Jump to content

Infection: dllhost.exe powershell.exe conhost.exe


Recommended Posts

Ran Malwarebytes, trend micro office scan, and windows defender bootable USB stick.

 

It found some trojans, but can't find this.

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by jlandrith (administrator) on LASLJLANDRITH on 06-11-2014 07:46:51
Running from C:\Backup\Installers\Security Software\Malwarebytes Toolbox
Loaded Profiles: jlandrith & Administrator (Available profiles: jlandrith & Help & svanter & Admin & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Business Oriented Software Solutions, Inc) C:\Program Files\BOSSClient\DEClntNT50.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(PFU LIMITED) C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
(Intel Corporation) C:\Program Files\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\System32\srvany.exe
(O2Micro.) C:\Windows\System32\SDIOAssist.exe
(Pharos Systems International) C:\Program Files\PharosSystems\Core\CTskMstr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Symantec) C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Business Oriented Software Solutions, Inc) C:\Program Files\BOSSClient\DEShell50.exe
(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(PFU LIMITED) C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
(FUJITSU LIMITED) C:\Windows\twain_32\fjscan32\FjtwMkup.exe
(PFU LIMITED) C:\Windows\PIXTRAN\fujitsu\FiWiaChecker.exe
(PFU LIMITED) C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Trio Sync) C:\Program Files\Trio Sync\TrioSync.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [488816 2011-01-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5955072 2011-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Client Access Service] => C:\Program Files\IBM\Client Access\cwbsvstr.exe [14848 2007-12-11] (IBM Corporation)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1529600 2013-07-24] (Trend Micro Inc.)
HKLM\...\Run: [DiagWinShell] => C:\Program Files\BOSSClient\DEShell50.EXE [53248 2011-06-16] (Business Oriented Software Solutions, Inc)
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [698224 2012-07-27] (Palo Alto Networks)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.ex
HKLM\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [139264 2012-01-23] (FUJITSU LIMITED)
HKLM\...\Run: [**FjISIS WIA Service Checker<*>] => C:\Windows\pixtran\fujitsu\FiWiaChecker.exe [139264 2012-01-23] (FUJITSU LIMITED) <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [FTPWRENV] => C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe [45056 2007-10-16] (PFU LIMITED)
HKLM\...\Run: [FiWIA Service Checker] => C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe [86016 2009-10-21] (PFU LIMITED)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-03-04] (RealNetworks, Inc.)
HKLM\...\Run: [symantec System Recovery 2013] => C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe [3263816 2013-04-24] (Symantec Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-25] (Sonic Solutions)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [useDefaultTile] 1
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Run: [KLConnect.exe] => C:\Program Files\KnowledgeLake\Connect\KLConnect.exe [864256 2008-03-07] (KnowledgeLake)
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19049120 2014-08-12] (Microsoft Corporation)
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Run: [Google Update] => C:\Users\jlandrith\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-18] (Google Inc.)
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Run: [DellSystemDetect] => C:\Users\jlandrith\AppData\Local\Apps\2.0\1YCE7RVL.MQ8\7PX8QG86.GL3\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Run: [cpurmduj] => rundll32 "C:\Windows\kvgxqpkz.dll",Register
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Policies\system: [Wallpaper] C:\u-win\bground.jpg
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...\Policies\system: [WallpaperStyle] 3
HKU\S-1-5-21-1323509411-880687258-8547516-12094\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trio Sync.lnk
ShortcutTarget: Trio Sync.lnk -> C:\Windows\Installer\{42533793-7298-440F-8141-BAF2491E2C0C}\TrioSync.exe1_EAA576D0B2474646B8A81D952FC12499.exe (Flexera Software LLC)
Startup: C:\Users\jlandrith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Communicator.vbs ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: peter:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - DefaultScope {0248C4F0-805F-4CED-8EB8-22D20F18279F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7RNLA_enUS524
SearchScopes: HKCU - {0248C4F0-805F-4CED-8EB8-22D20F18279F} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7RNLA_enUS524
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: WebCGMHlprObj Class -> {56B38F40-4E70-11d4-A076-0080AD86BA2F} -> C:\Windows\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Users\jlandrith\AppData\Roaming\LastPass\LPToolbar.dll (LastPass)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Users\jlandrith\AppData\Roaming\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://secure2.cashmanequipment.com/public/download/urxvpn.cab#version=7101,2014,409,103
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://secure2.cashmanequipment.com/public/download/f5tunsrv.cab#version=7101,2014,409,103
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://secure2.cashmanequipment.com/public/download/InstallerControl.cab#7101,2014,409,103
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://secure2.cashmanequipment.com/public/download/urxshost.cab#7101,2014,409,103
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP4-17152/webex/ieatgpc1.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://secure2.cashmanequipment.com/public/download/urxhost.cab#version=7101,2014,409,103
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
Handler: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - C:\Program Files\WildPackets\OmniPeek\peekrecon.dll (WildPackets, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.155.10.193 10.155.10.9 10.155.10.194

FireFox:
========
FF ProfilePath: C:\Users\jlandrith\AppData\Roaming\Mozilla\Firefox\Profiles\u0smv8oy.default
FF Homepage: about:blank
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Users\jlandrith\AppData\Roaming\LastPass\nplastpass.dll (LastPass)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ptc.com/ProductViewLite -> C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\jlandrith\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: google.com/WidevineMediaOptimizer -> C:\Users\jlandrith\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\OfficeScan Client\FirefoxExtension [2013-12-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-04]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - {22C7F6C6-8D67-4534-92B5-529A0EC09405} [Not Found]
FF Extension: No Name - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-19]
CHR Extension: (Google Drive) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-19]
CHR Extension: (Google Search) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-26]
CHR Extension: (RealDownloader) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-21]
CHR Extension: (Google Wallet) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Gmail) - C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-19]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation) [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1160888 2013-09-11] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [465592 2013-09-11] (Microsoft Corporation)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.)
R2 DEClntService50; C:\Program Files\BOSSClient\DEClntNT50.exe [413696 2011-06-16] (Business Oriented Software Solutions, Inc) [File not signed]
S3 Emc.Captiva.WebCaptureService; C:\Program Files\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [39936 2012-04-04] (EMC Corporation) [File not signed]
S3 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-02-20] (Macrovision Europe Ltd.) [File not signed]
R2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [210896 2010-11-29] (Intel Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2308280 2013-09-17] (Trend Micro Inc.)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
R2 O2SDIOAssist; c:\Windows\system32\srvany.exe [8192 2003-04-18] () [File not signed]
S3 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [1211248 2012-07-27] (Palo Alto Networks)
S3 PanGPUpdater; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPUpdater.exe [852336 2012-07-27] (Palo Alto Networks)
R2 Pharos Systems ComTaskMaster; C:\Program Files\PharosSystems\Core\CTskMstr.exe [339456 2012-12-13] (Pharos Systems International) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-25] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-25] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-25] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [217272 2013-09-11] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [228824 2012-04-03] (SonicWALL, Inc.)
R2 Symantec System Recovery; C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe [4749640 2013-04-24] (Symantec Corporation)
R3 SymTrackService; C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\Service\SymTrackService.exe [2256856 2013-04-23] (Symantec)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2337136 2011-03-04] (Wave Systems Corp.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-06-13] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2251888 2013-07-23] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)
R2 uvnc_service; C:\Program Files\UltraVNC\winvnc.exe [1737200 2011-11-02] (UltraVNC)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [714832 2013-08-05] (VMware, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5210112 2011-01-15] (Dell Inc.) [File not signed]
S2 SessionLauncher; C:\Users\JLANDR~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2011-01-15] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
R2 CANNT; C:\Windows\system32\Drivers\CANNT.sys [23584 2011-02-09] (Noregon Systems) [File not signed]
R2 CATLNKNT; C:\Windows\system32\Drivers\CATLNKNT.sys [23712 2011-02-09] (Noregon Systems) [File not signed]
R2 CipcCdp; C:\Windows\System32\DRIVERS\CipcCdp.sys [24000 2010-07-21] (Cisco Systems)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R2 DLADRVNT; C:\Windows\system32\Drivers\DLADRVNT.sys [32832 2011-02-09] (Noregon Systems) [File not signed]
R2 DLASIPNT; C:\Windows\system32\Drivers\DLASIPNT.sys [82752 2011-02-09] (Noregon Systems) [File not signed]
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [109144 2011-08-04] (Citrix Systems, Inc.)
S3 f5ipfw; C:\Windows\system32\drivers\urfltwlh.sys [28392 2014-04-08] (F5 Networks, Inc.)
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [59800 2013-03-26] (Symantec Corporation)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41936 2013-08-05] (VMware, Inc.)
R2 J1708NT; C:\Windows\system32\Drivers\J1708NT.sys [23296 2011-02-09] (Noregon Systems) [File not signed]
R2 J1939NT; C:\Windows\system32\Drivers\J1939NT.sys [24320 2011-02-09] (Noregon Systems) [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [36280 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [35256 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
R1 NetworkX; C:\Windows\System32\ckldrv.sys [23360 2010-03-18] ()
S3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro )
R3 PanGpd; C:\Windows\System32\DRIVERS\pangpd.sys [32256 2012-07-27] (Palo Alto Networks)
R2 PARCAII; C:\Windows\system32\Drivers\PARCAII.sys [14602 2011-02-09] (Noregon Systems\Vansco Electronics) [File not signed]
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 PCSMHNT; C:\Windows\system32\Drivers\PCSMHNT.sys [40000 2011-02-09] (Noregon Systems) [File not signed]
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R2 SPCD; C:\Windows\system32\drivers\spcd.sys [29072 2011-03-29] (Calabrio)
R0 SSRFsF; C:\Windows\System32\DRIVERS\SSRFsF.sys [25592 2013-04-23] (Symantec)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [84112 2012-04-03] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2012-02-07] (SonicWALL, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [75600 2013-06-13] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [262560 2013-06-27] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62704 2013-06-13] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-06-18] (Trend Micro Inc.)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnwlh.sys [40528 2013-12-11] (F5 Networks, Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
R0 Vtrack; C:\Windows\System32\DRIVERS\VTrack.sys [314872 2013-04-23] (Symantec)
S3 GearAspiWDM; No ImagePath
U5 UnlockerDriver5; C:\Backup\Personal Drive\Training-Certification\unlocker1.9.0-portable\x86\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 07:46 - 2014-11-06 07:47 - 00000000 ____D () C:\FRST
2014-11-05 18:21 - 2014-11-05 18:21 - 430821488 _____ () C:\Users\jlandrith\Desktop\Logfile, conhost.exe, powershell.exe, dll.PML
2014-11-05 16:34 - 2014-11-05 16:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-11-05 16:07 - 2014-11-05 16:07 - 00000140 _____ () C:\PanGPA.log
2014-11-05 09:38 - 2014-11-05 09:38 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-11-05 06:17 - 2014-11-05 07:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 06:16 - 2014-11-05 06:16 - 00001056 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 06:16 - 2014-11-05 06:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 06:16 - 2014-11-05 06:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 06:16 - 2014-11-05 06:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-05 06:16 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-05 06:16 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-05 06:16 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-04 18:02 - 2014-11-04 18:02 - 00038400 _____ () C:\Windows\kvgxqpkz.dll
2014-11-04 17:27 - 2014-11-05 07:34 - 00000000 ____D () C:\Users\jlandrith\AppData\Roaming\Vyhiga
2014-11-04 17:27 - 2014-11-05 07:34 - 00000000 ____D () C:\Users\jlandrith\AppData\Roaming\Lyiqseg
2014-11-04 17:27 - 2014-11-05 07:34 - 00000000 ____D () C:\Users\jlandrith\AppData\Roaming\Abovypih
2014-11-04 09:34 - 2014-11-04 09:34 - 00000000 ____D () C:\Users\jlandrith\AppData\Roaming\Mozilla
2014-11-04 09:34 - 2014-11-04 09:34 - 00000000 ____D () C:\Users\jlandrith\AppData\Local\Mozilla
2014-11-04 09:33 - 2014-11-04 09:33 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-04 09:33 - 2014-11-04 09:33 - 00001101 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-04 09:33 - 2014-11-04 09:33 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-04 09:33 - 2014-11-04 09:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-03 08:10 - 2014-11-03 08:13 - 00001112 _____ () C:\Windows\cfgrs.ini
2014-11-03 08:10 - 2014-11-03 08:13 - 00000134 _____ () C:\Windows\cfgrs_ex.ini
2014-11-03 06:03 - 2014-11-03 06:03 - 00000414 _____ () C:\Windows\DCEBOOT.RST
2014-11-03 06:03 - 2014-11-03 06:03 - 00000000 _____ () C:\Windows\DCEBOOT.LOG
2014-11-02 11:08 - 2014-11-02 12:09 - 00000000 ____D () C:\Users\jlandrith\Documents\PlanningShop_BizPlanFin
2014-11-02 11:08 - 2014-11-02 11:08 - 00001058 _____ () C:\Users\jlandrith\Desktop\Planning Shop - Business Plan Financials.lnk
2014-11-02 11:08 - 2014-11-02 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlanningShop
2014-11-02 00:41 - 2014-11-02 00:41 - 00021528 _____ () C:\Windows\DCEBoot.exe
2014-10-31 16:01 - 2014-10-31 16:01 - 00738857 _____ () C:\Users\jlandrith\Downloads\documents-export-2014-10-31 (1).zip
2014-10-30 06:06 - 2014-10-30 06:08 - 00125334 _____ () C:\Users\jlandrith\file-n.txt
2014-10-23 10:22 - 2014-10-23 10:22 - 01502208 _____ () C:\Users\jlandrith\Desktop\Port Map Information.vsd
2014-10-18 15:51 - 2014-10-18 15:51 - 00000028 _____ () C:\Windows\system32\u
2014-10-18 15:50 - 2014-10-18 15:50 - 00049152 _____ () C:\Windows\system32\opunzuu.dll
2014-10-18 15:50 - 2014-10-18 15:50 - 00039424 _____ () C:\Windows\system32\ytnbka.dll
2014-10-18 15:50 - 2014-10-18 15:50 - 00000000 _____ () C:\Windows\system32\jjhmlc.dll
2014-10-18 11:34 - 2014-10-18 11:34 - 00131072 _____ () C:\Windows\Minidump\101814-17612-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 07:48 - 2012-09-14 09:37 - 03771105 _____ () C:\Users\jlandrith\PanGPA.log
2014-11-06 07:28 - 2011-06-29 10:24 - 00000000 ____D () C:\u-win
2014-11-06 07:09 - 2012-05-04 13:20 - 00009323 _____ () C:\Windows\cfgall.ini
2014-11-06 07:08 - 2012-05-04 14:43 - 01284159 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 07:03 - 2012-05-04 13:19 - 01718226 _____ () C:\Windows\system32\TmInstall.log
2014-11-06 07:03 - 2011-06-29 09:14 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-06 07:01 - 2014-06-27 18:47 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323509411-880687258-8547516-12094UA.job
2014-11-06 07:01 - 2014-06-27 18:47 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323509411-880687258-8547516-12094Core.job
2014-11-05 22:03 - 2011-06-13 17:24 - 00817090 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 20:44 - 2013-02-19 15:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 18:37 - 2009-07-13 20:34 - 00013440 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 18:37 - 2009-07-13 20:34 - 00013440 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 18:14 - 2013-02-22 13:50 - 00000000 ____D () C:\Users\jlandrith\Desktop\Key Folders
2014-11-05 16:37 - 2013-03-01 10:37 - 00000568 _____ () C:\Windows\SMSCFG.ini
2014-11-05 16:33 - 2011-06-29 10:34 - 00050536 _____ () C:\Windows\error.log
2014-11-05 16:33 - 2009-07-13 18:04 - 00000498 _____ () C:\Windows\win.ini
2014-11-05 16:08 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 16:08 - 2009-07-13 20:39 - 00058510 _____ () C:\Windows\setupact.log
2014-11-05 16:07 - 2011-06-29 10:34 - 00016905 _____ () C:\Windows\errord.log
2014-11-05 13:52 - 2011-06-13 19:04 - 00068166 _____ () C:\Windows\PFRO.log
2014-11-05 07:16 - 2013-02-25 09:08 - 00000000 ____D () C:\Users\Admin
2014-11-05 07:16 - 2011-06-29 10:27 - 00000000 ____D () C:\Users\svanter
2014-11-05 07:16 - 2011-06-29 10:24 - 00000000 ____D () C:\Users\help
2014-11-05 06:56 - 2013-01-04 07:55 - 111340938 _____ () C:\Users\jlandrith\PanGPA.dmp
2014-11-04 10:28 - 2014-08-25 13:30 - 00000000 ____D () C:\Users\jlandrith\AppData\Local\Adobe
2014-11-04 09:34 - 2013-11-17 11:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-03 09:59 - 2008-11-03 15:49 - 00000000 ____D () C:\TFTP-Root
2014-11-03 08:37 - 2012-09-14 09:37 - 05242903 _____ () C:\Users\jlandrith\PanGPA.log.old
2014-11-03 08:37 - 2012-05-04 13:32 - 00000000 ____D () C:\Users\jlandrith
2014-11-03 06:03 - 2009-07-13 20:33 - 00432616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-02 11:08 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Help
2014-11-02 00:41 - 2013-06-07 12:52 - 00181272 _____ () C:\Windows\RegBootClean.exe
2014-10-30 18:18 - 2012-09-14 14:24 - 00115400 _____ () C:\Users\jlandrith\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-30 07:19 - 2013-11-21 17:28 - 00004510 _____ () C:\Users\jlandrith\AppData\Roaming\CamStudio.cfg
2014-10-30 07:19 - 2013-11-21 17:28 - 00000408 _____ () C:\Users\jlandrith\AppData\Roaming\CamShapes.ini
2014-10-30 07:19 - 2013-11-21 17:28 - 00000408 _____ () C:\Users\jlandrith\AppData\Roaming\CamLayout.ini
2014-10-30 07:19 - 2013-11-21 17:28 - 00000096 _____ () C:\Users\jlandrith\AppData\Roaming\Camdata.ini
2014-10-30 06:32 - 2014-03-19 14:29 - 00000000 ____D () C:\Program Files\Motorola Mobility
2014-10-30 06:32 - 2011-06-13 17:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-30 06:30 - 2011-06-29 12:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-30 06:05 - 2012-03-06 09:32 - 00039186 _____ () C:\Users\jlandrith\file.txt
2014-10-29 14:38 - 2013-02-19 10:58 - 00000000 ____D () C:\Users\jlandrith\AppData\Roaming\FileZilla
2014-10-29 11:56 - 2013-02-19 15:35 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-29 09:18 - 2013-02-19 15:34 - 00000000 ____D () C:\Users\jlandrith\AppData\Local\Deployment
2014-10-22 22:32 - 2013-04-16 08:57 - 00000000 ____D () C:\Program Files\Citrix
2014-10-22 22:31 - 2014-09-22 12:33 - 00000093 _____ () C:\Users\jlandrith\AppData\Roaming\ARCompanion.log
2014-10-22 22:29 - 2013-05-09 10:50 - 00000000 ____D () C:\Users\jlandrith\AppData\Local\Citrix
2014-10-22 16:41 - 2012-09-14 09:39 - 00003792 _____ () C:\Users\jlandrith\PanPortalCfg.dat
2014-10-19 14:45 - 2008-08-30 14:05 - 00000000 ____D () C:\Temp
2014-10-19 08:45 - 2013-04-05 06:01 - 00000822 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2014-10-18 19:39 - 2013-02-19 15:34 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-18 11:37 - 2013-03-01 10:37 - 00000000 ____D () C:\Windows\CCM
2014-10-18 11:34 - 2013-06-04 15:54 - 00000000 ____D () C:\Windows\Minidump
2014-10-18 11:34 - 2013-06-04 15:53 - 490414042 _____ () C:\Windows\MEMORY.DMP
2014-10-16 07:07 - 2013-05-15 06:12 - 00000000 ____D () C:\Users\jlandrith\AppData\Roaming\VMware

Files to move or delete:
====================
C:\Windows\pixtran\fujitsu\FiWiaChecker.exe
C:\Users\jlandrith\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\jlandrith\PanPortalCfg (1).dat
C:\Users\jlandrith\PanPortalCfg.dat

Some content of TEMP:
====================
C:\Users\help\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\jlandrith\AppData\Local\Temp\AcDeltree.exe
C:\Users\jlandrith\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\jlandrith\AppData\Local\Temp\DelayInst.exe
C:\Users\jlandrith\AppData\Local\Temp\Execute2App.exe
C:\Users\jlandrith\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\jlandrith\AppData\Local\Temp\installservice.exe
C:\Users\jlandrith\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\jlandrith\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih_1.exe
C:\Users\jlandrith\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih_2.exe
C:\Users\jlandrith\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\jlandrith\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\jlandrith\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\jlandrith\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\jlandrith\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\jlandrith\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\jlandrith\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\jlandrith\AppData\Local\Temp\lowproc.exe
C:\Users\jlandrith\AppData\Local\Temp\msvcp90.dll
C:\Users\jlandrith\AppData\Local\Temp\msvcr90.dll
C:\Users\jlandrith\AppData\Local\Temp\rnupdate0.exe
C:\Users\jlandrith\AppData\Local\Temp\stubhelper.dll
C:\Users\jlandrith\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\jlandrith\AppData\Local\Temp\yuoyxhkh.dll
C:\Users\jlandrith\AppData\Local\Temp\_is12BD.exe
C:\Users\jlandrith\AppData\Local\Temp\_isAA1C.exe
C:\Users\jlandrith\AppData\Local\Temp\_isADA5.exe
C:\Users\jlandrith\AppData\Local\Temp\_isC24D.exe
C:\Users\jlandrith\AppData\Local\Temp\_isE34D.exe
C:\Users\lat-e5420image\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-06 01:02

==================== End Of Log ============================

 

 

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by jlandrith at 2014-11-06 07:48:25
Running from C:\Backup\Installers\Security Software\Malwarebytes Toolbox
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.1 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics)
Adobe Acrobat  9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,9,971,247 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arbortext IsoView 7.1 (HKLM\...\{08D9CAD3-48A1-4033-B794-82E97BE8E9CC}) (Version: 7.1.60.09 - PTC)
AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden
Beyond Compare Version 3.3.5 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)
BIG-IP Edge Client Components (All Users) (HKLM\...\F5 Networks Client Components) (Version: 71.2014.0409.0103 - F5 Networks, Inc.)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
Business Plan Pro (HKLM\...\{F21369D1-DEB9-4724-8747-B56602F14F86}) (Version: 12.00.0026 - Palo Alto Software, Inc.)
calibre (HKLM\...\{3FCC9F13-F01B-4D81-8919-ED9D8DB457E5}) (Version: 0.9.20 - Kovid Goyal)
Chanalyzer Pro (HKLM\...\{109D7BFA-1AB7-4D7E-BA3C-AA4186E96451}) (Version: 1.2.4.41 - MetaGeek, LLC)
Cisco ASDM-IDM Launcher (HKLM\...\{4C1F9420-7CB2-499B-BAC2-6B086E6CED04}) (Version: 1.5.69 - Cisco Systems, Inc.)
Cisco Desktop Administrator (HKLM\...\{CF5A6F84-C3C1-4F25-A58F-C569F7A31E7E}) (Version: 85.1.417 - Calabrio Inc.)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco IP Communicator (HKLM\...\{C450E640-716E-478E-A9B9-BD0EFD53C9CD}) (Version: 7.0.5.0 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco Supervisor Desktop (HKLM\...\{7F5AE575-EE11-4D27-ACB8-FE00E7D62011}) (Version: 85.1.417 - Calabrio Inc.)
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco Unified CCX Editor_851 (HKLM\...\Cisco Unified CCX Editor_851) (Version: 8.0.1161.0 - Cisco Systems)
Cisco Unified CCX Historical Reports (HKLM\...\{D54570B7-F7A5-4349-A1AE-44892F7F7C2D}) (Version: 2.0.0.0 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.000 - Dell Inc.)
Dell Data Protection | Access (Version: 01.00.01.000 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{43CFE88C-A97B-4875-9BCC-E93EC0EEEEA4}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.116 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Document Express DjVu Plug-in (HKLM\...\{93B1814F-A37C-44B5-8988-7C6379FF5CF6}) (Version: 6.1.24569 - Caminova, Inc.)
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
DWG TrueView 2010 (HKLM\...\DWG TrueView 2010) (Version: 18.0.55.0 - Autodesk)
DWG TrueView 2010 (Version: 18.0.55.0 - Autodesk) Hidden
EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden
Error Recovery Guide for fi-6670(A)/fi-6770(A)/fi-6750S (HKLM\...\{498C65E4-2494-4CD7-869B-A1666EAA04E4}) (Version: 2.0 - PFU)
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FileZilla Server (HKLM\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
fi-Scanner manuals for fi-6670(A)/fi-6770(A)/fi-6750S (HKLM\...\{E026CD4C-4330-42F4-94DB-6CF84C8481BD}) (Version: 1.00.04 - PFU)
Fitbit Connect (HKLM\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
freeFTPd 1.0.12 (HKLM\...\70DBC326-7505-4913-A0C1-C6BD87C1859D_is1) (Version:  - Kresimir Petric)
Fujitsu ScandAll PRO (Version: 1.07.0016.22 - PFU LIMITED) Hidden
Fujitsu ScandAll PRO V1.7 (HKLM\...\InstallShield_{41971606-2FC5-426E-901A-91977FE3F2AC}) (Version: 1.07.0016.22 - PFU LIMITED)
FUJITSU Scanner USB HotFix (HKLM\...\{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}) (Version: 1.00.0000 - PFU)
GEAR driver installer 4.020 (HKLM\...\{983CFCAC-5C96-4018-8BEC-D6581644C654}) (Version: 4.020.5 - GEAR Software)
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
GlobalProtect (HKLM\...\{03245EAA-37B4-4CE7-B28C-CACCD91D1FF7}) (Version: 1.1.6 - Palo Alto Networks)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HP Color LaserJet 3600 (02/27/2007 61.063.461.41) (HKLM\...\hpc3600e) (Version: 02/27/2007 61.063.461.41 - HP)
IBM Informix Client-SDK 3.00 (Version: 3.00 - IBM Informix) Hidden
IBM System i Access for Windows V6R1M0 (HKLM\...\{164EB883-354E-4290-AD76-67CEE65403A3}) (Version: 06.01.0001 - IBM)
Intel® Identity Protection Technology 1.0.71.0 (HKLM\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
ISIS Driver Bundle Installer for fi Series Scanners (HKLM\...\{4B07E034-8AC7-4960-83A2-98EC96750CD6}) (Version: 1.1.11211.1001 - EMC Captiva)
ISIS Driver Bundle Installer for fi Series Scanners (Version: 1.1.11211.1001 - EMC Captiva) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.3.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.5 - )
Kofax VRS (HKLM\...\{3722ACB9-61F8-443D-AD1D-56CF64669B49}) (Version: 5.00.644 - Kofax, Inc.)
LastPass (uninstall only) (HKCU\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Lync Basic 2013 (HKLM\...\Office15.LYNCENTRY) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Standard 2007 (HKLM\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE) (Version:  - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NetSurveyor 2.0.9467.0 (HKLM\...\NetSurveyor_is1) (Version:  - Nuts About Nets, LLC)
Netwaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Network Stumbler 0.4.0 (remove only) (HKLM\...\Network Stumbler) (Version:  - )
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.23 - O2Micro International LTD.) Hidden
O2Micro OZ776 SCR Driver (HKLM\...\InstallShield_{77FDE44F-3564-4E90-B054-68D1A00FEB6D}) (Version: 1.1.4.210GS - O2Micro)
O2Micro OZ776 SCR Driver (Version: 1.1.4.210GS - O2Micro) Hidden
OmniPeek (Version: 6.5.0 - WildPackets, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Pharos (HKLM\...\Pharos) (Version:  - )
PlanningShop - Business Plan Financials 2.8 (HKLM\...\PlanningShop - Business Plan Financials_is1) (Version:  - PlanningShop)
Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden
ProductView Express 9.1 (HKLM\...\{7F4E3B2E-E724-464B-B11D-F3810B18D8D4}) (Version: 9.1.50.19 - PTC)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
ReACTDesktopClient (HKLM\...\{4B86247A-1D92-4871-965B-A5A69C750F79}) (Version: 2.32.032 - Advanced Software Products Group, Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Real-Time Monitoring Tool 8.7 (HKLM\...\Real-Time Monitoring Tool 8.7) (Version: 8.7.0.0 - Cisco Systems)
Real-Time Monitoring Tool 8.72 (HKLM\...\Real-Time Monitoring Tool 8.72) (Version: 8.72.0.0 - Cisco Systems)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
Scan to Microsoft SharePoint (HKLM\...\{5E72F1EA-B77E-47EB-8639-CE6B7293ED67}) (Version: 3.3.0 - KnowledgeLake)
Scanner Utility for Microsoft Windows V09L21 (HKLM\...\{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}) (Version: 9.11.2.0 - FUJITSU)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-012D-0000-0000-0000000FF1CE}_Office15.LYNCENTRY_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Snagit 9.1 (HKLM\...\{0E6ED660-498C-42F7-9EF4-FB0C96DFC01A}) (Version: 9.1.0.206 - TechSmith Corporation)
Software Operation Panel (HKLM\...\{28A0ED9D-73BF-4F9D-8CDC-A2FD3E96B6E8}) (Version: 3.5.20.0 - PFU LIMITED)
Software Operation Panel (HKLM\...\Software Operation Panel) (Version:  - )
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SonicWALL Global VPN Client (HKLM\...\{52ABB5F7-2B03-4FCD-A83F-63166186BF00}) (Version: 4.7.3 - SonicWALL)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Stay-Linked Administrator v8.0.0 (HKLM\...\Stay-Linked Administrator v8.0.0) (Version:  - )
Support Central - 3.9.0 (HKLM\...\{51512EA8-C10E-4A24-8397-0C1D9C828E15}) (Version: 3.9.0 - Business Oriented Software Solutions, Inc.)
Symantec System Recovery 2013 (HKLM\...\Symantec System Recovery 2013) (Version: 11.0.1.47662 - Symantec Corporation)
Symantec System Recovery 2013 (Version: 11.0.1.47662 - Symantec Corporation) Hidden
TightVNC (HKLM\...\{981B8EDC-E693-4F22-9694-C0FF8E56F134}) (Version: 2.6.4.0 - GlavSoft LLC.)
Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: 10.6.5162 - Trend Micro)
Trio Sync (HKLM\...\{42533793-7298-440F-8141-BAF2491E2C0C}) (Version: 1.3.1.3 - Fortify Technologies)
Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VanDyke Software SecureCRT 6.1 (HKLM\...\{FB9AFA81-FC64-452A-AC30-C992745CC18D}) (Version: 6.1.0 - VanDyke Software, Inc.)
VMware vSphere Client 5.1 (HKLM\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2083 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
WildPackets OmniPeek 6.5 (HKLM\...\{BCDBFD2B-11B4-4C9A-9889-9CC9749EA958}) (Version: 6.5.0 - WildPackets)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.4 (HKLM\...\winscp3_is1) (Version: 5.1.4 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\jlandrith\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\DWG TrueView 2010\DWGVIEWRficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{591E5416-DDC3-45E6-BE9D-C40D0B418F6E}\localserver32 -> C:\Program Files\DWG TrueView 2010\DWGVIEWR.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\DWG TrueView 2010\DWGVIEWR.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{defa762b-ebc6-4ce2-a48c-32b232aac64d}\InprocServer32 -> C:\Users\jlandrith\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1323509411-880687258-8547516-12094_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jlandrith\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2014-10-20 17:42 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BB711ED-ACB4-46EE-8214-5AD8B70350F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {38B6529B-EC17-433B-B1D0-3E291F797281} - System32\Tasks\{A3915EAD-C27D-D2C5-5558-BB3E80DE6AB2} => C:\Windows\system32\opunzuu.dll [2014-10-18] ()
Task: {3C3845C9-74CA-405B-91F9-41BD8AB32BAB} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {6E07B9C7-C192-4E97-A537-C15245DBE88B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1323509411-880687258-8547516-12094Core => C:\Users\jlandrith\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-18] (Google Inc.)
Task: {76DD1A81-8DF5-42C9-8C0B-DE174C696616} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {777C7C70-D0C9-4D2F-9F27-9D5A8217F652} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1323509411-880687258-8547516-12094 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9A597484-C28C-499E-BEA6-8AEF04E622DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1323509411-880687258-8547516-12094UA => C:\Users\jlandrith\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-18] (Google Inc.)
Task: {A683FE3E-85CF-400C-93D5-7983D3244F17} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A863C171-C34A-4CAB-BB19-47B74A3C3B26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {BD238D25-F2FF-4676-B959-8D25EBF16E46} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1323509411-880687258-8547516-12094 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BD44B547-CC1B-4786-B79B-E23ABE6B69D1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C1EB1066-0AB6-49A6-9D39-4BDD5D32D59C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1323509411-880687258-8547516-12094 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CA226CBB-F898-4FAE-86DF-61998B17424A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1323509411-880687258-8547516-12094 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {EBD70674-E374-4493-B350-45B86B8F895F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1323509411-880687258-8547516-12094 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323509411-880687258-8547516-12094Core.job => C:\Users\jlandrith\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323509411-880687258-8547516-12094UA.job => C:\Users\jlandrith\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 ____N () C:\Windows\system32\vpnapi.dll
2013-12-30 07:57 - 2011-04-01 10:53 - 00499712 _____ () C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
2011-06-13 17:37 - 2003-04-18 18:06 - 00008192 ____N () c:\Windows\system32\srvany.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-11-29 13:59 - 2012-11-29 13:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-06-17 09:59 - 2007-06-18 15:28 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL
2014-11-04 18:02 - 2014-11-04 18:02 - 00038400 _____ () C:\Windows\kvgxqpkz.dll
2011-06-13 17:35 - 2010-12-17 07:24 - 00686704 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-06-13 19:47 - 2011-03-28 09:55 - 00094208 ____N () C:\Windows\System32\IccLibDll.dll
2012-07-27 17:08 - 2012-07-27 17:08 - 00049520 _____ () C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.dll
2014-03-25 11:27 - 2014-03-25 11:27 - 00038400 _____ () C:\Program Files\Trio Sync\hidapi.dll
2014-03-25 11:27 - 2014-03-25 11:27 - 00728576 _____ () C:\Program Files\Trio Sync\libGLESv2.dll
2014-03-25 11:27 - 2014-03-25 11:27 - 00833024 _____ () C:\Program Files\Trio Sync\plugins\platforms\qwindows.dll
2014-03-25 11:27 - 2014-03-25 11:27 - 00048128 _____ () C:\Program Files\Trio Sync\libEGL.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2013-09-17 08:03 - 2013-05-08 01:57 - 02666496 _____ () C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-10-17 11:23 - 2013-10-17 11:23 - 00022696 _____ () C:\Program Files\Microsoft Office\Office15\lynchtmlconvpxy.dll
2014-10-29 11:56 - 2014-10-21 20:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 11:56 - 2014-10-21 20:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 11:56 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 11:56 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-649471300-3297455999-433715167-500 - Administrator - Enabled) => C:\Users\Administrator
CiscoHistRprtUsr (S-1-5-21-649471300-3297455999-433715167-1003 - Administrator - Enabled)
Guest (S-1-5-21-649471300-3297455999-433715167-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 01:09:08 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (11/06/2014 01:05:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/05/2014 02:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: procexp.exe, version: 16.3.0.0, time stamp: 0x53de404d
Faulting module name: procexp.exe, version: 16.3.0.0, time stamp: 0x53de404d
Exception code: 0xc0000417
Fault offset: 0x0009349d
Faulting process id: 0x102c
Faulting application start time: 0xprocexp.exe0
Faulting application path: procexp.exe1
Faulting module path: procexp.exe2
Report Id: procexp.exe3

Error: (11/05/2014 02:02:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: procexp.exe, version: 16.3.0.0, time stamp: 0x53de404d
Faulting module name: procexp.exe, version: 16.3.0.0, time stamp: 0x53de404d
Exception code: 0xc0000417
Fault offset: 0x0009349d
Faulting process id: 0x1494
Faulting application start time: 0xprocexp.exe0
Faulting application path: procexp.exe1
Faulting module path: procexp.exe2
Report Id: procexp.exe3

Error: (11/05/2014 07:43:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/05/2014 07:12:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/05/2014 06:56:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PanGPA.exe, version: 1.0.0.1, time stamp: 0x50133bfb
Faulting module name: mfc90u.dll, version: 9.0.30729.4148, time stamp: 0x4a596d4a
Exception code: 0xc0000005
Fault offset: 0x000b8aaa
Faulting process id: 0x1738
Faulting application start time: 0xPanGPA.exe0
Faulting application path: PanGPA.exe1
Faulting module path: PanGPA.exe2
Report Id: PanGPA.exe3

Error: (11/04/2014 11:15:51 PM) (Source: Symantec System Recovery) (EventID: 100) (User: )
Description: Error EC8F17B7: Cannot create recovery points for job: Drive Backup of RECOVERY (*:\), (C:\), Files (T:\).
 Error E7D1001F: Unable to write to file.
  Error EBAB03F1: Following Operating System error occurred while performing requested operation: 'The specified network name is no longer available.'
 Error E7D10046: Unable to set file size.
  Error EBAB03F1: Following Operating System error occurred while performing requested operation: 'The specified network name is no longer available.' (UMI:V-281-3215-6071)

Details:
Source: Symantec System Recovery

Error: (11/04/2014 08:08:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2014 06:30:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/06/2014 07:02:53 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/06/2014 06:00:10 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CASHMAN due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/06/2014 04:39:51 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/05/2014 10:00:07 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.

Error: (11/05/2014 08:53:54 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CASHMAN due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/05/2014 05:38:29 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/05/2014 04:37:20 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/05/2014 04:36:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/05/2014 04:36:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/05/2014 04:35:19 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Microsoft Office Sessions:
=========================
Error: (09/24/2014 11:27:11 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 168553 seconds with 5460 seconds of active time.  This session ended with a crash.

Error: (05/06/2014 01:38:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 343 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (05/05/2014 08:33:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10483 seconds with 4800 seconds of active time.  This session ended with a crash.

Error: (11/20/2013 10:44:09 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 75457 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (10/04/2013 06:53:58 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 755066 seconds with 17100 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 71%
Total physical RAM: 3240.93 MB
Available physical RAM: 908.94 MB
Total Pagefile: 6480.16 MB
Available Pagefile: 3780.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1860.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.17 GB) (Free:82.84 GB) NTFS
Drive t: (Files) (Fixed) (Total:175.82 GB) (Free:46.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 49674BB7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=175.8 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

 

Thank you,

John

 

 

Link to post
Share on other sites

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=================================

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    tds2.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

Last:

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

MrC

Link to post
Share on other sites

On TDS killer scan after reboot, you say to check all options, but the screen shot shows only 2 options.

 

- Verify file digital signatures

- Use KSN to scan objects

 

The third option that is not mentioned is

- Detect TDLFS file system

 

Q 1: Do I check the third option?

Q2: I am walled off from the Internet, does KSN mean Kaspersky Network (meaning that I need to allow access to the Interent from my machine)?

 

Thank you,

John

Link to post
Share on other sites

I ran FRST, log attached.

 

I ran TDSSKiller logs attached.

 

I ran ComboFix and it falied at this part:

Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

 

Thank you,

John Landrith

Link to post
Share on other sites

OK...Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please Update and run a Threat Scan (Malwarebytes)

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

MrC

Link to post
Share on other sites

MrC,

 

Did my other logs show up clean from yesterday and last night?

 

I ran AdwCleaner, log attached.

 

I ran JRT in as administrator with antivirus software off, it bombed out after checking for updates. Should I run it in Safe Mode?

 

Thank you,

John Landrith

 

# AdwCleaner v3.311 - Report created 07/11/2014 at 08:15:01
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : jlandrith - LASLJLANDRITH
# Running from : C:\Backup\Installers\Security Software\Malwarebytes Toolbox\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : O2SDIOAssist

***** [ Files / Folders ] *****

File Deleted : C:\Windows\system32\srvany.exe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B0-0409-0000-0000000FF1CE}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16563

-\\ Mozilla Firefox v33.0.2 (x86 en-US)

[ File : C:\Users\jlandrith\AppData\Roaming\Mozilla\Firefox\Profiles\u0smv8oy.default\prefs.js ]

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\jlandrith\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2567 octets] - [07/11/2014 08:06:21]
AdwCleaner[R1].txt - [2627 octets] - [07/11/2014 08:12:12]
AdwCleaner[s0].txt - [2592 octets] - [07/11/2014 08:15:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2652 octets] ##########

Link to post
Share on other sites

I went into SafeMode and ran JRT, here is the log.

 

I updated Malwarebytes, but when I get to this section:

 

Same for PUM (Potentially Unwanted Modifications)
This is not an option >>>> Quarantine All that's found

I have Ignore, Warn, and Treat as my 3 options.
 

JRT logs below

 

Thank you,

John

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Professional x86
Ran by SYSTEM on Fri 11/07/2014 at  8:46:44.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ASKInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ASKInstaller_RASMANCS

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/07/2014 at  8:47:46.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

MrC,

 

I have attached a screen shot of what I am seeing in my menus and the program location for your review.

 

These are my options:

Field description: Same for PUM (Potentially Unwanted Modifications)

This is not an option >>>> Quarantine All that's found

I have Ignore, Warn, and Treat as my 3 options.

 

 

post-177374-0-01910600-1415381395_thumb.

Link to post
Share on other sites

MrC,

 

Malwarebytes ran and found another threat, log below.

 

My TrendMicro found a threat while malwarebytes was scanning. That screen shot is below too.

 

 

Malwarebytes log:

<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log> -<header> <date>2014/11/07 09:35:51 -0800</date> <logfile>mbam-log-2014-11-07 (09-35-41).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.3.1025</version> <malware-database>v2014.11.07.04</malware-database> <rootkit-database>v2014.11.01.02</rootkit-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x86</arch> <username>jlandrith</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>537127</objects> <time>1846</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>1</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<file><path>c:\Windows\Installer\{875077C6-688C-4180-ABBA-307B6EF63477}\msiexec.exe</path><vendor>Trojan.Krypt</vendor><action>success</action><hash>f7f96dcba3d9ff372570825d26db4cb4</hash></file> </items> </mbam-log>

 

TrendMicro log:

post-177374-0-58488700-1415384742_thumb.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.