)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1146 - SUPERAntiSpyware.com)

Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: 10.6.5162 - Trend Micro)

True Burner 1.1 (HKLM\...\True Burner_is1) (Version: - Glorylogic)

Verizon Toolbar (HKLM\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)

VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)

Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-150485414-301174314-2440751699-8203_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll (Microsoft)

CustomCLSID: HKU\S-1-5-21-150485414-301174314-2440751699-8203_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2014-10-22 16:48 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BF7407-F2D9-4BFA-BF3E-CBB8BFD3D606} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection

Task: {23C9DC85-46AD-4D58-8CB1-5864CA5FBF7E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {60138A5B-A88E-4182-89D6-DB0ED86D2074} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

Task: {739DD3B2-469D-4274-8CEE-B51752924289} - System32\Tasks\{DA2EB3F7-F17D-88FA-9A29-3BD9AFF5AA9F} => C:\WINDOWS\system32\ctwvddy.dll/s "C:\WINDOWS\system32\ctwvddy.dll"

Task: {E628823A-29C8-40F8-9499-F04EC491D8CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {F64152CF-3C6E-4A64-BED5-A14CFCD4D83C} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2012-11-21] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-03-11 15:59 - 2001-10-28 20:42 - 00116224 _____ () C:\WINDOWS\System32\pdfcmnnt.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-05-22 17:45 - 2011-04-01 13:53 - 00499712 _____ () C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll

2011-09-22 15:26 - 2011-07-08 08:37 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1817078517-3534338127-3063044471-500 - Administrator - Enabled)

bradmin (S-1-5-21-1817078517-3534338127-3063044471-1000 - Administrator - Enabled) => C:\Users\bradmin

brguest (S-1-5-21-1817078517-3534338127-3063044471-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:

==================

Error: (10/26/2014 02:24:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2014-10-28T13:22:37Z. Error Code: 0x80041321.

Error: (10/26/2014 02:18:29 PM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 00:59:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2014-10-28T13:22:24Z. Error Code: 0x80041321.

Error: (10/26/2014 00:53:15 PM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 10:19:01 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program iexplore.exe version 9.0.8112.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bf4

Start Time: 01cff121ee407d02

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (10/26/2014 09:31:52 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2014-10-28T13:22:52Z. Error Code: 0x80041321.

Error: (10/26/2014 09:25:43 AM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 09:17:20 AM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 08:13:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2014-10-28T13:22:13Z. Error Code: 0x80041321.

Error: (10/26/2014 08:07:12 AM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

System errors:

=============

Error: (10/26/2014 02:27:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:27:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:26:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:26:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:25:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:25:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:24:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:24:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:23:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Error: (10/26/2014 02:23:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Management Instrumentation service terminated with the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (10/26/2014 02:24:37 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: 0x800413212014-10-28T13:22:37Z

Error: (10/26/2014 02:18:29 PM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 00:59:24 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: 0x800413212014-10-28T13:22:24Z

Error: (10/26/2014 00:53:15 PM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 10:19:01 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe9.0.8112.16575bf401cff121ee407d020C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/26/2014 09:31:52 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: 0x800413212014-10-28T13:22:52Z

Error: (10/26/2014 09:25:43 AM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 09:17:20 AM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

Error: (10/26/2014 08:13:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: 0x800413212014-10-28T13:22:13Z

Error: (10/26/2014 08:07:12 AM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\Mlaukha0x8007003aThe specified server cannot perform the requested operation.

CodeIntegrity Errors:

===================================

Date: 2014-02-20 16:52:09.201

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-02-20 16:30:44.036

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-02-20 16:17:27.247

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-05-09 14:52:28.718

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-05-09 14:44:28.257

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-05-09 14:27:52.657

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-05-09 14:15:33.986

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-05-09 14:02:12.241

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-05-09 13:51:09.562

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-05-05 18:24:22.927

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i5-2540M CPU @ 2.60GHz

Percentage of memory in use: 34%

Total physical RAM: 3240.9 MB

Available physical RAM: 2118.96 MB

Total Pagefile: 6480.09 MB

Available Pagefile: 4976.44 MB

Total Virtual: 2047.88 MB

Available Virtual: 1905.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:161.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DBCEB924)

Partition 1: (Not Active) - (Size=100 MB) - (Type=12)

Partition 2: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

OK. Try this. 

 

SvSrl2h.png Windows Repair (All-in-One)

  • Please download Windows Repair and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-Click tweaking.com_windows_riepair_aio_setup icon to run the installer.
  • Follow the prompts by clicking Next, and finally, Finish.
  • Go to Step 5 and click Create under System Restore, followed by Backup under Registry Backup.
  • Go to the Repairs tab and click Open Repairs. Ensure only the following items have a checkmark.
    • Reset Registry Permissions
    • Reset File Permissions
    • Repair WMI
  • Note: Do NOT use your computer whilst the programme is running. 
  • Upon completion, reboot your computer. 
  • Using Windows Explorer, navigate to the following folder:
    • 32-bit Systems: C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  • Open the log. Copy the contents and paste in your next reply.
  • Re-run FSS.exe and post the log (FSS.txt) generated. 
Link to post
Share on other sites

Adam,

I was unable to disable my anti-virus program. This is a company computer and I don't have the password to do it.

Here is the log from WindowsRepair:

Tweaking.com - Windows Repair v2.10.0

--------------------------------------------------------------------------------

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Enterprise

OS Architecture: 32-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: CDG07001538

Windows Drive: C:\

Windows Path: C:\WINDOWS

Program Files: C:\Program Files

Current Profile: C:\Users\mlaukha

Current Profile SID: S-1-5-21-150485414-301174314-2440751699-8203

Current Profile Classes: S-1-5-21-150485414-301174314-2440751699-8203_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\WINDOWS\ServiceProfiles

Local Settings AppData: C:\Users\mlaukha\AppData\Local

--------------------------------------------------------------------------------

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 00:37:05

Process Count: 79

Commit Total: 1.63 GB

Commit Limit: 6.33 GB

Commit Peak: 1.74 GB

Handle Count: 25524

Kernel Total: 317.00 MB

Kernel Paged: 243.31 MB

Kernel Non Paged: 73.69 MB

System Cache: 1.58 GB

Thread Count: 939

--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.16 GB

Memory Used: 1.23 GB(38.9968%)

Memory Avail.: 1.93 GB

--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 3.16 GB

Memory Used: 1.05 GB(33.3106%)

Memory Avail.: 2.11 GB

--------------------------------------------------------------------------------

Starting Repairs...

Started at (10/26/2014 2:54:24 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...

Total Missing 'InstallDate' Fixed: 53

01 - Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (10/26/2014 2:54:25 PM)

Running Repair Under Current User Account

Done (10/26/2014 2:54:33 PM)

01 - Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (10/26/2014 2:54:33 PM)

Running Repair Under System Account

Done (10/26/2014 2:57:04 PM)

01 - Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (10/26/2014 2:57:05 PM)

Running Repair Under System Account

Done (10/26/2014 2:58:03 PM)

02 - Reset File Permissions: C:

C: & Sub Folders

Start (10/26/2014 2:58:03 PM)

Trying To Run Repair As Trusted Installer.

This Repair Is Hidden By Windows Itself.

You Can See The Repair Working In The Task Manager.

Running Repair As Trusted Installer

Done (10/26/2014 3:02:54 PM)

02 - Reset File Permissions: All Profiles

C:\Users & Sub Folders

Start (10/26/2014 3:02:54 PM)

Running Repair Under System Account

Done (10/26/2014 3:04:13 PM)

02 - Reset File Permissions: Current Profile

C:\Users\mlaukha & Sub Folders

Start (10/26/2014 3:04:14 PM)

Running Repair Under System Account

Done (10/26/2014 3:05:17 PM)

02 - Reset File Permissions: Cleanup

Repairing Restricted Folders Permissions To Avoid Infinite Loops

Start (10/26/2014 3:05:17 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (10/26/2014 3:05:20 PM)

05 - Repair WMI

Start (10/26/2014 3:05:20 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...

No Antivirus Products Reported.

Exporting AntiSpyware Info...

No AntiSpyware Products Reported.

Exporting 3rd Party Firewall Info...

No Firewall Products Reported.

Running Repair Under Current User Account

Done (10/26/2014 3:10:21 PM)

Cleaning up empty logs...

All Selected Repairs Done.

Done at (10/26/2014 3:10:21 PM)

Total Repair Time: 00:15:59

...YOU MUST RESTART YOUR SYSTEM...

And the FSS.txt:

Farbar Service Scanner Version: 21-07-2014

Ran by Mlaukha (administrator) on 26-10-2014 at 15:19:15

Running from "C:\Users\mlaukha\Desktop"

Microsoft Windows 7 Enterprise Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

"NoAutoUpdate"=DWORD:1

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\WINDOWS\system32\nsisvc.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\WINDOWS\system32\dhcpcore.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed

C:\WINDOWS\system32\Drivers\tdx.sys => File is digitally signed

C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed

C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed

C:\WINDOWS\system32\mpssvc.dll => File is digitally signed

C:\WINDOWS\system32\bfe.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\WINDOWS\system32\SDRSVC.dll => File is digitally signed

C:\WINDOWS\system32\vssvc.exe => File is digitally signed

C:\WINDOWS\system32\wscsvc.dll => File is digitally signed

C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed

C:\WINDOWS\system32\wuaueng.dll => File is digitally signed

C:\WINDOWS\system32\qmgr.dll => File is digitally signed

C:\WINDOWS\system32\es.dll => File is digitally signed

C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed

C:\WINDOWS\system32\iphlpsvc.dll => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

**** End of log ****

Link to post
Share on other sites

No problem about disabling your Anti-Virus. 
 
Please provide an update on your computer after completing the steps below. Are there any outstanding issues?
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log
  • Are there any outstanding issues?
Link to post
Share on other sites

MBAM:
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/26/2014
Scan Time: 4:11:11 PM
Logfile: mbam 10-26-14.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.26.07
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Mlaukha

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 448781
Time Elapsed: 37 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Eset:

C:\FRST\Quarantine\C\Users\mlaukha\AppData\LocalLow\amjyazm.dll.xBAD a variant of Win32/Kryptik.CJGL trojan
C:\FRST\Quarantine\C\Users\mlaukha\AppData\LocalLow\ftpitm.dll.xBAD a variant of MSIL/Injector.FWI trojan
C:\FRST\Quarantine\C\Users\mlaukha\AppData\Roaming\cmljgc.dll.xBAD Win32/Viknok.M trojan
C:\FRST\Quarantine\C\Users\mlaukha\AppData\Roaming\gkditw.dll.xBAD Win32/Viknok.M trojan
C:\FRST\Quarantine\C\Users\mlaukha\AppData\Roaming\rtbuay.dll.xBAD Win32/Viknok.M trojan
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\eqwommeuosk.tmp a variant of Win32/Kryptik.CMYB trojan
C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\eqwommeuosk.tmp a variant of Win32/Kryptik.CMYB trojan
C:\Users\mlaukha\Downloads\Java_Setup.exe Win32/InstallCore.MM potentially unwanted application
 

I think things are working pretty well.

Does it mean anything if, when I run CleanUp!, there are cookies from websites that I've never been to?

Link to post
Share on other sites

Hi Mike, 
 

Does it mean anything if, when I run CleanUp!, there are cookies from websites that I've never been to?

I don't quite know what you're referring to here. Where are you running "CleanUp!"?
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startC:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}C:\Users\mlaukha\Downloads\Java_Setup.exeEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
EtQetiM.png Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Shockwave Player 11.5
    • Java™ 6 Update 45 
  • Follow the prompts, and reboot if necessary.
     

STEP 4
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • checkup.txt
Link to post
Share on other sites

Hi Adam,

Sorry for taking so long. The java update was a pita - one of my company's programs only runs on the older version. I took care of that. I think I did the Windows Updat - that didn't work at first either. And I couldn't do the Adobe Shockwave update.

Everything is working pretty well, so you can probably close me out, unless you see something in these texts.

First, the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014
Ran by Mlaukha at 2014-10-27 14:48:47 Run:3
Running from C:\Users\mlaukha\Desktop
Loaded Profile: Mlaukha (Available profiles: Mlaukha & bradmin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
C:\Users\mlaukha\Downloads\Java_Setup.exe
EmptyTemp:
end
*****************

"C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}" directory move:

Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\333c1a3f07c8a" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\ecqwayks.tmp" => Scheduled to move on reboot.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\eqwommeuosk.tmp => Moved successfully.
Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}" directory. => Scheduled to move on reboot.

"C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}" directory move:

Could not move "C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\333c1a3f07c8a" => Scheduled to move on reboot.
Could not move "C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\ecqwayks.tmp" => Scheduled to move on reboot.
Could not move "C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll" => Scheduled to move on reboot.
Could not move "C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}" directory. => Scheduled to move on reboot.

C:\Users\mlaukha\Downloads\Java_Setup.exe => Moved successfully.
EmptyTemp: => Removed 249.6 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-27 14:52:01)<=

C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\333c1a3f07c8a => Is moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\ecqwayks.tmp => Is moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll => Is moved successfully.
C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} => Is moved successfully.
C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\333c1a3f07c8a => Is moved successfully.
C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\ecqwayks.tmp => Is moved successfully.
C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\fwcfg.dll => Is moved successfully.
C:\Users\All Users\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} => Is moved successfully.

==== End of Fixlog ====

 

Now the checkup:

Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Trend Micro OfficeScan Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Java 8 Update 25 
 Java version out of Date!
 Adobe Flash Player  15.0.0.152 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbam.exe 
 Trend Micro OfficeScan Client pccntmon.exe
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Trend Micro OfficeScan Client ntrtscan.exe 
 Trend Micro OfficeScan Client tmlisten.exe 
 Trend Micro OfficeScan Client CNTAoSMgr.exe 
 Trend Micro OfficeScan Client TmProxy.exe 
 Trend Micro BM TMBMSRV.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.