Jump to content

Recommended Posts

I have messages in the log for both inbound and outbound attempts that MB is blocking.

Type: Detection
Source: Protection

Details:
Inbound has a lot of different IP addresses.

Outbound also has a bunch of different ips and web sites, always with the path to w3wp.exe.

I have the premium, but it doesn't find anything when run. 

 

Obviously there is something there as there are no instances of any browsers running.

I don't see anything unusual running in the services.

mbam-log-2015-01-19 (20-00-06).xml

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin....

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Administrator (administrator) on CASSARAWEB on 20-01-2015 18:37:19
Running from C:\Downloads
Loaded Profiles: saNew & Administrator (Available profiles: css & sa & dcassara & saNew & Administrator & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
(Hewlett-Packard Company) C:\Windows\System32\cpqrcmc.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Company) C:\Windows\System32\sysdown.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(GFI Software Ltd.) C:\Program Files (x86)\Advanced Monitoring Agent\webprotection\WebMon.Agent.exe
(Hewlett-Packard Company) C:\Windows\System32\CPQNiMgt\cpqnimgt.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgstor\cqmgstor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmghost\cqmghost.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(Managed Antivirus) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe
() C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2011-02-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [1044992 2012-02-26] (FileZilla Project)
HKLM-x32\...\Run: [sBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe [3232152 2013-05-28] (Managed Antivirus)
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [291328 2014-04-16] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKLM\...\Policies\Explorer: [showSuperHidden] 1
Lsa: [Notification Packages] scecli rassfm
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
Tcpip\..\Interfaces\{1E839590-FCBD-4DCF-8EF0-2FCDF8B7A627}: [NameServer] 10.10.1.1
Tcpip\..\Interfaces\{FE4B246F-2E54-4FFE-ABF2-B67D590ABCCD}: [NameServer] 192.168.1.1,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9um7bfwl.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2385323742-1294330636-3158126304-500: @starfield.com/off -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-2385323742-1294330636-3158126304-500: @starfield.com/off64 -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-2385323742-1294330636-3158126304-500: @starfield.com/wbe -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-2385323742-1294330636-3158126304-500: @starfield.com/wbe64 -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-04-25]
FF Extension: Workspace Email Zoom - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-04-25]
FF Extension: FireFTP - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9um7bfwl.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-05-28]
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8331264 2014-06-09] (Remote Monitoring) [File not signed]
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [269152 2011-03-09] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [174592 2011-03-08] (Hewlett-Packard Company) [File not signed]
R2 CpqNicMgmt; C:\Windows\system32\CPQNiMgt\cpqnimgt.exe [9728 2011-01-19] (Hewlett-Packard Company) [File not signed]
R2 CpqRcmc; C:\Windows\system32\cpqrcmc.exe [22568 2008-11-14] (Hewlett-Packard Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1356288 2011-02-18] (Hewlett-Packard Company) [File not signed]
R2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [16224 2011-03-09] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15976 2011-02-03] (Hewlett-Packard Company)
R2 CqMgStor; C:\Windows\system32\CpqMgmt\cqmgstor\cqmgstor.exe [20992 2011-03-09] (Hewlett-Packard Company) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1183456 2013-02-28] (Starfield Technologies)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\Advanced Monitoring Agent\patchman\lnssatt.exe [118640 2012-07-17] (GFI Software Development Ltd.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375176 2012-01-31] (LogMeIn, Inc.)
S3 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147336 2012-01-31] (LogMeIn, Inc.)
S3 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8924 2012-04-08] () [File not signed]
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe [3681016 2013-05-28] (ThreatTrack Security, Inc.)
R2 SMTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
R2 sysdown; C:\Windows\system32\sysdown.exe [18784 2011-02-17] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2065408 2011-01-28] (Hewlett-Packard Company) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WebMonAgent; C:\Program Files (x86)\Advanced Monitoring Agent\webprotection\WebMon.Agent.exe [1816920 2014-03-26] (GFI Software Ltd.)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
R3 CpqCiDrv; C:\Windows\System32\DRIVERS\cpqcidrv.sys [51752 2009-05-11] (Hewlett-Packard Company)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2011-01-26] (Hewlett-Packard Company)
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-03-10] (GFI Software)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [157288 2010-08-10] (Hewlett-Packard Company)
R0 hpqilo2; C:\Windows\System32\DRIVERS\hpqilo2.sys [150880 2011-02-17] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [103464 2011-02-22] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Corporation)
R3 wtismon; C:\Program Files (x86)\Advanced Monitoring Agent\webprotection\Interceptor\wtismon.sys [91824 2014-03-26] (GFI Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 15:31 - 2015-01-20 18:37 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Temp\2
2015-01-18 21:28 - 2015-01-18 21:28 - 00000001 _____ () C:\Windows\SysWOW64\infov.exe
2015-01-18 20:42 - 2015-01-18 21:16 - 00023971 _____ () C:\Users\Administrator\Downloads\Addition.txt
2015-01-18 20:41 - 2015-01-20 18:37 - 00000000 ____D () C:\FRST
2015-01-18 20:41 - 2015-01-18 21:16 - 00023380 _____ () C:\Users\Administrator\Downloads\FRST.txt
2015-01-18 20:40 - 2015-01-18 20:41 - 02126848 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-01-12 18:04 - 2015-01-12 18:04 - 01222813 _____ () C:\wp_posts.csv
2015-01-12 18:03 - 2015-01-12 18:03 - 00017362 _____ () C:\wp_postmeta.csv
2015-01-12 18:02 - 2015-01-12 18:02 - 00000380 _____ () C:\wp_users.csv
2015-01-12 18:00 - 2015-01-12 18:00 - 00519946 _____ () C:\wp_options.csv
2015-01-12 17:59 - 2015-01-12 17:59 - 00002955 _____ () C:\wp_usermeta.csv
2015-01-12 17:57 - 2015-01-12 17:57 - 00002442 _____ () C:\wp_links.csv
2015-01-12 17:55 - 2015-01-12 17:55 - 00009926 _____ () C:\wp_terms.csv
2015-01-12 17:52 - 2015-01-12 17:52 - 01186239 _____ () C:\wp_comments.csv
2015-01-12 17:49 - 2015-01-12 17:49 - 00011661 _____ () C:\wp_term_taxonomy.csv
2015-01-12 17:45 - 2015-01-12 17:45 - 00037951 _____ () C:\wp_commentmeta.csv
2015-01-12 17:40 - 2015-01-12 17:40 - 00016229 _____ () C:\wp_term_relationships.csv
2015-01-01 23:33 - 2015-01-01 23:33 - 00004801 _____ () C:\ProgramData\is.txt
2014-12-29 22:51 - 2014-12-29 22:54 - 01460224 _____ () C:\ProgramData\Gp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 17:59 - 2012-03-14 14:10 - 01125978 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 17:44 - 2014-04-08 19:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 16:52 - 2009-07-13 22:49 - 00027408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 16:52 - 2009-07-13 22:49 - 00027408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 20:29 - 2012-03-22 13:32 - 00000000 ____D () C:\Users\Administrator\Documents\SQL Server Management Studio
2015-01-14 11:36 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Registration
2015-01-13 19:09 - 2012-08-19 21:29 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\saNew.bmp
2015-01-13 19:09 - 2012-08-19 21:29 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\notecommerce.bmp
2015-01-13 19:09 - 2012-08-18 16:01 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\Rethink.bmp
2015-01-13 19:09 - 2012-08-18 15:58 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\dcassara.bmp
2015-01-13 19:09 - 2012-03-22 11:33 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\sa.bmp
2015-01-13 19:09 - 2012-03-22 11:33 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\css.bmp
2015-01-13 19:09 - 2012-03-22 11:33 - 00031832 _____ () C:\Users\Administrator\AppData\Local\Temp\Administrator.bmp
2015-01-13 17:59 - 2009-07-13 23:10 - 00963748 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 17:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-01-13 17:54 - 2010-11-20 21:47 - 00239028 _____ () C:\Windows\PFRO.log
2015-01-13 17:54 - 2009-07-13 23:06 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 17:54 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Vss
2015-01-13 17:16 - 2014-04-07 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-13 17:16 - 2014-04-07 08:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-13 17:16 - 2012-04-11 22:38 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-13 16:49 - 2012-05-25 00:34 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\FileZilla
2015-01-13 06:00 - 2014-09-07 17:32 - 00000000 ____D () C:\Temp
 
==================== Files in the root of some directories =======
2012-03-24 00:21 - 2012-03-24 00:20 - 2594640 _____ (Microsoft Corporation) C:\Program Files\ExchangeMapiCdo.EXE
2012-03-22 10:18 - 2012-03-22 09:47 - 86525456 _____ (Microsoft Corporation) C:\Program Files\SQLEXPR_x64_ENU.exe
2012-08-19 15:14 - 2012-08-19 15:14 - 0092313 _____ () C:\Users\Administrator\AppData\Local\dd_depcheck_VB_EXP_90.txt
2012-08-19 15:14 - 2012-08-19 15:14 - 0000002 _____ () C:\Users\Administrator\AppData\Local\dd_error_vb_xcor_90.txt
2012-08-19 15:14 - 2012-08-19 15:32 - 0338628 _____ () C:\Users\Administrator\AppData\Local\dd_install_vb_xcor_90.txt
2012-06-01 17:14 - 2014-07-17 12:23 - 0007604 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2012-08-19 15:14 - 2012-08-19 15:32 - 0051320 _____ () C:\Users\Administrator\AppData\Local\uxeventlog.txt
2012-08-19 15:15 - 2012-08-19 15:15 - 4919874 _____ () C:\Users\Administrator\AppData\Local\VSMsiLog30EE.txt
2014-12-29 22:51 - 2014-12-29 22:54 - 1460224 _____ () C:\ProgramData\Gp.exe
2015-01-01 23:33 - 2015-01-01 23:33 - 0004801 _____ () C:\ProgramData\is.txt
 
Files to move or delete:
====================
C:\ProgramData\Gp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 00:14
 
==================== End Of Log ============================
 
 
FRSTAddition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Administrator at 2015-01-20 18:38:39
Running from C:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advanced Monitoring Agent (HKLM-x32\...\Advanced Monitoring Agent_is1) (Version:  - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
FileZilla Client 3.9.0 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.41 - FileZilla Project)
GFI LanGuard 11 Agent (x32 Version: 11.0.2012.0717 - GFI Software Ltd) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{B3483815-1FDD-4858-9AC6-561668DF4CB7}) (Version: 8.70.9.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{FA2F10E2-5C8D-45CE-9BA6-7F36358AA59A}) (Version: 8.70.8.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics  Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.7.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{F0441130-12F7-4863-8082-F288C2C8DA0D}) (Version: 8.70.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{738E8C94-69B6-4B2A-8C49-B9953FC9BDF1}) (Version: 3.1.1.0 - Hewlett-Packard Development Company, L.P.)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{FD0113AF-30E4-4618-BB9F-D6693A6ADCE2}) (Version: 5.25.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP ProLiant Remote Monitor Service (HKLM\...\{74D49383-7EF9-4FD3-B5B0-73CA22F51CE8}) (Version: 5.21.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{E126B2CA-8E29-4A1B-97A3-DD9D336611C9}) (Version: 6.24.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.3.0 - Hewlett-Packard Development Company, L.P.)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.3.0.870 - Hewlett Packard Development Company, L.P.)
IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Messaging API and Collaboration Data Objects 1.2.1 (HKLM-x32\...\{5A8751A2-684E-4D42-846C-3A58CE36C1F9}) (Version: 6.5.8244.0 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM\...\{BB2211D1-A5B5-4AEF-B0E6-DD7874ABF8EE}) (Version: 5.1.11 - Oracle Corporation)
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{69733CDD-2AB0-44B7-979E-4753D810B103}) (Version: 5.1.11 - Oracle Corporation)
MySQL Server 5.5 (HKLM\...\{F7031258-A61A-4825-B893-B40F83917193}) (Version: 5.5.10 - Oracle Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{52937564-8312-4B49-BB13-F7EDBB67EB34}) (Version: 5.2.33 - Oracle Corporation)
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
PHP Manager 1.2 for IIS 7 (HKLM\...\{E851486F-1FE2-44F0-85ED-F969088A68EE}) (Version: 1.2.0 -  )
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
TeamViewer 9 Host (HKLM-x32\...\TeamViewer 9 Host) (Version: 9.0.25942 - TeamViewer)
Web Protection Agent (HKLM\...\{F68D22FE-1BD1-4E5D-AAA2-1B6947131E40}) (Version: 8.2.14085 - )
Workspace Desktop (HKU\S-1-5-21-2385323742-1294330636-3158126304-500\...\workspacedesktop) (Version:  - Starfield Technologies)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3BC284BB-5EE4-48D3-BE54-11B7C7AA7008} - System32\Tasks\EmailDataConsoleApp => C:\EmailDataConsoleApp.exe [2014-09-09] (Unisys)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-13] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
 
==================== Loaded Modules (whitelisted) =============
 
2009-11-06 13:33 - 2009-11-06 13:33 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2011-01-19 14:50 - 2011-01-19 14:50 - 00048128 _____ () C:\Windows\system32\CpqNiMgt\CPQNIMIB.DLL
2011-01-19 14:48 - 2011-01-19 14:48 - 00210432 _____ () C:\Windows\system32\cpqnimgt\w2kmgdll.dll
2011-01-19 14:46 - 2011-01-19 14:46 - 00018432 _____ () C:\Windows\system32\cpqnimgt\cqnisnmp.dll
2011-01-19 14:49 - 2011-01-19 14:49 - 00025088 _____ () C:\Windows\system32\CpqNiMgt\NICMIB.DLL
2011-03-09 02:33 - 2011-03-09 02:33 - 00195584 _____ () C:\Windows\system32\CpqMgmt\Cqmgstor\stormib.dll
2011-03-09 02:33 - 2011-03-09 02:33 - 00030720 _____ () C:\Windows\system32\cqstrutl.dll
2011-03-09 02:33 - 2011-03-09 02:33 - 00007168 _____ () C:\Windows\system32\cpqmgmt\cqmgstor\storsnmp.dll
2011-03-09 02:33 - 2011-03-09 02:33 - 00027648 _____ () C:\Windows\system32\CpqMgmt\CqmgStor\iscsimib.dll
2012-03-14 12:22 - 2011-01-12 13:42 - 01550336 _____ () C:\hp\hpsmh\bin\libxml2.dll
2012-03-14 12:22 - 2011-01-12 13:37 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2012-03-14 12:22 - 2011-01-12 13:42 - 01550336 _____ () C:\hp\hpsmh\modules\libxml2.dll
2011-01-19 14:48 - 2011-01-19 14:48 - 00210432 _____ () C:\Windows\system32\CPQNiMgt\w2kmgdll.dll
2011-03-09 02:33 - 2011-03-09 02:33 - 00032768 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CQMGSTOR.dll
2011-03-09 02:33 - 2011-03-09 02:33 - 00043008 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQIDE.DLL
2011-03-09 02:33 - 2011-03-09 02:33 - 00041472 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMDISK.dll
2011-03-09 02:33 - 2011-03-09 02:33 - 00057856 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMSCSI.DLL
2011-03-09 02:33 - 2011-03-09 02:33 - 00098304 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQMIDA.DLL
2011-03-09 02:33 - 2011-03-09 02:33 - 00115200 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQFCA.DLL
2011-03-09 02:33 - 2011-03-09 02:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQISCSI.DLL
2011-03-09 02:33 - 2011-03-09 02:33 - 00030720 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\STORALRT.DLL
2011-03-09 02:33 - 2011-03-09 02:33 - 00050176 _____ () C:\Windows\system32\CpqMgmt\cqmgstor\CPQSAS.DLL
2011-03-09 15:59 - 2011-03-09 15:59 - 09635840 _____ () C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
2014-05-01 13:29 - 2014-05-01 13:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-06-23 07:54 - 2014-04-16 15:30 - 00291328 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\systray\SysTray.exe
2012-07-17 16:20 - 2012-07-17 16:20 - 00305520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\apistrings.dll
2012-07-17 16:24 - 2012-07-17 16:24 - 00159600 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\modlop.dll
2012-07-23 06:32 - 2012-07-23 06:32 - 00099184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\httpserverattplugin.dll
2013-05-23 08:05 - 2013-05-23 08:05 - 02021240 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\crmimodule.dll
2012-07-17 16:29 - 2012-07-17 16:29 - 00208752 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\patchautodownload.dll
2014-07-17 08:37 - 2014-07-17 08:37 - 00422000 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\remediationattplugin.dll
2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-21 06:05 - 2013-01-21 06:05 - 00183672 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\scanmngsys.dll
2012-07-17 16:29 - 2012-07-17 16:29 - 00049520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\schedcompactdb.dll
2012-07-17 16:29 - 2012-07-17 16:29 - 00054640 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\patchman\schedupdates.dll
2014-03-26 11:32 - 2014-03-26 11:32 - 00054784 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\webprotection\Interceptor\wtismon.dll
2014-03-31 16:58 - 2014-12-19 05:01 - 00192376 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libBase64.dll
2014-03-31 16:58 - 2014-12-19 05:01 - 00180088 _____ () C:\Program Files (x86)\Advanced Monitoring Agent\managedav\Definitions\libMachoUniv.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2385323742-1294330636-3158126304-500 - Administrator - Enabled) => C:\Users\Administrator
css (S-1-5-21-2385323742-1294330636-3158126304-1000 - Administrator - Enabled) => C:\Users\css
dcassara (S-1-5-21-2385323742-1294330636-3158126304-1015 - Limited - Enabled) => C:\Users\dcassara
Guest (S-1-5-21-2385323742-1294330636-3158126304-501 - Limited - Disabled)
notecommerce (S-1-5-21-2385323742-1294330636-3158126304-1023 - Limited - Enabled)
Rethink (S-1-5-21-2385323742-1294330636-3158126304-1025 - Limited - Enabled)
sa (S-1-5-21-2385323742-1294330636-3158126304-1001 - Limited - Enabled) => C:\Users\sa
saNew (S-1-5-21-2385323742-1294330636-3158126304-1018 - Limited - Enabled) => C:\Users\saNew
 
==================== Faulty Device Manager Devices =============
 
Name: HP NC373i Multifunction Gigabit Server Adapter #44
Description: HP NC373i Multifunction Gigabit Server Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard Company
Service: l2nd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/20/2015 06:07:35 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (01/20/2015 00:05:13 AM) (Source: Active Server Pages) (EventID: 5) (User: )
Description: Error: The Template Persistent Cache initialization failed for Application Pool 'DasaSports' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool. The data may have additional error codes..
 
Error: (01/18/2015 11:50:07 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (01/18/2015 10:14:47 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (01/18/2015 03:21:20 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (01/16/2015 08:59:26 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (01/15/2015 08:58:19 PM) (Source: Active Server Pages) (EventID: 5) (User: )
Description: Error: The Template Persistent Cache initialization failed for Application Pool 'OneBox' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool. The data may have additional error codes..
 
Error: (01/13/2015 05:56:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/13/2015 04:06:07 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (01/13/2015 04:05:06 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
 
System errors:
=============
Error: (01/20/2015 03:31:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 44.
 
Error: (01/20/2015 03:31:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 44.
 
Error: (01/20/2015 03:30:52 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Gaaiho PDF required for printer ScanSoft PDF Create! is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/20/2015 03:30:46 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/20/2015 03:30:45 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver RingCentral Internet Fax required for printer RingCentral Internet Fax is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/20/2015 03:30:45 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Gaaiho PDF required for printer Gaaiho PDF is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/20/2015 03:30:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
Error: (01/20/2015 03:30:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/20/2015 03:30:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
Error: (01/20/2015 03:30:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (01/20/2015 06:07:35 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (01/20/2015 00:05:13 AM) (Source: Active Server Pages) (EventID: 5) (User: )
Description: The Template Persistent Cache initialization failed for Application Pool 'DasaSports' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool. The data may have additional error codes.
 
Error: (01/18/2015 11:50:07 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (01/18/2015 10:14:47 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (01/18/2015 03:21:20 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (01/16/2015 08:59:26 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (01/15/2015 08:58:19 PM) (Source: Active Server Pages) (EventID: 5) (User: )
Description: The Template Persistent Cache initialization failed for Application Pool 'OneBox' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool. The data may have additional error codes.
 
Error: (01/13/2015 05:56:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/13/2015 04:06:07 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
Error: (01/13/2015 04:05:06 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: 
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5345 @ 2.33GHz
Percentage of memory in use: 38%
Total physical RAM: 8189.88 MB
Available physical RAM: 5026.38 MB
Total Pagefile: 16377.95 MB
Available Pagefile: 12236.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:410.01 GB) (Free:311.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 410 GB) (Disk ID: B53DD982)
Partition 1: (Active) - (Size=410 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Thanks...

Link to post
Share on other sites

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software





 

Operating System : Windows Server 2008 R2 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Administrator [Administrator]

Mode : Scan -- Date : 01/20/2015  19:09:44

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 19 ¤¤¤

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Internet Explorer\Main | Start Page : res://iesetup.dll/HardAdmin.htm  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Internet Explorer\Main | Start Page : res://iesetup.dll/HardAdmin.htm  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E839590-FCBD-4DCF-8EF0-2FCDF8B7A627} | NameServer : 10.10.1.1 []  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1E839590-FCBD-4DCF-8EF0-2FCDF8B7A627} | NameServer : 10.10.1.1 []  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1E839590-FCBD-4DCF-8EF0-2FCDF8B7A627} | NameServer : 10.10.1.1 []  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: HP LOGICAL VOLUME SCSI Disk Device +++++

--- User ---

[MBR] 00fce51d21249d4582963ceeac57474b

[bSP] 2e8702c896cd9d39c07cf812c052625b : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 419849 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )
Link to post
Share on other sites

Still no obvious malware or infection, run the following:

 

Run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...
 

Thanks,

 

Kevin...

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.94  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Reader 10.1.12 Adobe Reader out of Date!  

 Google Chrome (39.0.2171.99) 

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

 

Link to post
Share on other sites

There is an internet connection.  It's a web site test server.  I just said that no one uses the internet via browser. 
Is malwarebytes and GFI Vipre Managed Anrivirus not enough?  There is a firewall on the Vipre.  I don't know why it doesn't show up on the reports, but it's running - I get messages from it.  

Link to post
Share on other sites

Something is still causing malwarebytes messages - Inbound and outbound web sites blocked.
I uninstalled firefox - but it's still showing up on this report below under browsers.
 
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
 
Operating System : Windows Server 2008 R2 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Scan -- Date : 01/24/2015  18:19:27
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 19 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Internet Explorer\Main | Start Page : res://iesetup.dll/HardAdmin.htm  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Internet Explorer\Main | Start Page : res://iesetup.dll/HardAdmin.htm  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E839590-FCBD-4DCF-8EF0-2FCDF8B7A627} | NameServer : 10.10.1.1 []  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1E839590-FCBD-4DCF-8EF0-2FCDF8B7A627} | NameServer : 10.10.1.1 []  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1E839590-FCBD-4DCF-8EF0-2FCDF8B7A627} | NameServer : 10.10.1.1 []  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2385323742-1294330636-3158126304-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] 00fce51d21249d4582963ceeac57474b
[bSP] 2e8702c896cd9d39c07cf812c052625b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 419849 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
 
============================================
RKreport_SCN_01202015_190944.log
Link to post
Share on other sites

Like I said, it's a test server, so it's for playing around, teaching my son, learning security myself.
I do build and test web sites here, but I don't charge for web sites - my company does internet marketing and we implement CRM systems.

It's the premium version.

Link to post
Share on other sites

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Let me see that log, also give an update on any remaining issues or concerns......

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.