Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Computer has malware and is slow need help to get it off


(!)

andrew_al's Avatar
andrew_al andrew_al is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2012
04-Mar-2014, 07:38 PM #1
Computer has malware and is slow need help to get it off
Hello,

This computer is a personal computer and does not have any group policies or defaults set in by a company.

It is having some issues that general hamper it's overall performance...

It will take many minutes to open some programs. overall very sluggish performance
Excel complains about memory even though I don't have much up and the computer has 4 gb of memory.
So because of this I can only have one or two files open in excel at once.

It will not wake up from hibernation correctly, after being in hibernation I see a mouse on a black screen and move it around but the screen will never appear with login after hibernation...and just stay black until restart.

Constantly need to restart, so I am thinking malware is running up the memory in the system.

Let me know if there is anything you can do to help and identify what might be causing this.

here are the logs from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:51:55 PM, on 3/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\VIPRE\SBAMUI.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
O3 - Toolbar: Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
O3 - Toolbar: VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
O4 - HKLM\..\Run: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
O4 - HKLM\..\Run: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Spotify] "C:\Users\ADELYN\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - .DEFAULT User Startup: Smart Settings.lnk = C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 8 - res://C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
O8 - Extra context menu item: Open with PDF Professional 8 - res://C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
O23 - Service: Backup Utility Service (BFBackupUtilityService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
O23 - Service: Backup Utility VSS Service (BFBackupUtilityVSSService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: bufssvr - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Feature Enhancement Pack Service (DFEPService) - Dell Inc. - C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EmbassyService - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GFI LanGuard 11 Attendant Service (gfi_lanss11_attservice) - GFI Software Development Ltd. - C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lmab_device - - C:\Windows\system32\LMabcoms.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Internet Security (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\VIPRE\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TurboPC EX FileCopy Service (TC2Service) - Unknown owner - C:\Windows\system32\TC2Service.exe (file missing)
O23 - Service: NTRU TSS v1.2.1.37 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: TurboPC EX DiskCache Control Service (tpcexdccs) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WvPCR - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe

--
End of file - 15976 bytes



dds.txt from DDS:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/25/2013 9:55:59 AM
System Uptime: 3/4/2014 11:01:32 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 05GRXT
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 465 GiB total, 383.06 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP120: 2/23/2014 7:00:30 PM - Windows Backup
RP121: 3/3/2014 9:11:35 AM - Windows Backup
RP122: 3/3/2014 10:51:51 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.82
AuthenTec Fingerprint Software
Avery Toolbar Updater
Avery Wizard 4.0
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BUFFALO Backup Utility
BUFFALO SecureLockManagerEasy for HD
BUFFALO TurboPC EX Series
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
Custom
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client System Update
Dell Data Protection | Access
Dell Edoc Viewer
Dell Feature Enhancement Pack
Dell Touchpad
DellAccess
DW WLAN Card Utility
EMBASSY Client Core
Gemalto
Google Earth
Google Update Helper
HP LaserJet Enterprise 500 color M551
HP Unified IO
HP Update
HPDXP
HPLaserJetEnterprise500colorM551_HelpLearnCenter
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Junk Mail filter update
Lexmark Software Uninstall
LJDXPHelperUI
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
Nuance PDF Converter Professional 8
Nuance PDF Converter Professional 8 Update x64
O2Micro OZ776 SCR Driver
PC-CCID
Photobie -- photo editing software from Photobie Design
Preboot Manager
Private Information Manager
Samsung Universal Print Driver 2
Scansoft PDF Professional
Screen+ 1.0
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SPBA 5.9
ST Microelectronics 3 Axis Digital Accelerometer Solution
swMSM
toolkit32for64bit
Trusted Drive Manager
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Upek Touchchip Fingerprint Reader
VIPRE Internet Security
Wave Crypto Runtime 2.0.7.0 x86
Wave Infrastructure Installer
Wave Support Software Installer
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/4/2014 7:31:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Capability Licensing Service Interface service to connect.
3/4/2014 7:31:40 AM, Error: Service Control Manager [7000] - The Intel(R) Capability Licensing Service Interface service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/4/2014 11:02:14 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
3/3/2014 8:39:31 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "9C2A701F4876" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
3/3/2014 5:14:28 PM, Error: Disk [11] - The driver detected a controller error on \...\DR1.
.
==== End Of File ===========================







Attach.txt from DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by VSCADM at 14:05:20 on 2014-03-04
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3969.1674 [GMT -7:00]
.
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\LMabcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\o2flash.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TC2Service.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Windows\System32\TC2Tray.exe
C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Program Files (x86)\VIPRE\SBAMTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VIPRE\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\VIPRE\SBAMUI.exe
C:\Program Files (x86)\GFI\LanGuard 11 Agent\Mantle.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\ADELYN\Downloads\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://dell13-comm.msn.com
uDefault_Page_URL = hxxp://dell13-comm.msn.com
uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\PlusIEContextMenu.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Gaaiho PDF Conversion Toolbar Helper: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe"
mRun: [Nuance PDF Converter Professional 8-reminder] "C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter Professional 8\Ereg\Ereg.ini"
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\VIPRE\SBAMTray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: Open with PDF Professional 8 - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{26B02B86-2908-4D07-8FCB-EB09EA50BCFA} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\14D6075646F53525 : DHCPNameServer = 192.168.1.240
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\6535340275962756C6563737 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\65353475962756C6563737 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{46529251-BAC6-46E4-82A7-9B3C1A0F9811}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [tpcexTray] "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
x64-Run: [TC2Tray] "C:\Windows\System32\TC2Tray.exe"
x64-Run: [LMPSSDMON] C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;C:\Windows\System32\drivers\bftpdskc64.sys [2013-1-28 72016]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-7 20464]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-1-19 22128]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-1-25 260816]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2012-2-2 2664264]
R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2011-11-30 163840]
R2 bufssvr;bufssvr;C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [2013-1-28 95608]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 176624]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [2012-11-23 133496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-19 13632]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-19 165336]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [2012-10-23 135056]
R2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\VIPRE\SBAMSvc.exe [2013-9-5 3937472]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-6-18 88928]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [2013-9-5 176016]
R2 TC2Service;TurboPC EX FileCopy Service;C:\Windows\System32\TC2Service.exe -Service_Execute --> C:\Windows\System32\TC2Service.exe -Service_Execute [?]
R2 tpcexdccs;TurboPC EX DiskCache Control Service;C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [2013-1-28 134216]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-19 366040]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-1-19 165688]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-1-19 598808]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-8-7 39976]
R3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-1-25 41032]
R3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2013-7-3 31264]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-8-7 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-7 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-7 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-7 792560]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-1-19 84712]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-1-25 120608]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2013-4-12 88864]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-1-19 68208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;C:\Windows\System32\drivers\bftpusbx64.sys [2013-1-28 20608]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-1-19 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-1-19 74984]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-1-25 120608]
S3 SbHips;SbHips;C:\Windows\System32\drivers\sbhips.sys [2013-1-25 63184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-25 1255736]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-04 18:49:48 -------- d-----w- C:\Users\VSCADM\AppData\Roaming\Malwarebytes
2014-03-04 18:49:38 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-04 18:32:33 -------- d-----w- C:\6bdc1f00a4c8f7bcae604132
2014-03-03 17:51:30 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-03-03 17:51:30 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-03-03 16:26:17 -------- d-----w- C:\Users\VSCADM\AppData\Roaming\HpUpdate
2014-03-03 16:25:13 591648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp145.DLL
2014-03-03 16:21:54 316704 ----a-w- C:\Windows\System32\hpbcoins64.dll
2014-03-03 16:21:47 518432 ----a-w- C:\Windows\SysWow64\hpcdmc32.DLL
2014-03-03 16:21:47 438560 ----a-w- C:\Windows\System32\hpcpn145.dll
2014-03-03 16:21:46 436512 ----a-w- C:\Windows\SysWow64\hpcc3145.dll
2014-03-03 15:48:28 -------- d-----w- C:\Program Files (x86)\HP
2014-02-26 18:54:05 -------- d-----w- C:\Program Files (x86)\Coupons
2014-02-12 10:02:04 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 10:02:04 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 10:00:59 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-12 10:00:58 5768704 ----a-w- C:\Windows\System32\jscript9.dll
.
==================== Find3M ====================
.
2014-02-21 01:59:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 01:59:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 14:05:57.86 ===============







ark.txt from GMER

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-04 14:57:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0005 465.76GB
Running: 7525ki77.exe; Driver: C:\Users\VSCADM\AppData\Local\Temp\ufaiyuob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666 fffff80002dfe08a 12 bytes [80, 09, 00, 00, 48, 2B, C1, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 682 fffff80002dfe09a 9 bytes [8B, 44, 24, 60, 48, 89, 84, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007788000c 1 byte [C3]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007790f8ea 5 bytes JMP 00000001778bd5c1
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe[4964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Program Files (x86)\VIPRE\SBAMTray.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\VIPRE\SBAMTray.exe[4624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Program Files (x86)\VIPRE\SBAMSvc.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\VIPRE\SBAMSvc.exe[5300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe[5624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771a1465 2 bytes [1A, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[6352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771a14bb 2 bytes [1A, 77]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0DFEB824-8F90-43C2-8580-F991E5F323F9}\Connection@Name isatap.{D21CADEF-F70F-492A-9323-97F8F3B3E70B}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{75C1FD0D-875E-4D72-A10C-6E746947E1D6}?\Device\{7646AB83-F476-4DC9-B0C1-408B3DF88E11}?\Device\{0DFEB824-8F90-43C2-8580-F991E5F323F9}?\Device\{A1A370E5-11FD-41D7-9C39-AC956C6F5553}?\Device\{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}?\Device\{BF6C5C0E-1355-4DF9-9674-43465523E5A8}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{75C1FD0D-875E-4D72-A10C-6E746947E1D6}"?"{7646AB83-F476-4DC9-B0C1-408B3DF88E11}"?"{0DFEB824-8F90-43C2-8580-F991E5F323F9}"?"{A1A370E5-11FD-41D7-9C39-AC956C6F5553}"?"{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}"?"{BF6C5C0E-1355-4DF9-9674-43465523E5A8}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{75C1FD0D-875E-4D72-A10C-6E746947E1D6}?\Device\TCPIP6TUNNEL_{7646AB83-F476-4DC9-B0C1-408B3DF88E11}?\Device\TCPIP6TUNNEL_{0DFEB824-8F90-43C2-8580-F991E5F323F9}?\Device\TCPIP6TUNNEL_{A1A370E5-11FD-41D7-9C39-AC956C6F5553}?\Device\TCPIP6TUNNEL_{BD7818D9-3AEA-4A62-9772-EC77E3C6D12E}?\Device\TCPIP6TUNNEL_{BF6C5C0E-1355-4DF9-9674-43465523E5A8}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2016d893c004
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0DFEB824-8F90-43C2-8580-F991E5F323F9}@InterfaceName isatap.{D21CADEF-F70F-492A-9323-97F8F3B3E70B}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{0DFEB824-8F90-43C2-8580-F991E5F323F9}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 150745
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2016d893c004 (not active ControlSet)
---- EOF - GMER 2.1 ----
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
08-Mar-2014, 09:25 PM #2
Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
andrew_al's Avatar
andrew_al andrew_al is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2012
10-Mar-2014, 03:35 PM #3
Here is the Logs:

FRST.txt
-----

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02
Ran by ADELYN (ATTENTION: The logged in user is not administrator) on VSCADM-PC-ADELY on 10-03-2014 12:39:28
Running from C:\Users\ADELYN\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
(BUFFALO INC.) C:\Windows\System32\TC2Tray.exe
() C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Spotify Ltd) C:\Users\ADELYN\AppData\Roaming\Spotify\spotify.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7469568 2012-01-18] (Dell Inc.)
HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] - C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [tpcexTray] - C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [138312 2011-07-20] (BUFFALO INC.)
HKLM\...\Run: [TC2Tray] - C:\Windows\system32\TC2Tray.exe [629656 2012-07-18] (BUFFALO INC.)
HKLM\...\Run: [LMPSSDMON] - C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe [753664 2010-09-16] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [PDF8 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Professional 8\RegistryController.exe [178576 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] - C:\Program Files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe [2013072 2012-10-23] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 8-reminder] - C:\Program Files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Backup Utility TaskTray Tool] - C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe [3618712 2012-09-18] (BUFFALO INC.)
HKLM-x32\...\Run: [SBAMTray] - C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-3913833024-2261051122-276496897-1001\...\Run: [Spotify] - C:\Users\ADELYN\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13-comm.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13-comm.msn.com
SearchScopes: HKLM - DefaultScope {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BDE499B6-5666-4BE8-88A8-E75A12845048} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - DefaultScope {BDE499B6-5666-4BE8-88A8-E75A12845048} URL =
SearchScopes: HKCU - {BDE499B6-5666-4BE8-88A8-E75A12845048} URL =
SearchScopes: HKCU - {C182FFB9-69B9-4625-A16B-1A862785428D} URL = http://websearch.ask.com/redirect?client=ie&tb=AD2&o=102164&src=kw&q={searchTerms}&locale=en_US&apn_ ptnrs=^JH&apn_dtid=^YYYYYY^SE^US&apn_uid=DC2FECBA-408C-48E3-AE96-18BD29888EDB&apn_sauid=07CFFF10-721A-4339-9E5A-A12AC413BD50
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Gaaiho PDF Conversion Toolbar Helper - {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Gaaiho Doc) - C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-22]
CHR Extension: (Google Drive) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-22]
CHR Extension: (YouTube) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-22]
CHR Extension: (Google Search) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-22]
CHR Extension: (Gmail) - C:\Users\ADELYN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-22]

==================== Services (Whitelisted) =================

R2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe [320888 2010-08-20] (BUFFALO INC.)
R2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [359288 2010-04-28] (BUFFALO INC.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [163840 2011-11-30] (Broadcom Corporation)
R2 bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2012-09-28] ( )
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2012-09-28] ( )
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-10-23] (Nuance Communications, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
R2 TC2Service; C:\Windows\system32\TC2Service.exe [308120 2012-07-18] (BUFFALO INC.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] ()
R2 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134216 2011-07-20] (BUFFALO INC.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6157312 2012-01-18] (Dell Inc.)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-08-07] (Broadcom Corporation.)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
R3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-10 12:39 - 2014-03-10 12:40 - 00020100 _____ () C:\Users\ADELYN\Downloads\FRST.txt
2014-03-10 12:39 - 2014-03-10 12:39 - 00000000 ____D () C:\FRST
2014-03-10 12:20 - 2014-03-10 12:20 - 02157056 _____ (Farbar) C:\Users\ADELYN\Downloads\FRST64.exe
2014-03-10 11:14 - 2014-03-10 11:14 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\HpUpdate
2014-03-04 15:28 - 2014-03-04 15:41 - 00380416 _____ () C:\Users\ADELYN\Downloads\7525ki77.exe
2014-03-04 15:04 - 2014-03-04 15:04 - 00688992 ____R (Swearware) C:\Users\ADELYN\Desktop\dds.scr
2014-03-04 14:51 - 2014-03-04 14:52 - 00015978 _____ () C:\Users\ADELYN\Downloads\hijackthis.log
2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\Malwarebytes
2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 12:47 - 2014-03-04 12:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ADELYN\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-04 12:32 - 2014-03-04 12:32 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-03-04 12:21 - 2014-03-04 12:21 - 13670584 _____ (Microsoft Corporation) C:\Users\ADELYN\Downloads\mseinstall.exe
2014-03-04 08:41 - 2014-01-08 20:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-04 08:41 - 2014-01-03 16:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-03 11:52 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-03 11:52 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-03 11:52 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-03 11:52 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-03 11:52 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-03 11:52 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-03 11:52 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-03 11:52 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-03 11:52 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-03 11:52 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-03 11:52 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-03 11:52 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-03 11:52 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-03 11:52 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-03 11:52 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-03 11:52 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-03 11:51 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-03 11:51 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-03 10:26 - 2014-03-03 10:26 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-03 10:25 - 2014-03-03 10:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-03 10:24 - 2014-03-03 10:24 - 00000237 _____ () C:\Windows\system32\AddPort.ini
2014-03-03 10:21 - 2013-05-24 07:50 - 00316704 _____ (Hewlett-Packard) C:\Windows\system32\hpbcoins64.dll
2014-03-03 10:21 - 2013-04-26 10:55 - 00518432 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL
2014-03-03 10:21 - 2013-04-26 10:53 - 00438560 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn145.dll
2014-03-03 10:21 - 2013-04-26 10:49 - 00436512 _____ () C:\Windows\SysWOW64\hpcc3145.dll
2014-03-03 09:48 - 2014-03-03 10:26 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\ProgramData\HP
2014-03-03 09:06 - 2014-03-03 09:06 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{80BFBC9E-0DF5-421F-8CD0-F52D403FAF0A}
2014-02-27 15:16 - 2014-03-10 09:19 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\Windows Live
2014-02-27 15:15 - 2014-02-27 15:16 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{D690D487-EF50-46DF-9B6C-7102064DE197}
2014-02-27 08:43 - 2014-02-27 08:45 - 00000744 _____ () C:\ProgramData\lmab.log
2014-02-26 12:54 - 2014-02-26 12:54 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-02-26 12:53 - 2014-02-26 12:53 - 02021112 _____ (Coupons.com Incorporated) C:\Users\ADELYN\Downloads\couponprinter.exe
2014-02-21 16:22 - 2014-02-21 16:21 - 00487456 _____ () C:\Users\ADELYN\Downloads\Pick Up.zip
2014-02-15 02:08 - 2014-03-03 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 17:00 - 2014-02-12 17:02 - 00000000 ____D () C:\Users\ADELYN\Documents\0Contracts
2014-02-12 11:29 - 2014-02-12 11:29 - 16950239 _____ () C:\Users\ADELYN\Documents\26.wma
2014-02-12 04:02 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 04:02 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 04:01 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 04:01 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 04:01 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 04:01 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 04:01 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 04:01 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 04:01 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 04:01 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 04:01 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 04:01 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 04:01 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 04:01 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 04:01 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 04:01 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 04:01 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 04:01 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 04:01 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 04:01 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 04:01 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 04:01 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 04:01 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 04:01 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 04:01 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 04:01 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 04:01 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 04:01 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 04:01 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 04:01 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 04:01 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 04:01 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 04:01 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 04:01 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 04:01 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 04:01 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 04:01 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 04:01 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 04:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 04:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 04:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 02:20 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 02:20 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 02:20 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 02:20 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 02:20 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 02:20 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 02:20 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 02:20 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 02:20 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 02:20 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 02:20 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 02:20 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 02:20 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 02:20 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 02:20 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 02:20 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 02:20 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 02:20 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 02:20 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 02:20 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 02:20 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 02:20 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 02:20 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 02:20 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 02:20 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 02:20 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 02:20 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 02:20 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-10 12:40 - 2014-03-10 12:39 - 00020100 _____ () C:\Users\ADELYN\Downloads\FRST.txt
2014-03-10 12:39 - 2014-03-10 12:39 - 00000000 ____D () C:\FRST
2014-03-10 12:36 - 2013-01-19 14:59 - 01364768 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 12:29 - 2013-03-22 10:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 12:20 - 2014-03-10 12:20 - 02157056 _____ (Farbar) C:\Users\ADELYN\Downloads\FRST64.exe
2014-03-10 11:59 - 2013-01-19 15:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 11:31 - 2013-01-28 17:43 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\Spotify
2014-03-10 11:14 - 2014-03-10 11:14 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\HpUpdate
2014-03-10 10:24 - 2013-02-01 16:40 - 00000000 ____D () C:\Users\ADELYN\Documents\My Info
2014-03-10 09:19 - 2014-02-27 15:16 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\Windows Live
2014-03-10 05:45 - 2013-01-28 17:44 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\Spotify
2014-03-09 19:59 - 2013-05-28 16:55 - 00429556 _____ () C:\ProgramData\LMabscan.log
2014-03-09 18:29 - 2013-03-22 10:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 14:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-03-07 09:17 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 09:17 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 09:14 - 2009-07-13 23:13 - 00797354 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-07 09:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 09:08 - 2009-07-13 22:51 - 00045091 _____ () C:\Windows\setupact.log
2014-03-05 17:42 - 2013-01-28 17:07 - 00000000 ____D () C:\Users\ADELYN\Documents\Patrick AFB
2014-03-05 09:06 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-04 15:41 - 2014-03-04 15:28 - 00380416 _____ () C:\Users\ADELYN\Downloads\7525ki77.exe
2014-03-04 15:37 - 2013-01-31 09:00 - 481437940 _____ () C:\Windows\MEMORY.DMP
2014-03-04 15:37 - 2013-01-31 09:00 - 00000000 ____D () C:\Windows\Minidump
2014-03-04 15:04 - 2014-03-04 15:04 - 00688992 ____R (Swearware) C:\Users\ADELYN\Desktop\dds.scr
2014-03-04 14:52 - 2014-03-04 14:51 - 00015978 _____ () C:\Users\ADELYN\Downloads\hijackthis.log
2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\Users\ADELYN\AppData\Roaming\Malwarebytes
2014-03-04 12:49 - 2014-03-04 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 12:47 - 2014-03-04 12:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ADELYN\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-04 12:32 - 2014-03-04 12:32 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-03-04 12:21 - 2014-03-04 12:21 - 13670584 _____ (Microsoft Corporation) C:\Users\ADELYN\Downloads\mseinstall.exe
2014-03-04 09:16 - 2013-05-28 13:45 - 00000000 ____D () C:\Users\ADELYN\Documents\IBWC
2014-03-04 08:30 - 2010-11-20 21:47 - 00288494 _____ () C:\Windows\PFRO.log
2014-03-03 10:26 - 2014-03-03 10:26 - 00000000 ____D () C:\Users\Public\Documents\Hewlett-Packard
2014-03-03 10:26 - 2014-03-03 09:48 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-03 10:25 - 2014-03-03 10:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-03 10:24 - 2014-03-03 10:24 - 00000237 _____ () C:\Windows\system32\AddPort.ini
2014-03-03 10:19 - 2013-01-25 10:56 - 00000000 ____D () C:\Users\VSCADM
2014-03-03 10:00 - 2014-02-15 02:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-03 10:00 - 2013-01-25 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-03 09:48 - 2014-03-03 09:48 - 00000000 ____D () C:\ProgramData\HP
2014-03-03 09:06 - 2014-03-03 09:06 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{80BFBC9E-0DF5-421F-8CD0-F52D403FAF0A}
2014-02-27 15:16 - 2014-02-27 15:15 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\{D690D487-EF50-46DF-9B6C-7102064DE197}
2014-02-27 13:48 - 2013-05-05 08:12 - 00000000 ____D () C:\Windows\Patches
2014-02-27 13:48 - 2013-01-25 13:38 - 00001077 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-27 08:45 - 2014-02-27 08:43 - 00000744 _____ () C:\ProgramData\lmab.log
2014-02-27 08:44 - 2013-01-28 17:06 - 00000000 ____D () C:\Users\ADELYN\AppData\Local\VirtualStore
2014-02-26 12:54 - 2014-02-26 12:54 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-02-26 12:53 - 2014-02-26 12:53 - 02021112 _____ (Coupons.com Incorporated) C:\Users\ADELYN\Downloads\couponprinter.exe
2014-02-26 09:50 - 2013-02-11 16:47 - 00000000 ____D () C:\Users\ADELYN\Documents\VSC
2014-02-21 16:21 - 2014-02-21 16:22 - 00487456 _____ () C:\Users\ADELYN\Downloads\Pick Up.zip
2014-02-20 19:59 - 2013-01-19 15:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 19:59 - 2013-01-19 15:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 14:16 - 2013-12-06 17:29 - 00189971 _____ () C:\Users\ADELYN\Documents\Bible Talk.pptx
2014-02-19 14:12 - 2013-02-07 12:19 - 00000000 ____D () C:\Users\ADELYN\Documents\Insurance
2014-02-16 04:03 - 2013-07-12 08:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 04:00 - 2013-01-25 11:34 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 09:26 - 2013-06-04 16:20 - 00000000 ____D () C:\Users\ADELYN\Documents\VZT Docs
2014-02-12 17:02 - 2014-02-12 17:00 - 00000000 ____D () C:\Users\ADELYN\Documents\0Contracts
2014-02-12 17:00 - 2013-02-01 16:34 - 00000000 ____D () C:\Users\ADELYN\Documents\Accounts
2014-02-12 11:29 - 2014-02-12 11:29 - 16950239 _____ () C:\Users\ADELYN\Documents\26.wma
2014-02-12 04:09 - 2013-01-28 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 04:04 - 2011-02-10 08:33 - 00789968 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 04:03 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini

Some content of TEMP:
====================
C:\Users\ADELYN\AppData\Local\Temp\AskSLib.dll
C:\Users\ADELYN\AppData\Local\Temp\US_en_Avery_AW40.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================




Addition.txt
-----


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2014 02
Ran by ADELYN at 2014-03-10 12:40:50
Running from C:\Users\ADELYN\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ThreatTrack Security VIPRE (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.82 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.2 - Ashampoo GmbH & Co. KG)
AuthenTec Fingerprint Software (Version: 8.4.4.39 - AuthenTec, Inc.) Hidden
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{0C518F4B-8D5A-47A6-A1E2-B3F371486118}) (Version: 15.2.1.3 - Broadcom Corporation)
BUFFALO Backup Utility (HKLM-x32\...\UN091222) (Version: - )
BUFFALO SecureLockManagerEasy for HD (HKLM-x32\...\UN090430) (Version: - )
BUFFALO TurboPC EX Series (HKLM-x32\...\UN110613) (Version: - )
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) <==== ATTENTION
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP LaserJet Enterprise 500 color M551 (HKLM-x32\...\{6D6058C2-16C9-4763-B1B5-6F1C3491069B}) (Version: 8.0.13144.1328 - Hewlett-Packard)
HP Unified IO (Version: 2.0.0.477 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.477 - HP) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.9 - HP) Hidden
HPLaserJetEnterprise500colorM551_HelpLearnCenter (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version: - Lexmark International, Inc.)
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
Nuance PDF Converter Professional 8 (HKLM\...\{BCE93D4F-0E1C-495D-8710-C753FE5924A3}) (Version: 8.10.6242 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 (HKLM-x32\...\{BCE93D4F-0E1C-495D-8710-C753FE5924A3}) (Version: 8.10.6242 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 8 Update x64 (HKLM\...\{45AE5880-34A1-4575-92A6-11D0DC182F24}) (Version: 8.11.0000 - Nuance Communications, Inc.)
O2Micro OZ776 SCR Driver (HKLM-x32\...\InstallShield_{5F962F59-DCCB-440B-A8E5-3BA4F7F09594}) (Version: 2.1.4.213 - O2Micro)
O2Micro OZ776 SCR Driver (Version: 2.1.4.213 - O2Micro) Hidden
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Photobie -- photo editing software from Photobie Design (HKLM-x32\...\Photobie) (Version: - )
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Screen+ 1.0 (HKLM-x32\...\Screen+_is1) (Version: - AOC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2013-05-28 16:55 - 2010-09-16 13:47 - 00753664 _____ () C:\Program Files\Lexmark\Monitor\ACB\LMabMON.exe
2013-01-19 16:40 - 2012-03-26 21:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-25 12:32 - 2014-01-15 11:40 - 00603648 _____ () C:\Users\ADELYN\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:AEC0AC81

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SBRegRebootCleaner => "c:\users\vscadm\appdata\local\temp\Downloads\CartSdk\sbrc.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2014 10:24:24 AM) (Source: Microsoft Office 14) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (03/07/2014 11:41:20 AM) (Source: Application Hang) (User: )
Description: The program EXCEL.EXE version 14.0.7109.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b78

Start Time: 01cf3a2bb8063bac

Termination Time: 18

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

Report Id: a3190a60-a61f-11e3-b801-2016d893c004

Error: (03/07/2014 09:08:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2014 05:59:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: prevhost.exe, version: 6.1.7601.17562, time stamp: 0x4d5e2495
Faulting module name: zPreview_x64.dll, version: 8.0.0.18, time stamp: 0x4fed5790
Exception code: 0xc0000005
Fault offset: 0x00000000000112c4
Faulting process id: 0x2a8c
Faulting application start time: 0xprevhost.exe0
Faulting application path: prevhost.exe1
Faulting module path: prevhost.exe2
Report Id: prevhost.exe3

Error: (03/06/2014 05:24:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.1.0, time stamp: 0x52fd5bb4
Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdfd0
Exception code: 0xc0000005
Fault offset: 0x000007fef5c475f4
Faulting process id: 0x91c
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3

Error: (03/06/2014 01:17:32 PM) (Source: Application Hang) (User: )
Description: The program EXCEL.EXE version 14.0.7109.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b70

Start Time: 01cf395b1f5ee78d

Termination Time: 93

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

Report Id: a7be161a-a563-11e3-beac-2016d893c004

Error: (03/06/2014 11:20:09 AM) (Source: Application Hang) (User: )
Description: The program GaaihoDoc.exe version 8.0.0.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2258

Start Time: 01cf395fedec6ea6

Termination Time: 32

Application Path: C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe

Report Id: 89ff26e9-a553-11e3-beac-2016d893c004

Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12168

Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12168

Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/08/2014 03:40:27 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/07/2014 09:08:33 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/06/2014 05:25:00 PM) (Source: Service Control Manager) (User: )
Description: The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (03/05/2014 01:02:40 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \...\DR1.

Error: (03/05/2014 09:11:30 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (03/05/2014 09:11:19 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:06:14 AM on ‎3/‎5/‎2014 was unexpected.

Error: (03/04/2014 07:34:08 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SBAMSvc service.

Error: (03/04/2014 03:44:40 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/04/2014 03:38:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.

Error: (03/04/2014 03:37:34 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (03/10/2014 10:24:24 AM) (Source: Microsoft Office 14)(User: )
Description: Microsoft OutlookOutlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

Error: (03/07/2014 11:41:20 AM) (Source: Application Hang)(User: )
Description: EXCEL.EXE14.0.7109.5000b7801cf3a2bb8063bac18C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEa3190a60-a61f-11e3-b801-2016d893c004

Error: (03/07/2014 09:08:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2014 05:59:12 PM) (Source: Application Error)(User: )
Description: prevhost.exe6.1.7601.175624d5e2495zPreview_x64.dll8.0.0.184fed5790c00000050 0000000000112c42a8c01cf399811fd1c9aC:\Windows\system32\prevhost.exeC:\Progr am Files (x86)\Nuance\PDF Professional 8\Bin\zPreview_x64.dll5053400f-a58b-11e3-beac-2016d893c004

Error: (03/06/2014 05:24:48 PM) (Source: Application Error)(User: )
Description: CouponPrinterService.exe6.0.1.052fd5bb4netprofm.dll_unloaded0.0.0.04a5bdfd0 c0000005000007fef5c475f491c01cf3885326cdd93C:\Program Files (x86)\Coupons\CouponPrinterService.exenetprofm.dll81f4dff7-a586-11e3-beac-2016d893c004

Error: (03/06/2014 01:17:32 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE14.0.7109.50001b7001cf395b1f5ee78d93C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEa7be161a-a563-11e3-beac-2016d893c004

Error: (03/06/2014 11:20:09 AM) (Source: Application Hang)(User: )
Description: GaaihoDoc.exe8.0.0.23225801cf395fedec6ea632C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe89ff26e9-a553-11e3-beac-2016d893c004

Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12168

Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12168

Error: (03/05/2014 11:13:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 3969.24 MB
Available physical RAM: 987.77 MB
Total Pagefile: 7936.66 MB
Available Pagefile: 3636.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.98 GB) (Free:377.26 GB) NTFS
Drive d: (Documents Mgt) (CDROM) (Total:2.89 GB) (Free:0 GB) UDF
Drive e: (HD-PNTU3) (Fixed) (Total:931.48 GB) (Free:409.34 GB) NTFS
Drive z: (IBWC) (Network) (Total:3696.91 GB) (Free:3690.07 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
10-Mar-2014, 04:21 PM #4
Please run the following:

Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
andrew_al's Avatar
andrew_al andrew_al is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2012
11-Mar-2014, 01:47 PM #5
When I ran it....

It seemed ComboFix was stalling. (console windows alternated back and forth for many long minutes).

Vipre anti-virus was disabled. Do you think it could be something else that could cause it to stall?
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
11-Mar-2014, 04:24 PM #6
It's usually a security program or a badly infected computer.

try it in safe mode

How to boot to safe mode.
Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu appears > arrow up to Safe Mode with networking from the list > press enter.
(On some systems, this may be the F5 key, so try that if F8 doesn't work.)

Login with your usual account.
andrew_al's Avatar
andrew_al andrew_al is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2012
12-Mar-2014, 11:34 AM #7
Below is the contents of the ComboFix log file.

cComboFix 14-03-10.01 - VSCADM 03/11/2014 15:24:23.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3969.2888 [GMT -6:00]
Running from: c:\users\ADELYN\Desktop\ComboFix.exe
AV: ThreatTrack Security VIPRE *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
FW: ThreatTrack Security VIPRE *Enabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
SP: ThreatTrack Security VIPRE *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab
c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller .exe
c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\windows\security\Database\tmp.edb
.
---- Previous Run -------
.
c:\users\ADELYN\Documents\~WRL0005.tmp
c:\users\ADELYN\Documents\~WRL0006.tmp
c:\users\ADELYN\Documents\~WRL1647.tmp
c:\users\ADELYN\Documents\~WRL1681.tmp
c:\users\ADELYN\Documents\~WRL3342.tmp
c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab
c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller .exe
c:\users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\windows\security\Database\tmp.edb
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-02-11 to 2014-03-11 )))))))))))))))))))))))))))))))
.
.
2014-03-10 18:39 . 2014-03-10 18:41 -------- d-----w- C:\FRST
2014-03-10 17:14 . 2014-03-10 17:14 -------- d-----w- c:\users\ADELYN\AppData\Roaming\HpUpdate
2014-03-04 18:49 . 2014-03-04 18:49 -------- d-----w- c:\users\ADELYN\AppData\Roaming\Malwarebytes
2014-03-04 18:49 . 2014-03-04 18:49 -------- d-----w- c:\users\VSCADM\AppData\Roaming\Malwarebytes
2014-03-04 18:49 . 2014-03-04 18:49 -------- d-----w- c:\programdata\Malwarebytes
2014-03-03 17:51 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-03-03 17:51 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-03-03 16:26 . 2014-03-03 16:26 -------- d-----w- c:\users\VSCADM\AppData\Roaming\HpUpdate
2014-03-03 16:25 . 2014-03-03 16:25 -------- d-----w- c:\programdata\Hewlett-Packard
2014-03-03 16:25 . 2013-04-26 16:53 591648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp145.DLL
2014-03-03 16:21 . 2013-05-24 13:50 316704 ----a-w- c:\windows\system32\hpbcoins64.dll
2014-03-03 16:21 . 2013-04-26 16:55 518432 ----a-w- c:\windows\SysWow64\hpcdmc32.DLL
2014-03-03 16:21 . 2013-04-26 16:53 438560 ----a-w- c:\windows\system32\hpcpn145.dll
2014-03-03 16:21 . 2013-04-26 16:49 436512 ----a-w- c:\windows\SysWow64\hpcc3145.dll
2014-03-03 15:48 . 2014-03-03 16:26 -------- d-----w- c:\program files (x86)\HP
2014-03-03 15:48 . 2014-03-03 15:48 -------- d-----w- c:\programdata\HP
2014-02-27 21:16 . 2014-03-10 15:19 -------- d-----w- c:\users\ADELYN\AppData\Local\Windows Live
2014-02-26 18:54 . 2014-02-26 18:54 -------- d-----w- c:\program files (x86)\Coupons
2014-02-12 10:02 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 10:02 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 10:00 . 2014-02-06 09:25 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-02-12 10:00 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 01:59 . 2013-01-19 21:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 01:59 . 2013-01-19 21:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-16 10:00 . 2013-01-25 17:34 88567024 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-01-14 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]
"PDF8 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 8\RegistryController.exe" [2012-10-24 178576]
"PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 8\pdfpro8hook.exe" [2012-10-24 2013072]
"Nuance PDF Converter Professional 8-reminder"="c:\program files (x86)\Nuance\PDF Professional 8\Ereg\Ereg.exe" [2012-10-11 333712]
"Backup Utility TaskTray Tool"="c:\program files (x86)\BUFFALO\Backup_Utility\BUTray.exe" [2012-09-18 3618712]
"SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-09-06 3216272]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMS vc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\driv ers\dmvsc.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\d rivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIV E\drivers\gfiutil.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCo llector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE \DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYS NATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYS NATIVE\drivers\O2MDRw7x64.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS \sbfwim.sys [x]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\d rivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\D RIVERS\sbwtis.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SY SNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNA TIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers \TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drive rs\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\Wa tAdminSvc.exe [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;c:\windows\system32\drivers\bftpdskc64.sys;c:\windows\SYSNATIVE\driv ers\bftpdskc64.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVER S\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE \DRIVERS\stdcfltn.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers \SbFw.sys [x]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
S2 BFBackupUtilityService;Backup Utility Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe;c:\program files (x86)\BUFFALO\Backup_Utility\BUService.exe [x]
S2 BFBackupUtilityVSSService;Backup Utility VSS Service;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe;c:\program files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 bufssvr;bufssvr;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [x]
S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIV E\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
S2 TC2Service;TurboPC EX FileCopy Service;c:\windows\system32\TC2Service.exe;c:\windows\SYSNATIVE\TC2Service. exe [x]
S2 tpcexdccs;TurboPC EX DiskCache Control Service;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe;c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers \bcbtums.sys [x]
S3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;c:\windows\system32\drivers\bftpusbx64.sys;c:\windows\SYSNATIVE\driv ers\bftpusbx64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\driver s\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVE RS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS \IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVER S\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVER S\iusb3xhc.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYS NATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVER S\SBFWIM.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVE RS\ST_ACCEL.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 01:59]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 16:52]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 16:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-01-18 7469568]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"tpcexTray"="c:\program files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe" [2011-07-20 138312]
"TC2Tray"="c:\windows\system32\TC2Tray.exe" [2012-07-18 629656]
"LMPSSDMON"="c:\program files\Lexmark\Monitor\ACB\LMabMON.exe" [2010-09-16 753664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-14 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-14 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-14 442352]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-13 1425408]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://dell13-comm.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\PDF Professional 8\cnvres_eng.dll /100
IE: Open with PDF Professional 8 - c:\program files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.13
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll
FF - ProfilePath - c:\users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-OfficeScanNT Monitor - c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_ 0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.ex e"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_ 0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.ex e"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
c:\windows\system32\o2flash.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-03-11 16:09:18 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-11 22:09
.
Pre-Run: 407,220,518,912 bytes free
Post-Run: 407,093,370,880 bytes free
.
- - End Of File - - 03BCBF4C1C5CE396558BEE956537839E
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
12-Mar-2014, 03:59 PM #8
Please do the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
andrew_al's Avatar
andrew_al andrew_al is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2012
13-Mar-2014, 04:33 PM #9
JRT.txt
------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by VSCADM on Thu 03/13/2014 at 12:59:56.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasa pi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasm ancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RAS API32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RAS MANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5EFE8937-8FE1-404E-827E-B5D581288CCB}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\VSCADM\AppData\Roaming\defaulttab"
Failed to delete: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Users\VSCADM\appdata\locallow\asktoolbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\VSCADM\AppData\Roaming\mozilla\firefox\profiles\y71dvp20.default\e xtensions\addon@defaulttab.com.xpi
Successfully deleted: [File] C:\Users\VSCADM\AppData\Roaming\mozilla\firefox\profiles\y71dvp20.default\s earchplugins\askcom.xml



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/13/2014 at 13:05:09.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



AdwCleaner[S1].txt
-----

# AdwCleaner v3.021 - Report created 13/03/2014 at 14:23:07
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : VSCADM - VSCADM-PC-ADELY
# Running from : C:\Users\VSCADM\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\p refs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAt[...]
Line Deleted : user_pref("extensions.enabledAddons", "nuance%40pdf8:8,%7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e[...]
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites_14_11_ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutB tFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByDzytDtDzytBy DtGtC0ByBy[...]
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1799622063");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614 ,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128 ,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "A5B69E40EB82B3916BB2A140B3405BFC");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "2016D893C004467A");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16142");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_b");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.014:11:2");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"fa lse\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:11:2");

[ File : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\p refs.js ]


*************************

AdwCleaner[R0].txt - [12717 octets] - [13/03/2014 14:14:27]
AdwCleaner[R1].txt - [5068 octets] - [13/03/2014 14:22:19]
AdwCleaner[S0].txt - [11502 octets] - [13/03/2014 14:17:20]
AdwCleaner[S1].txt - [5065 octets] - [13/03/2014 14:23:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5125 octets] ##########


adwCleaner[s0].txt
------

# AdwCleaner v3.021 - Report created 13/03/2014 at 14:17:20
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : VSCADM - VSCADM-PC-ADELY
# Running from : C:\Users\VSCADM\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\VSCADM\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\VSCADM\Documents\Optimizer Pro
Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\E xtensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\E xtensions\ffxtlbr@mysearchdial.com
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\VSCADM\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\s earchplugins\Mysearchdial.xml
File Deleted : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\s earchplugins\Mysearchdial.xml
File Deleted : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\u ser.js
File Deleted : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\u ser.js
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\p refs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAt[...]
Line Deleted : user_pref("extensions.enabledAddons", "nuance%40pdf8:8,%7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e[...]
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites_14_11_ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0AtN0D0Tzu0SzztDtAtN1L2XzutB tFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByDzytDtDzytBy DtGtC0ByBy[...]
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1799622063");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614 ,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128 ,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "A5B69E40EB82B3916BB2A140B3405BFC");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutC[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "2016D893C004467A");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16142");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_b");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyE[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.014:11:2");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"fa lse\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.014:11:2");

[ File : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\p refs.js ]

Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_11_ff&cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzzzytA0CtDtDyEyEyCyB0At N0D0Tzu0SzztDtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAt[...]

*************************

AdwCleaner[R0].txt - [12717 octets] - [13/03/2014 14:14:27]
AdwCleaner[S0].txt - [11344 octets] - [13/03/2014 14:17:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11405 octets] ##########
andrew_al's Avatar
andrew_al andrew_al is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2012
13-Mar-2014, 04:38 PM #10
adwCleaner[S2].txt
-----

# AdwCleaner v3.021 - Report created 13/03/2014 at 14:30:21
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : VSCADM - VSCADM-PC-ADELY
# Running from : C:\Users\VSCADM\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\VSCADM\AppData\Roaming\Mozilla\Firefox\Profiles\y71dvp20.default\p refs.js ]


[ File : C:\Users\ADELYN\AppData\Roaming\Mozilla\Firefox\Profiles\xlkdd4pu.default\p refs.js ]


*************************

AdwCleaner[R0].txt - [12717 octets] - [13/03/2014 14:14:27]
AdwCleaner[R1].txt - [5068 octets] - [13/03/2014 14:22:19]
AdwCleaner[R2].txt - [1205 octets] - [13/03/2014 14:29:54]
AdwCleaner[S0].txt - [11502 octets] - [13/03/2014 14:17:20]
AdwCleaner[S1].txt - [5205 octets] - [13/03/2014 14:23:07]
AdwCleaner[S2].txt - [1129 octets] - [13/03/2014 14:30:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1189 octets] ##########
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
13-Mar-2014, 04:44 PM #11
Please do the following
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT

Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT

Please advise how the computer is running now and if there are any outstanding issues
andrew_al's Avatar
andrew_al andrew_al is offline
Member with 25 posts.
THREAD STARTER
 
Join Date: Sep 2012
17-Mar-2014, 12:32 PM #12
After running malwarebytes and eset... I can say the computer runs a lot faster and cleaner. Thanks a lot.
Excel still gives an error that says "Excel cannot complete this task with available resources. Choose less data or close other applications", but I think that is an application issue, I will try reinstalling that or troubleshooting that. It isn't a big issue.

Things seem to be running better now. below are the logs.



First Malware bytes log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
VSCADM :: VSCADM-PC-ADELY [administrator]

Protection: Disabled

3/13/2014 3:20:43 PM
mbam-log-2014-03-13 (15-20-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266635
Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe (PUP.Optional.MegaBrowse.A) -> 1476 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKLM\SYSTEM\CurrentControlSet\Services\Update Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4e6cd411-ce62-4584-97ff-6afbcf6900af} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{15f672ec-1269-428f-bdb7-db781e772b77} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKCR\Interface\{158C1B4D-859D-4886-BCA4-4C671693EAA0} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF} (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\Software\Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
HKLM\Software\Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\Mega Browse (PUP.Optional.MegaBrowse.A) -> Delete on reboot.

Files Detected: 12
C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe (PUP.Optional.MegaBrowse.A) -> Delete on reboot.
C:\Program Files (x86)\Mega Browse\MegaBrowseBHO.dll (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Users\VSCADM\AppData\Local\temp\is166192373\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\VSCADM\AppData\Local\temp\is357113909\166062074_stp\HomePageDLL.dl l (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\VSCADM\AppData\Local\temp\is357113909\166062325_stp\MegaBrowseSetu p.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Users\VSCADM\Downloads\PhotobieInstaller.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\VSCADM\Local Settings\Temporary Internet Files\Content.IE5\L3VWC4A2\Setup[1].exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mega Browse\MegaBrowse.ico (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mega Browse\0 (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mega Browse\7za.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mega Browse\MegaBrowseUninstall.exe (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mega Browse\updateMegaBrowse.InstallState (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.

(end)

2nd Log of Malwarebytes
----

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
ADELYN :: VSCADM-PC-ADELY [limited]

Protection: Disabled

3/13/2014 3:40:56 PM
mbam-log-2014-03-13 (15-40-56).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318548
Time elapsed: 44 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialApp.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialEng.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialsrv.exe.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll.vir (PUP.Optional.MySearchDial.A) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Users\VSCADM\AppData\Roaming\DefaultTab\DefaultTab\D TUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

(end)

3rd log of malwarebytes
----

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
ADELYN :: VSCADM-PC-ADELY [limited]

Protection: Disabled

3/13/2014 4:38:58 PM
mbam-log-2014-03-13 (16-38-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 172046
Time elapsed: 4 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Esetlog
------

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir a variant of Win32/AdWare.SpeedingUpMyPC.D application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\Users\VSCADM\AppData\Local\temp\{69934956-E5AC-4B42-A654-35981A1CF18B}\setup.exe multiple threats
CatByte's Avatar
Malware Removal Specialist with 3,892 posts.
 
Join Date: Feb 2009
17-Mar-2014, 12:47 PM #13
Please do the following:


Press the WinKey + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

Quote:
cmd /c del /f/a/q "C:\Users\VSCADM\AppData\Local\temp\{69934956-E5AC-4B42-A654-35981A1CF18B}\setup.exe"

Now we need to clean up our tools:


You can delete the DDS, JRT and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑