Jump to content

Recommended Posts

Hi,

 

Today I had a drive by download attempt on my computer.  My AV stated that it blocked it and I was running Sandboxie at the time as well, but the exploit page did display and it froze my browser pretty good.  Afterwards I ran a quick scan with my AV and MBAM and both came up clean.  Could one of you take a quick look just to be sure nothing got through?    

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by PLF (ATTENTION: The logged in user is not administrator) on SD70 on 08-02-2015 23:39:55
Running from C:\Users\PLF\Desktop
Loaded Profiles: PLF (Available profiles: PWS & PLF)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SbieSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
Failed to access process -> atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
Failed to access process -> aaHMSvc.exe
Failed to access process -> AsSysCtrlService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> AsHookDevice.exe
Failed to access process -> LSSrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
Failed to access process -> mbae-svc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
Failed to access process -> mbae64.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> conhost.exe
Failed to access process -> mbamservice.exe
Failed to access process -> ccsvchst.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> rndlresolversvc.exe
Failed to access process -> rpdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
Failed to access process -> RealPlayerUpdateSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe
Failed to access process -> Seagate.Dashboard.DASWindowsService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_notifier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Failed to access process -> svchost.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> WmiPrvSE.exe
Failed to access process -> NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
Failed to access process -> iPodService.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> svchost.exe
Failed to access process -> SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Failed to access process -> LMS.exe
Failed to access process -> sppsvc.exe
Failed to access process -> taskeng.exe
Failed to access process -> UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => "C:\Users\PWS\AppData\Local\Citrix\ICA Client\concentr.exe" /startup
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454184 2012-05-04] (Seagate Technology LLC)
HKLM-x32\...\Run: [EMET Notifier] => C:\Program Files (x86)\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-06-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [119440 2012-05-04] (Seagate Technology LLC)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\asusvibelauncher.lnk
ShortcutTarget: asusvibelauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 6830.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 6830.lnk -> C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-809943335-2564626158-2276789416-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\PWS\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-07]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-07] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095824 2012-06-02] (Corel Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14496 2012-05-04] (Seagate Technology LLC)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150206.001\IDSvia64.sys [669400 2015-02-05] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150208.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150208.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-05-02] (Corel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 23:39 - 2015-02-08 23:40 - 00026505 _____ () C:\Users\PLF\Desktop\FRST.txt
2015-02-08 23:34 - 2015-02-08 23:34 - 02132992 _____ (Farbar) C:\Users\PLF\Desktop\FRST64.exe
2015-02-08 16:51 - 2015-02-08 16:55 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job
2015-02-08 16:51 - 2015-02-08 16:55 - 00000358 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job
2015-02-02 21:03 - 2015-02-02 21:03 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-02 21:03 - 2015-02-02 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-02 21:02 - 2015-02-02 21:03 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-02 21:02 - 2015-02-02 21:03 - 00000000 ____D () C:\Program Files\iTunes
2015-02-02 21:02 - 2015-02-02 21:02 - 00000000 ____D () C:\Program Files\iPod
2015-02-02 21:02 - 2015-02-02 21:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-23 22:24 - 2015-01-23 22:24 - 00852573 _____ () C:\Users\PLF\Desktop\securitycheck.exe
2015-01-21 15:06 - 2015-01-21 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auran
2015-01-21 15:05 - 2015-01-21 15:05 - 00001684 _____ () C:\Users\Public\Desktop\TC.lnk
2015-01-21 15:05 - 2015-01-21 15:05 - 00000000 ____D () C:\Program Files (x86)\Auran
2015-01-19 00:41 - 2015-01-19 00:41 - 00002204 _____ () C:\Users\Public\Desktop\HP Officejet Pro 6830.lnk
2015-01-19 00:41 - 2015-01-19 00:41 - 00001156 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 6830.lnk
2015-01-19 00:41 - 2014-07-18 19:48 - 00763968 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPM7212.dll
2015-01-15 18:47 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 18:47 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 18:47 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 18:47 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 18:47 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 18:47 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 18:47 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 18:47 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 18:47 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 18:47 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 18:47 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 18:47 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 18:47 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 23:40 - 2011-12-18 12:16 - 01299965 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 23:39 - 2012-04-21 02:03 - 00000000 ____D () C:\FRST
2015-02-08 23:36 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 23:36 - 2009-07-13 22:51 - 00152004 _____ () C:\Windows\setupact.log
2015-02-08 23:35 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 23:35 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 23:30 - 2014-04-24 21:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 23:13 - 2013-02-25 21:20 - 00001676 _____ () C:\Windows\Sandboxie.ini
2015-02-08 23:05 - 2012-03-30 08:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 22:31 - 2014-09-20 10:22 - 00000000 ____D () C:\Users\PLF\Documents\Flight Simulator Files
2015-02-05 23:14 - 2011-12-18 13:43 - 00000000 ____D () C:\ProgramData\Norton
2015-02-05 23:05 - 2012-03-30 08:15 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 23:05 - 2011-12-26 00:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-03 18:39 - 2012-08-15 20:19 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-03 18:39 - 2012-08-15 20:19 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-03 18:31 - 2012-08-28 16:23 - 00000000 ____D () C:\Users\PLF\AppData\Roaming\Apple Computer
2015-02-02 21:02 - 2011-12-18 14:29 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-02 20:22 - 2010-11-20 21:47 - 00926980 _____ () C:\Windows\PFRO.log
2015-02-01 15:15 - 2014-07-27 22:29 - 00000000 ____D () C:\Users\PLF\Desktop\sunset pics
2015-01-31 12:51 - 2012-12-11 22:47 - 00000000 ____D () C:\Users\PLF\Desktop\Metra AC
2015-01-21 15:31 - 2012-09-01 00:47 - 00000000 ____D () C:\Users\PLF\AppData\Local\CrashDumps
2015-01-21 15:09 - 2011-05-31 15:02 - 00038578 _____ () C:\Windows\DirectX.log
2015-01-21 15:04 - 2011-12-18 12:24 - 00000000 ____D () C:\Users\PWS
2015-01-19 00:56 - 2011-12-29 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-19 00:56 - 2011-12-29 13:43 - 00000000 ____D () C:\Program Files (x86)\HP
2015-01-19 00:56 - 2011-12-29 13:42 - 00000000 ____D () C:\Program Files\HP
2015-01-19 00:43 - 2012-08-28 22:35 - 00000000 ____D () C:\Users\PLF\AppData\Local\HP
2015-01-19 00:41 - 2011-12-29 13:43 - 00000000 ____D () C:\ProgramData\HP
2015-01-19 00:19 - 2009-07-13 23:13 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 00:11 - 2013-07-16 16:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 00:03 - 2011-12-20 12:23 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileIn.cns
2012-09-01 00:46 - 2012-12-16 21:08 - 0000000 _____ () C:\Users\PLF\AppData\Roaming\FileOut.cns
2013-04-24 20:44 - 2014-11-16 21:40 - 0299308 _____ () C:\Users\PLF\AppData\Local\rx_image32.Cache
2014-10-23 21:07 - 2014-10-23 21:07 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.

==================== End Of Log ============================

 

Additon.TXT:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by PLF at 2015-02-08 23:40:38
Running from C:\Users\PLF\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.12 - ASUSTeK)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EMET (HKLM-x32\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software  1.10.13.1 (x32 Version: 1.10.13.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marketsplash Shortcuts (HKLM-x32\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{8E72B982-D54F-486F-B35A-C24B6F171033}) (Version: 7.03.0581 - Nero AG)
Norton Security Suite (HKLM-x32\...\N360) (Version: 20.6.0.27 - Symantec Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RailDriver for MSTS (HKLM-x32\...\{32C47C66-6393-413B-92D6-295E8A1D65DC}) (Version:  - )
RealDownloader (x32 Version: 17.0.10 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Easy Video Copy and Convert 5 (HKLM-x32\...\{DC7FB4DA-8260-472E-8A31-88712EE14BBE}) (Version: 5.0 - Roxio)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.29.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
TC (HKLM-x32\...\{9D244037-7E69-4D6E-9729-0797D9294831}) (Version: 1.00.000 - )
Track Builder 3 (HKLM-x32\...\{0D4999B8-3990-4026-A744-D842CE8C886A}) (Version: 3.1 - Signal Computer Consultants)
Train Dispatcher 3 (HKLM-x32\...\{1306CFD5-28AE-486C-A298-90B50DA5DC5E}) (Version: 3.1 - Signal Computer Consultants)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios)
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
WOT for Internet Explorer (HKLM-x32\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2012-04-21 19:42 - 00000098 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\hpwebreg_CN18IDM234.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe
Task: C:\Windows\Tasks\hpwebreg_xxxxxxxxxx.job => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HpWebReg.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_PWS.job => ?
Task: C:\Windows\Tasks\ReclaimerUpdateXML_PWS.job => ?

==================== Loaded Modules (whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-809943335-2564626158-2276789416-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PLF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-809943335-2564626158-2276789416-500 - Administrator - Disabled)
Guest (S-1-5-21-809943335-2564626158-2276789416-501 - Limited - Disabled)
PLF (S-1-5-21-809943335-2564626158-2276789416-1001 - Limited - Enabled) => C:\Users\PLF
PWS (S-1-5-21-809943335-2564626158-2276789416-1000 - Administrator - Enabled) => C:\Users\PWS

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (01/27/2015 10:03:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/27/2015 10:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/26/2015 08:09:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (02/08/2015 11:37:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/08/2015 11:29:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/08/2015 04:56:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/08/2015 04:50:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/08/2015 03:26:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/08/2015 00:12:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/07/2015 00:17:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/05/2015 10:12:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/04/2015 08:07:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (02/03/2015 06:41:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (02/01/2015 04:02:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: SendResponses didn't send all its responses; will try again in one second

Error: (01/27/2015 10:03:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/27/2015 10:03:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{DDA3E863-CD90-4180-80A2-A1522ECC9531}\recordingmanager.exe

Error: (01/26/2015 08:09:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

==================== Memory info ===========================

Processor: Intel® Core i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 18%
Total physical RAM: 12199.23 MB
Available physical RAM: 9962.18 MB
Total Pagefile: 24396.64 MB
Available Pagefile: 22129.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:745.21 GB) (Free:651.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:1103.63 GB) (Free:700.75 GB) NTFS
Drive e: (FS_DISC4) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Ignore "Failed to access process" in FRST logs, a gliche in the tool is under investigation by the developer.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Next,

 

herdprotect-logo-200x200.png Scan with HerdProtect

 

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.

 

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

 

Please include the contents of that report in your next reply.

 

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Thanks Kevin, logs below:

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : PWS [Administrator]
Mode : Scan -- Date : 02/09/2015  11:19:40

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-809943335-2564626158-2276789416-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 8 ¤¤¤
[suspicious.Path] \\PLF -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF.nji") -> Found
[suspicious.Path] \\PLF Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF Merge.nji") -> Found
[suspicious.Path] \\PLF1 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF1.nji") -> Found
[suspicious.Path] \\PLF2 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF2.nji") -> Found
[suspicious.Path] \\PLF3 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PLF\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PLF3.nji") -> Found
[suspicious.Path] \\PWS -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS.nji") -> Found
[suspicious.Path] \\PWS Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS Merge.nji") -> Found
[suspicious.Path] \\PWS2 -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\PWS\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\PWS2.nji") -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD20EARX-22PASB0 ATA Device +++++
--- User ---
[MBR] d2716205458f24aa9a1397ad20eaac4f
[bSP] b7f1af624ca415852c3eb9ae77b37bea : HP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 14524 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29747200 | Size: 763090 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1592555520 | Size: 1130113 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: HP Officejet Pro 68 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_07132014_125550.log - RKreport_SCN_12122014_233420.log - RKreport_SCN_12292014_235639.log

 

HerdProtect:

 

Saved date:    2/9/2015 1:01:00 PM
Files detected:  84
Files scanned:   10,339
Processes scanned:  74
Modules scanned:  764
ASEPs scanned:   497
Downloads scanned:  2
Deep analysis:   2/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\asus\ai suite ii\asroutinecontroller.exe
Publisher:   ASUSTeK Computer Inc.
Signer:   ASUSTeK Computer Inc.
MD5:    576c72830e3fd6ace2910545b6130803
SHA-1:    0c6aa51f08695ed83472f35930006564c8bb5566
Created:   5/31/2011 3:54:22 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\common files\ahead\lib\nmindexstoresvr.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    ffbd5650348d4f9e0aa8e72938dc6478
SHA-1:    17a719cbf59a68c5c11bb030710c4e1e24576f10
Created:   6/27/2007 8:04:00 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.NeroAG.P

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\common files\ahead\lib\nmbgmonitor.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    86f0d0b3a07c142c81dab47e8495a822
SHA-1:    27179230ec6323d58bd51cdcfbfb6151a1a6f6ed
Created:   6/27/2007 8:03:40 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.Startup.NeroAG.L
   - Prevx as Heuristic: Suspicious Self Modifying File (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\asus\axsp\1.00.13\pebiosinterface32.dll
Publisher:   
MD5:    fdd0ca75e21bebdfd1dfcd94eaf21147
SHA-1:    8e8b626230e5609d7e19851d0fa11cb4cc9052da
Created:   5/31/2011 3:54:01 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - Trend Micro House Call as PAK_Generic.001
   - Trend Micro as PAK_Generic.001

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\core\nero.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    8f47a3c28086829f25251b763ff7509f
SHA-1:    0a4f86789215592271e71fb4e7c68bccb5d70568
Created:   7/27/2007 12:40:06 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\free m4a to mp3 converter\m4a_menu.dll
Publisher:   
MD5:    22828e87a47716d1563663c939a3cd6d
SHA-1:    190e89eda8c472ccee40873362a71fabd71bb1b9
Created:   12/30/2011 9:56:37 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\downloads\mstspatch1.8.052113en\patch 1.8.052113en.exe
Publisher:   Lindersoft                                                 
MD5:    b81d2389c0fd6fe98b299019aefa9c99
SHA-1:    0c1f22897c8d43e26fbc0e419ff2d68b909c6e3e
Created:   5/21/2008 2:58:48 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Packed (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\desktop\otl.exe
Publisher:   OldTimer Tools
MD5:    be23867d18238526b9cddde6f1e3022a
SHA-1:    ca59f8a95d0acff2c1c759b83984af63c71e6ea9
Created:   5/5/2012 10:37:12 PM
Detections:   4
Determination:   Ignore detections (false positive)
   - Trend Micro House Call as TROJ_GEN.R06H1DS (Undefined)
   - eSafe as Suspicious File
   - Agnitum Outpost as Packed/PECompact
   - Antiy Labs AVL as Trojan/win32.agent.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\desktop\roguekiller.exe
Publisher:   Tigzy
MD5:    1ef27dcca7f8ed4c23e1e060f1904ce1
SHA-1:    01c99c945be0da7da63dccfe6144792f9a422eb2
Created:   10/26/2012 4:30:37 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Trend Micro House Call as TROJ_GEN.F47V1024 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\desktop\securitycheck.exe
Publisher:   
MD5:    31f3cf74759be9196408eebfe9e93626
SHA-1:    6a9c8da3e0edb9519d2a10ec02fc338126480a86
Created:   12/26/2012 11:23:59 PM
Detections:   3
Determination:   Inconclusive
   - Trend Micro House Call as TROJ_GEN.F47V1125 (Undefined)
   - Sophos as NirCmd
   - Antiy Labs AVL as Trojan/Win32.Chifrax.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\desktop\td35.exe
Publisher:   Signal Computer Consultants                                
MD5:    fdc53217d35607f89c42a6a20329b74e
SHA-1:    8cd699480d30b80c149550b9de8a371d7b9e1630
Created:   4/27/2012 11:39:00 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - CMC Antivirus as RemoteAdmin.Win32.WinVNC-based!O

---------------------------------------------------------------------------------

File path:   c:\users\pws\desktop\tfc.exe
Publisher:   OldTimer Tools
MD5:    5b5d56738c261634c281c7ba1ca1a2df
SHA-1:    0f5cb90f64e936e8de187e7eae5b6dbf085afc37
Created:   4/22/2012 11:16:10 AM
Detections:   3
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.CDB (Undefined)
   - Rising Antivirus as PE:Trojan.Win32.Generic.12723435!309474357 (Undefined)
   - AVG as Dropper.Generic9 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\windows\syswow64\iscsicpl.dll
Publisher:   Microsoft Corporation
MD5:    f945adcef203e6104aec8ec9c337cfd0
SHA-1:    85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created:   7/13/2009 6:46:13 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\flexnet\connect\11\issch.exe
Publisher:   Flexera Software, Inc.
Signer:   Flexera Software, Inc.
MD5:    452101503e1334511cb185081aec5e9d
SHA-1:    e2bd7151fec2013ae2f52f6c144fdc6ef89b187b
Created:   5/21/2010 1:40:28 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\flexnet\connect\11\isusweb.dll
Publisher:   
MD5:    d41d8cd98f00b204e9800998ecf8427e
SHA-1:    da39a3ee5e6b4b0d3255bfef95601890afd80709
Created:   5/17/2010 2:09:34 PM
Detections:   5
Determination:   Ignore detections (false positive)
   - Lavasoft Ad-Aware as Gen:Variant.Zusy.122341 (Undefined)
   - ESET NOD32 as Win32/Sality.NBA virus (Undefined)
   - Avira AntiVirus as TR/Dropper.Gen (Undefined)
   - Kaspersky as not-a-virus:WebToolbar.Win32.CrossRider (Adware)
   - Dr.Web as Adware.Downware.1751 (Adware)

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\installmate\{4bb7a109-fdb5-45e3-9db9-ecb2ea7b80ee}\tsudll.dll
Publisher:   Tarma Software Research Pty Ltd
Signer:   Tarma Software Research Pty Ltd
MD5:    1857130611ec555f0d0ca0ed34731121
SHA-1:    fccd9eba37d3c0dd0d60713263527c15c62edea3
Created:   9/5/2013 7:00:45 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\installmate\{84481a87-2316-4923-8fab-3ba8ca29323d}\tsudll.dll
Publisher:   Tarma Software Research Pty Ltd
Signer:   Tarma Software Research Pty Ltd
MD5:    1857130611ec555f0d0ca0ed34731121
SHA-1:    fccd9eba37d3c0dd0d60713263527c15c62edea3
Created:   12/29/2013 1:47:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\macrovision\flexnet connect\11\agent.exe
Publisher:   Flexera Software, Inc.
Signer:   Flexera Software, Inc.
MD5:    fe5a7418919660104cdcdac1066a9021
SHA-1:    9fb60833413de41940e6f5fd426f448ec9e9f378
Created:   5/21/2010 1:40:38 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:   c:\programdata\application data\macrovision\flexnet connect\6\agent.exe
Publisher:   Flexera Software, Inc.
Signer:   Flexera Software, Inc.
MD5:    cc2af4ea32a61c1df04437890523fced
SHA-1:    33095693ad222509aae346619956107775f74ebe
Created:   5/21/2010 1:40:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:   c:\programdata\flexnet\connect\11\issch.exe
Publisher:   Flexera Software, Inc.
Signer:   Flexera Software, Inc.
MD5:    452101503e1334511cb185081aec5e9d
SHA-1:    e2bd7151fec2013ae2f52f6c144fdc6ef89b187b
Created:   5/21/2010 1:40:28 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:   c:\programdata\flexnet\connect\11\isusweb.dll
Publisher:   
MD5:    d41d8cd98f00b204e9800998ecf8427e
SHA-1:    da39a3ee5e6b4b0d3255bfef95601890afd80709
Created:   5/17/2010 2:09:34 PM
Detections:   5
Determination:   Ignore detections (false positive)
   - Lavasoft Ad-Aware as Gen:Variant.Zusy.122341 (Undefined)
   - ESET NOD32 as Win32/Sality.NBA virus (Undefined)
   - Avira AntiVirus as TR/Dropper.Gen (Undefined)
   - Kaspersky as not-a-virus:WebToolbar.Win32.CrossRider (Adware)
   - Dr.Web as Adware.Downware.1751 (Adware)

---------------------------------------------------------------------------------

File path:   c:\programdata\installmate\{4bb7a109-fdb5-45e3-9db9-ecb2ea7b80ee}\tsudll.dll
Publisher:   Tarma Software Research Pty Ltd
Signer:   Tarma Software Research Pty Ltd
MD5:    1857130611ec555f0d0ca0ed34731121
SHA-1:    fccd9eba37d3c0dd0d60713263527c15c62edea3
Created:   9/5/2013 7:00:45 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:   c:\programdata\installmate\{84481a87-2316-4923-8fab-3ba8ca29323d}\tsudll.dll
Publisher:   Tarma Software Research Pty Ltd
Signer:   Tarma Software Research Pty Ltd
MD5:    1857130611ec555f0d0ca0ed34731121
SHA-1:    fccd9eba37d3c0dd0d60713263527c15c62edea3
Created:   12/29/2013 1:47:12 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:   c:\programdata\macrovision\flexnet connect\11\agent.exe
Publisher:   Flexera Software, Inc.
Signer:   Flexera Software, Inc.
MD5:    fe5a7418919660104cdcdac1066a9021
SHA-1:    9fb60833413de41940e6f5fd426f448ec9e9f378
Created:   5/21/2010 1:40:38 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:   c:\programdata\macrovision\flexnet connect\6\agent.exe
Publisher:   Flexera Software, Inc.
Signer:   Flexera Software, Inc.
MD5:    cc2af4ea32a61c1df04437890523fced
SHA-1:    33095693ad222509aae346619956107775f74ebe
Created:   5/21/2010 1:40:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:   c:\users\pws\appdata\local\citrix\ica client\ctxmui.dll
Publisher:   Citrix Systems, Inc.
Signer:   Citrix Systems, Inc.
MD5:    bc068d663903d1fa569eb02b0a8ef692
SHA-1:    18fac09015232975b74eb73a490ef91260e8fea0
Created:   10/12/2010 4:32:02 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\appdata\local\citrix\ica client\resource\en\cstui.dll
Publisher:   Citrix Systems, Inc.
Signer:   Citrix Systems, Inc.
MD5:    46f8b71289a5cdb0f4c67b7aad01873f
SHA-1:    eba69dd4bbbfd507e0a39eb1cb8fa97c5a1c0d41
Created:   10/12/2010 4:22:10 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Stranfom (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\appdata\local\citrix\ica client\resource\en\progressnotificationcommonui.dll
Publisher:   Citrix Systems, Inc.
Signer:   Citrix Systems, Inc.
MD5:    0ba3e881e50c6cc5efe00205f8c54be5
SHA-1:    edc3cd737897c9f08b08f63a318464671d6a113d
Created:   10/12/2010 4:22:32 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Stranfom (Undefined)

---------------------------------------------------------------------------------

File path:   c:\users\pws\appdata\local\citrix\ica client\resource\en\wfcrunui.dll
Publisher:   Citrix Systems, Inc.
Signer:   Citrix Systems, Inc.
MD5:    204aa6d6f4e0ede48ce9f5ae0bea5e79
SHA-1:    13d4b776f60c995b98c509803c0b7d5a1c729b1c
Created:   10/12/2010 4:24:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Stranfom (Undefined)

---------------------------------------------------------------------------------

File path:   c:\Users\PWS\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
Publisher:   RealNetworks, Inc.
Signer:   RealNetworks, Inc.
MD5:    6a05110733966830f85bc2fe957c79eb
SHA-1:    ba8113ef98f537f7b0c2c56c87968625cba49f9b
Created:   9/24/2012 1:26:49 PM
Detections:   5
Determination:   Inconclusive
   - Bkav FE as W32.Clod052.Trojan (Undefined)
   - nProtect as Trojan/W32.Agent.449176 (Undefined)
   - The Hacker as Trojan/Agent.bjvu (Undefined)
   - Trend Micro House Call as HV_AGENT_BK083C37.TOMC (Undefined)
   - Dr.Web as Trojan.Click2.59112 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\hp\hp officejet pro 6830\driverstore\yeti\v3\i386\unidrv.dll
Publisher:   Microsoft Corporation
MD5:    c53976c5d2437d3bb2a2c85f684e7018
SHA-1:    2f8cf8403e978330abedcf1c098e0f686761c17d
Created:   6/20/2014 9:35:20 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - AegisLab AV Signature as W32.W.Mabezat (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\uninst_msts patch 1.8.0521 en.exe
Publisher:   Lindersoft                                                 
MD5:    a24aa6931ef9d16dff5e70ec294cb94a
SHA-1:    2596f73bdc11bb80c73f66033b5af0c6d3920bdc
Created:   12/18/2011 4:59:56 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Packed (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\routes\sandpatch\uninstall\uninstall.exe
Publisher:   
MD5:    f0dd33bfdfee3841340b935872cd1fd4
SHA-1:    0ce5c10df6090de3f880e84ce483f494d0eb4279
Created:   12/18/2011 5:05:15 PM
Detections:   3
Determination:   Inconclusive
   - nProtect as Trojan/W32.Agent.79813 (Undefined)
   - The Hacker as Trojan/VB.zp (Undefined)
   - AhnLab V3 Security as Dropper/Malware.79813 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\routes\usa1\activities\7017.exe
Publisher:   
MD5:    6dd271507796760247650fa134ed2fd6
SHA-1:    be17e628df21358cb828d85cbcd116f875260d92
Created:   12/18/2011 5:04:29 PM
Detections:   1
Determination:   Inconclusive
   - ESET NOD32 as Detection.Undefined (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\bn_eng_setup.exe
Publisher:   
MD5:    6ec9a8d7c81f77ad3b7904046893e21b
SHA-1:    5d9e66dd2fd27876d1c3fbed36d59b67399e1dcc
Created:   12/18/2011 4:59:56 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Sunbelt AntiMalware as Trojan-Spy.Win32.Banpaes.X (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\cnsd60f.exe
Publisher:   
MD5:    43ae4c981e95ce45e925830225d889f4
SHA-1:    7fdd547ddb4a43bf36c8d56e5c6a2b10d9dad383
Created:   12/18/2011 4:59:57 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - CMC Antivirus as Server-FTP.Win32.SlimFTPd!O (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\mbtaf45.exe
Publisher:   
MD5:    49aa010792b1cc707e91255bd39a65bf
SHA-1:    ea4d191da2d7c6809085ed0ddc40f55dca5293f4
Created:   12/18/2011 4:59:57 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - CMC Antivirus as Backdoor.Win32.DSSdoor!O (Undefined)
   - Antiy Labs AVL as Trojan[backdoor]/Win32.DSSdoor (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\bn_sd9\t-trains_sd9.exe
Publisher:   
MD5:    93de5d0124a42fa9551d0f9791947711
SHA-1:    9a6fdf6d0246e927cf9eaf4e2d30e2cb42857d25
Created:   12/18/2011 5:02:38 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coaster.exe
Publisher:   
MD5:    6af0667097ff5fc67fac76e0ec0ec841
SHA-1:    2d848b202c81e14b81ddd07b70088c90f7b73499
Created:   12/18/2011 5:02:30 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.SevenyearsK1.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coasteractivity.exe
Publisher:   
MD5:    f085d706abe5c4e9583edec342775594
SHA-1:    b81e2b31e22a834741b8faafd270c70b6eced5a0
Created:   12/18/2011 5:02:30 PM
Detections:   3
Determination:   Inconclusive
   - Bkav FE as W32.SevenyearsK1.Trojan (Undefined)
   - Trend Micro House Call as PAK_Generic.005
   - Trend Micro as PAK_Generic.005

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\coaster msts\coasterconsists.exe
Publisher:   
MD5:    9f44814e49eeed255cbd458378df745a
SHA-1:    beb8de72d12ec0d0b4d494b1c741d3f6191bcad5
Created:   12/18/2011 5:02:30 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.SevenyearsK1.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\common.snd\genesis\gen_snd2.exe
Publisher:   
MD5:    ff97ad3e7f646e0facf0119af630c572
SHA-1:    202ab810d70c335a13b2c020e29fa29ffbe5fc71
Created:   12/18/2011 5:02:19 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - Jiangmin as Client-IRC.mIRC.o (Undefined)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\cstr2103\coaster_f40ph_2103.exe
Publisher:   
MD5:    ccffaa319d84d8b93a257c99a47b363f
SHA-1:    7ed02edba6936b4c8d6c584779adae502e2e2e76
Created:   12/18/2011 5:02:13 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\cta2400\cta2400.exe
Publisher:   
MD5:    2d443da912b83f1d36ced19b9e417f20
SHA-1:    0dca31702703738c164ebb8e31423a16d50f1dc6
Created:   12/18/2011 5:02:07 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\f40pat\f40_pat1\f40_pat1.exe
Publisher:   
MD5:    fb85bfb4615e29ca490c45eb62330668
SHA-1:    2a4cb3534b0af3d2d12799e3c21e3e93d009f520
Created:   12/18/2011 5:02:05 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\hhp\gp40_snd\gp40_snd.exe
Publisher:   
MD5:    50f80345935612aa20c56bbad2e48761
SHA-1:    0c273f3c49eaff4c1b046082778f98a24a3f7763
Created:   12/18/2011 5:01:51 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\metxf40\install.exe
Publisher:   
MD5:    920fefc557f86a462ecb1f7cbcf4a29d
SHA-1:    fba4449016f784aa9c17243567e5a78438d6d22e
Created:   12/18/2011 5:01:42 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - The Hacker as Backdoor/mIRC-based.d (Undefined)
   - Jiangmin as Backdoor/IRCBot.khl (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\new folder\f45cab.exe
Publisher:   
MD5:    6f3a22743ad1ece7084ef5c3fa73adaf
SHA-1:    342657fc9f7a14cb5f88529286af116232577973
Created:   12/18/2011 5:01:15 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\microsoft games\train simulator\trains\trainset\nycfreewaresetup\nycfreewaresetup.exe
Publisher:   
MD5:    1571fd4ef8b0029fc11c7fc3fda34248
SHA-1:    ee40819bb73b4c43aa6d3360940f815716149a04
Created:   12/18/2011 5:01:09 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - CMC Antivirus as Trojan-Dropper.Win32.Halk!O (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\td3\metra-elgin1.exe
Publisher:   
MD5:    aa53b720101a9ec34f0b351fd065edfc
SHA-1:    49842d2bde6a67ac3bcba2d7e7b65ece4620f45f
Created:   12/18/2011 2:25:17 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Avanzado (Undefined)
   - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\td3\t418.exe
Publisher:   
MD5:    918d23c799f67568744c36a2144d5c86
SHA-1:    c19f04cb59cb132a4a0827922ba462f92e6ebe10
Created:   12/18/2011 2:25:14 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Avanzado (Undefined)
   - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files\train simulator\uninst_msts patch 1.8.0521 en.exe
Publisher:   Lindersoft                                                 
MD5:    a24aa6931ef9d16dff5e70ec294cb94a
SHA-1:    2596f73bdc11bb80c73f66033b5af0c6d3920bdc
Created:   12/18/2011 4:59:16 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Packed (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\asus\ai manager\page\isecurity.dll
Publisher:   ASUSTeK
MD5:    5943eb1b1bd7e41878df610776981fcd
SHA-1:    6c8ed025ae0f9d83ca497504d9d4910b4abc7bb9
Created:   5/31/2011 3:53:53 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.Pedka (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\asus\ai suite ii\sensor graph\aahmlib_graph.dll
Publisher:   
MD5:    b3e8652841e38ec2559347dd77666329
SHA-1:    f017ef3cfda93854a51451375b7494faec826686
Created:   5/31/2011 3:54:25 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - McAfee Web Gateway as Heuristic.BehavesLike.Win32.Suspicious.H

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\billp studios\winpatrol\sqlite3.dll
Publisher:   
MD5:    da991d435930f6adc5c570e2284f73f6
SHA-1:    d10ec559487a3db7f5073e54daa21a81f270b529
Created:   11/27/2012 10:19:37 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\common files\ahead\lib\nmbcwriter.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    d573bd732632d885b0f0e7468fdc9b78
SHA-1:    746da90b9c8ef13d2155ba216eaddb13ae0ce2d1
Created:   6/27/2007 8:03:38 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - WebWasher Gateway as BlockReason.0 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\common files\ahead\nas\vis_nas.dll
Publisher:   Nero AG         
Signer:   Nero AG
MD5:    3f350e67d820c4853d3619786246c1f9
SHA-1:    25fa7c18dcf95d1039509c2b333964eb4ad3c63c
Created:   6/27/2007 8:02:48 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Clam AntiVirus as PUA.Packed.ASPack

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\common files\ahead\remotecontrol\neroremotectrlhandler.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    ef2e5b7cf0da165f5abfe0c707ba797b
SHA-1:    69920e307450ff52b849e2f98acd0a2a85733b52
Created:   6/27/2007 8:03:20 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - WebWasher Gateway as BlockReason.0 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\common files\roxio shared\9.0\divx\divx.dll
Publisher:   DivX, Inc.
Signer:   DivX, Inc.
MD5:    799e5d243a168bdb4671c5df9a154540
SHA-1:    f2beec7807bc263350323c88b41f5bfe45d0a9d4
Created:   6/16/2008 1:12:36 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - eSafe as Suspicious File
   - Clam AntiVirus as PUA.Packed.PECompact-1

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\common files\roxio shared\roxiosharedapi\stdole.dll
Publisher:   Microsoft Corporation
MD5:    2878e2cea511af5562dad618218c632a
SHA-1:    e0b783b11ee1c030c7339720f9746eeff3a18303
Created:   10/23/2008 12:47:06 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Emsisoft Anti-Malware as Gen:Variant.Kazy.290352 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\erunt\autoback.exe
Publisher:   
MD5:    e00de20f0f6bed5cd2160247ddc9443b
SHA-1:    73a0f69e8deb45974c6d64ccc946fc9a8b86d493
Created:   10/20/2005 12:04:08 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Posible_Worm32 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\free m4a to mp3 converter\bass_alac.dll
Publisher:   MaresWEB
MD5:    e5e6efa3505b93fc0962e9d4ead609e3
SHA-1:    fb39a571f87b83e8f06dd60a82728acfea85048c
Created:   12/30/2011 9:56:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Bkav FE as HW32.CDB (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\hp photo creations\uninst.exe
Publisher:   
Signer:   Visan Industries
MD5:    5a18957d6a3f95983149d6407136bcaf
SHA-1:    3f2247699064799ecdb2e7792bc62125f0f07755
Created:   3/20/2012 2:00:02 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Trend Micro House Call as HV_ZYX_CA2255FC.TOMC (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\microsoft games\flight simulator 9\fs9.exe
Publisher:   Microsoft Corporation
MD5:    a5af28914637d2d6ee2174f52dd366fb
SHA-1:    9b0d9cca99ae93ac663b0695d650b73371109a9e
Created:   6/12/2003 10:07:49 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Malware.XPACK-LNR/Heur!1.5594 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\microsoft games\flight simulator 9\uninstal.exe
Publisher:   Microsoft Corporation
MD5:    5f434096437050003ae46009ddffbcc6
SHA-1:    582675b2d79d8b996312540f57419c998fcce0a1
Created:   6/13/2003 1:02:27 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as PE:Trojan.DL.Zlob!1.6606 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\microsoft games\train simulator\mstsbin installer.exe
Publisher:   
MD5:    a24b149b55707931ef1e6fdc92ebe418
SHA-1:    558a57bf0763946a3c2d8172e9b58d4d973fbfa7
Created:   5/11/2013 6:43:45 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Backdoor/Delf.abve (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\microsoft games\train simulator\uninst_msts patch 1.8.0521 en.exe
Publisher:   Lindersoft                                                 
MD5:    a24aa6931ef9d16dff5e70ec294cb94a
SHA-1:    2596f73bdc11bb80c73f66033b5af0c6d3920bdc
Created:   12/28/2011 10:30:50 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/Packed (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\microsoft games\train simulator\trains\trainset\common.snd\genesis\gen_snd2.exe
Publisher:   
MD5:    ff97ad3e7f646e0facf0119af630c572
SHA-1:    202ab810d70c335a13b2c020e29fa29ffbe5fc71
Created:   2/19/2012 12:02:13 PM
Detections:   2
Determination:   Ignore detections (false positive)
   - Jiangmin as Client-IRC.mIRC.o (Undefined)
   - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\core\audiopluginmgr.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    fceebcacc5a42ddfcd552ec54946160e
SHA-1:    3c6a039a44860c1e33413dab88e1e7b3fdd588ae
Created:   6/22/2007 4:34:42 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Sunbelt AntiMalware as Trojan-Downloader.S (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero backitup\nerofiles\neroapi.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    43a4e262475d9a1b7fd71741bb862b2f
SHA-1:    12cebcd4f2404667f263c71b90c86e0e7e802caf
Created:   9/10/2007 11:00:54 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero coverdesigner\coverdes.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    3df4066b2104f646895147b16472b22b
SHA-1:    33843c2363e19b7bd6fde4e742c151dd573c629e
Created:   7/24/2007 4:43:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero home\nerohome.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    7f471d168b27e4fd7005f42d5449bdd6
SHA-1:    546bf3536d0162684cf0166adfd4a7823e006c56
Created:   6/27/2007 8:02:38 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/KillAV.nhz (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero mediahome\neromediahome.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    f679dbb4694fd402921b064840f5f65e
SHA-1:    11b3d38909770a80754c45771a1cbcf898455129
Created:   6/27/2007 8:04:52 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/KillAV.nhz (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero photosnap\photosnap.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    78f72e57307744a22f38ae7fdab0af57
SHA-1:    d8210baca3fe828ea9599d2492fe3a4fd9265a14
Created:   5/23/2007 11:08:06 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - The Hacker as Trojan/KillAV.nhz (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero vision\dvdblockacc.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    c7b21be6f8df776909a1bde4723af5e5
SHA-1:    2ee7f256e102be8f9ab102c3ffd1657b3603679c
Created:   9/10/2007 11:02:02 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Rising Antivirus as Suspicious

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero vision\dvddoc.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    3241530d2e9915d5f259afe1f6a5d5a4
SHA-1:    764e0dbd7202759be4d89d10a627589157c29777
Created:   8/3/2007 3:58:02 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero vision\htmlgallery.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    06aa74a60a1e7ed2b2b036599be40b44
SHA-1:    f8fa252de47393eafb0881b2d0dbe4bcf19a0e45
Created:   8/3/2007 3:58:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero vision\nerovision.exe
Publisher:   Nero AG
Signer:   Nero AG
MD5:    300be75501fd44c4cc513b11dcc89523
SHA-1:    88f4192039bb0ffcd61ef68ac655db4e6d6a3f83
Created:   8/3/2007 3:58:36 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Avira AntiVirus as TR/Agent.1042480 (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\nero\nero 7\nero vision\vcdlib.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    a726ffb862bd8322d90380d71a6d65cf
SHA-1:    03baf21bc4b286fff75c1b726b59ea02f17efa22
Created:   8/3/2007 3:58:48 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - ByteHero BDV as Trojan.Malware.Win32.xPack.g (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\real\realplayer\setup\vc9_runtime.msi
Publisher:   
MD5:    40a13534ba71777483a8e6cefb0c60d8
SHA-1:    5eb25bd3a5a77167c4e50a00c90bfdbdd1870b94
Created:   6/7/2014 1:19:58 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - eSafe as Suspicious File

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\roxio 2012\virtual drive\emudisk\winnt\amd64\c2scsi64.sys
Publisher:   Sonic Solutions
Signer:   Sonic Solutions
MD5:    59626ab5920f316bdbfdc8b47521a882
SHA-1:    d305e23e6ce6af46502aacbfb9dedef23b673458
Created:   6/6/2012 11:41:06 AM
Detections:   1
Determination:   Ignore detections (false positive)
   - Fortinet FortiGate as W32/Swisyn.AMLS!tr (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\seagate\seagate dashboard 2.0\microsoft.practices.servicelocation.dll
Publisher:   Microsoft
Signer:   Microsoft Corporation
MD5:    6df78bb163d443d95b21f58808320af7
SHA-1:    a0263ec61435d1ee4c18a92a06ac3ea2c42eb730
Created:   4/1/2012 4:42:50 PM
Detections:   1
Determination:   Inconclusive
   - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\seagate\seagate dashboard 2.0\de-de\backitup.resources.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    81602be7c5b50c2ff13be844c82bedb2
SHA-1:    c3c1af458a817b840d6f630f1b724fb5e89a5df0
Created:   4/1/2012 4:42:46 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Jiangmin as Backdoor/VB.bhx (Undefined)

---------------------------------------------------------------------------------

File path:   c:\program files (x86)\seagate\seagate dashboard 2.0\en-us\backitup.resources.dll
Publisher:   Nero AG
Signer:   Nero AG
MD5:    3cbed9009bf054f1097f3f377bf98718
SHA-1:    d411a7676bfd307980f71350501fb188dfcf01cd
Created:   4/1/2012 4:42:46 PM
Detections:   1
Determination:   Ignore detections (false positive)
   - Jiangmin as Backdoor/VB.bhx (Undefined)

Link to post
Share on other sites

The system seems to be working okay, no issues noticed.  Thank you very much for giving the system a quick look!  PayPal will be coming your way tomorrow.

 

One question I've been meaning to ask.  For a while, one svchost in task manager is taking up around 286,000k while the others are taking around 10,000k.  In TCPview a svchost sometimes will connect to an address.  Does this sound like normal behavior?

Link to post
Share on other sites

I have 15 entries for svchost in taskmanager, they are using between 745k and 300,000k of memory. Connctions are not unusual...

 

Run this to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Let me know if we are ok to close out...

 

Kevin..

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.