-
January 23rd, 2014, 10:32 PM
#1
[Inactive] gos.drivedo.net malware picked up
Trying to move an iPhone from Sprint to Verizon the Verizon tech told me I had to Jailbreak the phone and to use Evasion. When I tried it, I got this a couple of nuisance apps installed and this nasty gos.driveo.net problem. HELP!
Logs from Malwarebytes and DDS (Attach.txt put me over the character limit)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.23.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
mwwagner :: CND1041YQ2 [administrator]
Protection: Enabled
1/23/2014 10:42:46 AM
MBAM-log-2014-01-23 (13-07-31).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550333
Time elapsed: 1 hour(s), 13 minute(s), 30 second(s)
Memory Processes Detected: 5
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 6600 -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 6720 -> No action taken.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 6864 -> No action taken.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 5484 -> No action taken.
C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 8060 -> No action taken.
Memory Modules Detected: 1
C:\Program Files (x86)\Show-Password\150.dll (PUP.Optional.ShowPassword.A) -> No action taken.
Registry Keys Detected: 15
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> No action taken.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto) -> No action taken.
HKCR\CLSID\{0dd003ce-9045-4537-892b-b36f3f988523} (PUP.Optional.ShowPassword.A) -> No action taken.
HKCR\TypeLib\{d5bfd823-bd66-4524-8b7b-f27fa091f43c} (PUP.Optional.ShowPassword.A) -> No action taken.
HKCR\Interface\{a794f742-500a-459e-b48f-f3a5dc6978a3} (PUP.Optional.ShowPassword.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DD003CE-9045-4537-892B-B36F3F988523} (PUP.Optional.ShowPassword.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0DD003CE-9045-4537-892B-B36F3F988523} (PUP.Optional.ShowPassword.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DD003CE-9045-4537-892B-B36F3F988523} (PUP.Optional.ShowPassword.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7cb6bb8d-624f-4d51-9995-e01203de4fb4 (PUP.Optional.ShowPassword.A) -> No action taken.
HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\logekkkdbdidmmcgkonmmonclldogceg (PUP.Optional.Iminent.A) -> No action taken.
Registry Values Detected: 3
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> No action taken.
HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Data: evasi0n7dhft -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 9
C:\Users\mwwagner\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Show-Password (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> No action taken.
C:\Users\mwwagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> No action taken.
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> No action taken.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0 (PUP.Optional.MultiIE) -> No action taken.
Files Detected: 43
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\SDK\v1.1\QuickStart\howto\samples\xml\xmlnamespace\cp\XmlNameSpace.exe (Adware.StatBlaster) -> No action taken.
C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05LPA9N5\Setup_US_20131122[1].exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0TNMJ89\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROCRW366\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6P86WGW\OptimizerPro[1].exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6P86WGW\Setup[1].exe (PUP.Optional.OptimumInstaller.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6P86WGW\Setup[2].exe (PUP.Optional.InternetUpdater.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\nspCA9A.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\nspEA99.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\nsqB712.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\nszC77D.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\nszEE80.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\OfferBrokerage_14111.exe (PUP.Optional.InstallIQ) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\mwwagner\Downloads\Evasi0n7_downloader_by_Evasi0n7.exe (PUP.Optional.Somoto) -> No action taken.
C:\Users\mwwagner\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Show-Password\150.crx (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Program Files (x86)\Show-Password\01.db (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Program Files (x86)\Show-Password\150.dat (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Program Files (x86)\Show-Password\150.dll (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Program Files (x86)\Show-Password\150.xpi (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Program Files (x86)\Show-Password\Show_Password.exe (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Program Files (x86)\Show-Password\Sqlite3.dll (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Program Files (x86)\Show-Password\Uninstall.exe (PUP.Optional.ShowPassword.A) -> No action taken.
C:\Windows\Tasks\Show-Password Update.job (PUP.Optional.ShowPassword.A) -> No action taken.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> No action taken.
C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> No action taken.
C:\Users\mwwagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> No action taken.
C:\Users\mwwagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\announce.js (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\background.html (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\common.js (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\contentscript.js (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\icon128.png (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\icon16.png (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\icon48.png (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\iframecontentscript.js (PUP.Optional.MultiIE) -> No action taken.
C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\manifest.json (PUP.Optional.MultiIE) -> No action taken.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2
Run by mwwagner at 18:09:19 on 2014-01-23
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.12215.8618 [GMT -8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe
C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe
C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Agilent\IO Libraries Suite\AgilentNkoServer.exe
C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\WebEx\Connect\apUpdate.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\windows\system32\enstart64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radexecd.exe
C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radsched.exe
C:\Program Files (x86)\Hewlett-Packard\CM\Agent\Radstgms.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\UI0Detect.exe
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files (x86)\Agilent\ACCL\Licensing\bin\AgilentLicenseService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\agilent\adci\adcist.exe
C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\ProgramData\Updater\updater.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Agilent\ACCL\Licensing\bin\AgilentLicenseNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Autonomy\Connected BackupPC\Agent.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\svchost.exe -k bthsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Show-Password: {0dd003ce-9045-4537-892b-b36f3f988523} - C:\Program Files (x86)\Show-Password\150.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [adcist.exe] c:\agilent\adci\adcist.exe
uRun: [HP Officejet 6500 E710n-z (NET)] "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CE340B305JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
uRun: [Sync2] "C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe" /background
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AudialsNotifier] C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
uRun: [Updater] C:\ProgramData\Updater\updater.exe
uRun: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
mRun: [!AUMStatus] C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [adcius.exe] c:\Agilent\adci\adcius.exe
mRun: [AgentUiRunKey] "C:\Program Files (x86)\Autonomy\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
dRun: [adcist.exe] c:\Agilent\adci\adcist.exe
dRun: [Cisco WebEx Connect] "C:\Program Files (x86)\WebEx\Connect\connect.exe"
StartupFolder: C:\Users\mwwagner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AGILEN~1.LNK - C:\windows\Installer\{D127F24B-9885-42ED-995C-13B71025C1EC}\NewShortcut1_6B800AD74195442FB3C4CDCA9BCB48B5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IOCONT~1.LNK - C:\windows\Installer\{CCB3C4B2-0B62-4C52-91C4-797EA56B48D6}\NewShortcut5_2AA07447F06844BA88FA6CE6A9CE3FFC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\windows\Installer\{63A03116-B9E7-4B24-BF72-3D8E6AEE3D1F}\Icon6560581611.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: disablecad = dword:1
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\windows\System32\PGPlsp.dll
Trusted Zone: assessmentplus.com
Trusted Zone: hp.com
Trusted Zone: knowledgeplanet.com
Trusted Zone: myemploywise.com
Trusted Zone: mzinga.com
Trusted Zone: openmentoring.com
Trusted Zone: virtualedge.com
Trusted Zone: vsource.com
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://agilent.webex.com/client/WBXclient-T28L10NSP12-16655/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://scssslvpn.net.americas.agilent.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 8.8.8.8,8.8.4.4
TCP: NameServer = 172.16.0.253
TCP: Interfaces\{2273FBF4-CF51-4164-8267-AA583C75D2BB} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{2273FBF4-CF51-4164-8267-AA583C75D2BB} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{6A914726-6071-4EFA-91F9-408707A0189C} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF} : DHCPNameServer = 172.16.0.253
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\147696C656E647 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\147696C656E647 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\24A472370274575637470275966496 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\24A472370274575637470275966496 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\37071627B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\37071627B6 : DHCPNameServer = 141.121.196.51 156.140.2.8
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\751676E65627 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\751676E65627 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{EAFF224E-987B-4CEB-BC39-112E4AFB940D} : DHCPNameServer = 141.121.196.51 156.140.2.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli PGPpwflt
mASetup: >{F407B055-F0BA-4843-B7A1-F78200613CA7} - wscript //b "C:\Program Files (x86)\AgilentIE9Settings\\ConfigureIE9.vbs"
mASetup: >{F6CBDE3D-3200-41A9-B22D-C7ED922A7B17} - wscript //b "C:\Program Files (x86)\Agilent MS Office Templates v2\UserSetup.vbs"
mASetup: >{F82A802F-470C-4882-BD2A-6B7CD8C1D6BC} - wscript //b "C:\Program Files (x86)\AgilentIE7Settings\ConfigureIE7.vbs"
mASetup: >{FAEF8561-BE54-4373-8BDB-D5751C0410B9} - wscript //b "C:\Program Files (x86)\AgilentIE8Settings\ConfigureIE8.vbs"
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
mASetup: {EFDF9138-E80E-46FA-8AC0-B8818EB8617A} - msiexec.exe /fu {EFDF9138-E80E-46FA-8AC0-B8818EB8617A} /qb!
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Trusted Zone: assessmentplus.com
x64-Trusted Zone: hp.com
x64-Trusted Zone: knowledgeplanet.com
x64-Trusted Zone: myemploywise.com
x64-Trusted Zone: mzinga.com
x64-Trusted Zone: openmentoring.com
x64-Trusted Zone: virtualedge.com
x64-Trusted Zone: vsource.com
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: DRV - C:\Temp\DvrCleanup.cmd
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-4-19 24496]
R0 pgpfs;PGP File Sharing;C:\windows\System32\drivers\PGPfsfd.sys [2011-11-21 175880]
R0 Pgpwdefs;Pgpwdefs;C:\windows\System32\drivers\PGPwdefs.sys [2011-11-21 15752]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-12-17 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-12-17 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx64.sys [2014-1-14 1526488]
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-12-17 168096]
R1 enstart64_;enstart64_;C:\windows\System32\enstart64_.sys [2013-4-13 66112]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140122.011\IDSviA64.sys [2014-1-22 521944]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-12-17 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-12-17 432800]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-9-30 89600]
R2 AgentService;AgentService;C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe [2012-11-28 6777680]
R2 Agilent License Service;Agilent License Service;C:\Program Files (x86)\Agilent\ACCL\Licensing\bin\AgilentLicenseService.exe [2013-8-7 381256]
R2 AgilentIOLibrariesService;Agilent IO Libraries Service;C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [2013-4-18 81736]
R2 AgtMdnsResponder;Agilent mDNS Responder Service;C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [2012-5-26 426496]
R2 AUMService;HPCA Application Usage Manager Agent Service;C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe [2009-9-30 235064]
R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\windows\System32\drivers\CipcCdp.sys [2013-10-1 27200]
R2 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;C:\Program Files (x86)\WebEx\Connect\apUpdate.exe [2012-5-3 857704]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2010-9-21 9464680]
R2 enstart64;enstart64;C:\windows\System32\enstart64.exe [2013-4-13 1590272]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-5-13 30520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-23 701512]
R2 PGP RDD Service;PGP RDD Service;C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2011-11-21 1588456]
R2 radexecd;HPCA Notify Daemon;C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radexecd.exe [2013-3-5 338408]
R2 radsched;HPCA Scheduler Daemon;C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radsched.exe [2013-3-5 236008]
R2 Radstgms;HPCA MSI Redirector;C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radstgms.exe [2013-3-5 358888]
R2 Sentinel64;Sentinel64;C:\windows\System32\drivers\sentinel64.sys [2013-10-11 145448]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2012-12-17 143928]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-9-30 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2010-2-18 2045232]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2013-6-18 63096]
R3 AgilentPXIResourceManager;Agilent PXI Resource Manager;C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [2013-4-18 243016]
R3 AgPciMem;AgPciMem;C:\Program Files\Agilent\IO Libraries Suite\agPcimem.sys [2013-4-18 15592]
R3 agRun;USB to GPIB Driver;C:\windows\System32\drivers\agt357run.sys [2013-4-18 29000]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-9-30 35104]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2013-9-30 227896]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2013-9-30 340656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2013-4-17 56344]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-23 25928]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2013-4-17 7680512]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 RadiaMsi;RadiaMsi;C:\windows\System32\drivers\radiamsi.sys [2011-12-14 43320]
R3 rismcx64;RICOH Smart Card Reader;C:\windows\System32\drivers\rismcx64.sys [2013-9-30 59008]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 agBoot;Agilent Technologies 82357 firmware download service;C:\windows\System32\drivers\agt82357.sys [2013-4-18 38984]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-6-20 117248]
S3 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-4-19 567216]
S3 LV_Tracker;LV_Tracker;C:\windows\System32\drivers\LV_Tracker64.sys [2012-11-28 54824]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\windows\System32\drivers\SNTUSB64.SYS [2009-9-17 58792]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2012-12-17 34352]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2010-11-20 34816]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
.
=============== Created Last 30 ================
.
2014-01-23 22:37:26 -------- d-----w- C:\ProgramData\Agilent Technologies, Inc
2014-01-23 22:37:12 -------- d-----w- C:\Program Files\Common Files\Agilent
2014-01-23 22:32:26 -------- d-----w- C:\Agilent_89600_dvd
2014-01-23 18:37:37 -------- d-----w- C:\Users\mwwagner\AppData\Roaming\Malwarebytes
2014-01-23 18:37:25 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-23 18:37:24 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-23 18:37:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-22 18:27:05 -------- d-----w- C:\Program Files (x86)\Show-Password
2014-01-22 18:27:00 -------- d-----w- C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker
2014-01-18 19:20:20 -------- d-----w- C:\Program Files (x86)\Common Files\RootsMagic Shared
2014-01-18 19:20:12 -------- d-----w- C:\Users\mwwagner\AppData\Roaming\RootsMagic
2014-01-18 19:20:12 -------- d-----w- C:\ProgramData\RootsMagic Shared
2014-01-18 19:20:12 -------- d-----w- C:\ProgramData\RootsMagic
2014-01-18 19:20:12 -------- d-----w- C:\Program Files (x86)\RootsMagic 6
2014-01-13 03:59:07 -------- d-----w- C:\Program Files (x86)\Image Resizer
2014-01-13 02:16:18 -------- d-----w- C:\Program Files (x86)\HyperSnap 7
2014-01-06 19:23:36 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
2013-12-26 08:43:49 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-12-26 08:43:38 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-26 08:43:38 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-12-26 08:43:27 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-12-26 08:43:27 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
.
==================== Find3M ====================
.
2013-12-11 07:54:24 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 07:54:24 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-04 23:00:05 24744 ----a-w- C:\windows\System32\drivers\RrNetCapFilterDriver.sys
2013-11-02 02:28:15 1188864 ----a-w- C:\windows\System32\wininet.dll
2013-11-02 02:07:14 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-02 01:30:23 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-02 01:13:30 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 18:09:55.54 ===============
-
January 24th, 2014, 10:10 PM
#2
Welcome aboard
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=================================
I still need Attach.txt log from DDS.
Your MBAM log says "No action taken".
Re-run MBAM fix all issues and post new log.
-
January 25th, 2014, 11:13 AM
#3
Resolved - "Show Password" found and removed
Originally Posted by Broni
Welcome aboard
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=================================
I still need Attach.txt log from DDS.
Your MBAM log says "No action taken".
Re-run MBAM fix all issues and post new log.
Thanks for your reply, Broni. I re-read a previous thread in this forum which led me to a renegade app called show_password or something like that. I figured out another little trick of sorting by date in the remove programs list to find all the recently added programs. After removing the password program and rebooting, everything is running normally.
I didn't attempt to resolve issues with MBAM because I thought you had to pay and install it for that.
Thanks again.
-
January 25th, 2014, 12:57 PM
#4
Please don't quote my replies as it creates unnecessary clutter.
Thank you
You don't have to pay for anything to remove threats found by MBAM.
Re-run MBAM fix all issues and post new log.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|