[Inactive] gos.drivedo.net malware picked up
Results 1 to 4 of 4

Thread: [Inactive] gos.drivedo.net malware picked up

  1. January 23rd, 2014, 10:32 PM #1
    mwwagner
    mwwagner is offline Virtual Med Student
    Join Date
    Jan 2014
    Posts
    3

    [Inactive] gos.drivedo.net malware picked up

    Trying to move an iPhone from Sprint to Verizon the Verizon tech told me I had to Jailbreak the phone and to use Evasion. When I tried it, I got this a couple of nuisance apps installed and this nasty gos.driveo.net problem. HELP!

    Logs from Malwarebytes and DDS (Attach.txt put me over the character limit)
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.23.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    mwwagner :: CND1041YQ2 [administrator]

    Protection: Enabled

    1/23/2014 10:42:46 AM
    MBAM-log-2014-01-23 (13-07-31).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 550333
    Time elapsed: 1 hour(s), 13 minute(s), 30 second(s)

    Memory Processes Detected: 5
    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 6600 -> No action taken.
    C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 6720 -> No action taken.
    C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 6864 -> No action taken.
    C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 5484 -> No action taken.
    C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 8060 -> No action taken.

    Memory Modules Detected: 1
    C:\Program Files (x86)\Show-Password\150.dll (PUP.Optional.ShowPassword.A) -> No action taken.

    Registry Keys Detected: 15
    HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B} (PUP.Optional.SafeMonitor.A) -> No action taken.
    HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto) -> No action taken.
    HKCR\CLSID\{0dd003ce-9045-4537-892b-b36f3f988523} (PUP.Optional.ShowPassword.A) -> No action taken.
    HKCR\TypeLib\{d5bfd823-bd66-4524-8b7b-f27fa091f43c} (PUP.Optional.ShowPassword.A) -> No action taken.
    HKCR\Interface\{a794f742-500a-459e-b48f-f3a5dc6978a3} (PUP.Optional.ShowPassword.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DD003CE-9045-4537-892B-B36F3F988523} (PUP.Optional.ShowPassword.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0DD003CE-9045-4537-892B-B36F3F988523} (PUP.Optional.ShowPassword.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DD003CE-9045-4537-892B-B36F3F988523} (PUP.Optional.ShowPassword.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7cb6bb8d-624f-4d51-9995-e01203de4fb4 (PUP.Optional.ShowPassword.A) -> No action taken.
    HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> No action taken.
    HKLM\SOFTWARE\Google\Chrome\Extensions\logekkkdbdidmmcgkonmmonclldogceg (PUP.Optional.Iminent.A) -> No action taken.

    Registry Values Detected: 3
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> No action taken.
    HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Data: evasi0n7dhft -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 9
    C:\Users\mwwagner\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files (x86)\Show-Password (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> No action taken.
    C:\Users\mwwagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> No action taken.
    C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> No action taken.
    C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> No action taken.
    C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0 (PUP.Optional.MultiIE) -> No action taken.

    Files Detected: 43
    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
    C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
    C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
    C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\SDK\v1.1\QuickStart\howto\samples\xml\xmlnamespace\cp\XmlNameSpace.exe (Adware.StatBlaster) -> No action taken.
    C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05LPA9N5\Setup_US_20131122[1].exe (PUP.Optional.SearchDonkey.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0TNMJ89\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROCRW366\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6P86WGW\OptimizerPro[1].exe (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6P86WGW\Setup[1].exe (PUP.Optional.OptimumInstaller.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6P86WGW\Setup[2].exe (PUP.Optional.InternetUpdater.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\nspCA9A.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\nspEA99.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\nsqB712.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\nszC77D.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\nszEE80.exe (PUP.Optional.SearchProtect.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\OfferBrokerage_14111.exe (PUP.Optional.InstallIQ) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> No action taken.
    C:\Users\mwwagner\Downloads\Evasi0n7_downloader_by_Evasi0n7.exe (PUP.Optional.Somoto) -> No action taken.
    C:\Users\mwwagner\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\150.crx (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\01.db (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\150.dat (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\150.dll (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\150.xpi (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\Show_Password.exe (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\Sqlite3.dll (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Program Files (x86)\Show-Password\Uninstall.exe (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\Windows\Tasks\Show-Password Update.job (PUP.Optional.ShowPassword.A) -> No action taken.
    C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> No action taken.
    C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> No action taken.
    C:\Users\mwwagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> No action taken.
    C:\Users\mwwagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\announce.js (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\background.html (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\common.js (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\contentscript.js (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\icon128.png (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\icon16.png (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\icon48.png (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\iframecontentscript.js (PUP.Optional.MultiIE) -> No action taken.
    C:\Users\mwwagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\manifest.json (PUP.Optional.MultiIE) -> No action taken.

    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.13.2
    Run by mwwagner at 18:09:19 on 2014-01-23
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.12215.8618 [GMT -8:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\Hpservice.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    C:\windows\system32\vcsFPService.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\System32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe
    C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe
    C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Agilent\IO Libraries Suite\AgilentNkoServer.exe
    C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\WebEx\Connect\apUpdate.exe
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\windows\system32\enstart64.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
    C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
    C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
    C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radexecd.exe
    C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radsched.exe
    C:\Program Files (x86)\Hewlett-Packard\CM\Agent\Radstgms.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\UI0Detect.exe
    C:\Program Files (x86)\Xobni\XobniService.exe
    C:\Program Files (x86)\Agilent\ACCL\Licensing\bin\AgilentLicenseService.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\agilent\adci\adcist.exe
    C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\ProgramData\Updater\updater.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Agilent\ACCL\Licensing\bin\AgilentLicenseNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
    C:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
    C:\windows\system32\RunDll32.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Autonomy\Connected BackupPC\Agent.exe
    C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker\update_checker.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    BHO: Show-Password: {0dd003ce-9045-4537-892b-b36f3f988523} - C:\Program Files (x86)\Show-Password\150.dll
    BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IPS\IPSBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [adcist.exe] c:\agilent\adci\adcist.exe
    uRun: [HP Officejet 6500 E710n-z (NET)] "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CE340B305JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
    uRun: [Sync2] "C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe" /background
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [AudialsNotifier] C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
    uRun: [Updater] C:\ProgramData\Updater\updater.exe
    uRun: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
    uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
    mRun: [!AUMStatus] C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMStatus.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [adcius.exe] c:\Agilent\adci\adcius.exe
    mRun: [AgentUiRunKey] "C:\Program Files (x86)\Autonomy\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Updater] C:\ProgramData\Updater\Updater.exe
    dRun: [adcist.exe] c:\Agilent\adci\adcist.exe
    dRun: [Cisco WebEx Connect] "C:\Program Files (x86)\WebEx\Connect\connect.exe"
    StartupFolder: C:\Users\mwwagner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AGILEN~1.LNK - C:\windows\Installer\{D127F24B-9885-42ED-995C-13B71025C1EC}\NewShortcut1_6B800AD74195442FB3C4CDCA9BCB48B5.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IOCONT~1.LNK - C:\windows\Installer\{CCB3C4B2-0B62-4C52-91C4-797EA56B48D6}\NewShortcut5_2AA07447F06844BA88FA6CE6A9CE3FFC.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\windows\Installer\{63A03116-B9E7-4B24-BF72-3D8E6AEE3D1F}\Icon6560581611.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoPublishingWizard = dword:1
    mPolicies-Explorer: NoWebServices = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: disablecad = dword:1
    IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: C:\windows\System32\PGPlsp.dll
    Trusted Zone: assessmentplus.com
    Trusted Zone: hp.com
    Trusted Zone: knowledgeplanet.com
    Trusted Zone: myemploywise.com
    Trusted Zone: mzinga.com
    Trusted Zone: openmentoring.com
    Trusted Zone: virtualedge.com
    Trusted Zone: vsource.com
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://agilent.webex.com/client/WBXclient-T28L10NSP12-16655/webex/ieatgpc1.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://scssslvpn.net.americas.agilent.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 8.8.8.8,8.8.4.4
    TCP: NameServer = 172.16.0.253
    TCP: Interfaces\{2273FBF4-CF51-4164-8267-AA583C75D2BB} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{2273FBF4-CF51-4164-8267-AA583C75D2BB} : DHCPNameServer = 172.20.10.1
    TCP: Interfaces\{6A914726-6071-4EFA-91F9-408707A0189C} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF} : DHCPNameServer = 172.16.0.253
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\147696C656E647 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\147696C656E647 : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\24A472370274575637470275966496 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\24A472370274575637470275966496 : DHCPNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\37071627B6 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\37071627B6 : DHCPNameServer = 141.121.196.51 156.140.2.8
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\751676E65627 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{7272DA79-F8AE-4F01-A4C9-B71D766559CF}\751676E65627 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{EAFF224E-987B-4CEB-BC39-112E4AFB940D} : DHCPNameServer = 141.121.196.51 156.140.2.8
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli PGPpwflt
    mASetup: >{F407B055-F0BA-4843-B7A1-F78200613CA7} - wscript //b "C:\Program Files (x86)\AgilentIE9Settings\\ConfigureIE9.vbs"
    mASetup: >{F6CBDE3D-3200-41A9-B22D-C7ED922A7B17} - wscript //b "C:\Program Files (x86)\Agilent MS Office Templates v2\UserSetup.vbs"
    mASetup: >{F82A802F-470C-4882-BD2A-6B7CD8C1D6BC} - wscript //b "C:\Program Files (x86)\AgilentIE7Settings\ConfigureIE7.vbs"
    mASetup: >{FAEF8561-BE54-4373-8BDB-D5751C0410B9} - wscript //b "C:\Program Files (x86)\AgilentIE8Settings\ConfigureIE8.vbs"
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    mASetup: {EFDF9138-E80E-46FA-8AC0-B8818EB8617A} - msiexec.exe /fu {EFDF9138-E80E-46FA-8AC0-B8818EB8617A} /qb!
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Trusted Zone: assessmentplus.com
    x64-Trusted Zone: hp.com
    x64-Trusted Zone: knowledgeplanet.com
    x64-Trusted Zone: myemploywise.com
    x64-Trusted Zone: mzinga.com
    x64-Trusted Zone: openmentoring.com
    x64-Trusted Zone: virtualedge.com
    x64-Trusted Zone: vsource.com
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-mASetup: DRV - C:\Temp\DvrCleanup.cmd
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-4-19 24496]
    R0 pgpfs;PGP File Sharing;C:\windows\System32\drivers\PGPfsfd.sys [2011-11-21 175880]
    R0 Pgpwdefs;Pgpwdefs;C:\windows\System32\drivers\PGPwdefs.sys [2011-11-21 15752]
    R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymDS64.sys [2012-12-17 493216]
    R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\SymEFA64.sys [2012-12-17 1133216]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx64.sys [2014-1-14 1526488]
    R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [2012-12-17 168096]
    R1 enstart64_;enstart64_;C:\windows\System32\enstart64_.sys [2013-4-13 66112]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140122.011\IDSviA64.sys [2014-1-22 521944]
    R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.sys [2012-12-17 224416]
    R1 SYMNETS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\SEP\0C0107DF\07DF.105\x64\symnets.sys [2012-12-17 432800]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-9-30 89600]
    R2 AgentService;AgentService;C:\Program Files (x86)\Autonomy\Connected BackupPC\AgentService.exe [2012-11-28 6777680]
    R2 Agilent License Service;Agilent License Service;C:\Program Files (x86)\Agilent\ACCL\Licensing\bin\AgilentLicenseService.exe [2013-8-7 381256]
    R2 AgilentIOLibrariesService;Agilent IO Libraries Service;C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [2013-4-18 81736]
    R2 AgtMdnsResponder;Agilent mDNS Responder Service;C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [2012-5-26 426496]
    R2 AUMService;HPCA Application Usage Manager Agent Service;C:\Program Files (x86)\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe [2009-9-30 235064]
    R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\windows\System32\drivers\CipcCdp.sys [2013-10-1 27200]
    R2 Cisco WebEx Connect Upgrade Service;Cisco WebEx Connect Upgrade Service;C:\Program Files (x86)\WebEx\Connect\apUpdate.exe [2012-5-3 857704]
    R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2010-9-21 9464680]
    R2 enstart64;enstart64;C:\windows\System32\enstart64.exe [2013-4-13 1590272]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2011-5-13 30520]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-23 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-23 701512]
    R2 PGP RDD Service;PGP RDD Service;C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2011-11-21 1588456]
    R2 radexecd;HPCA Notify Daemon;C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radexecd.exe [2013-3-5 338408]
    R2 radsched;HPCA Scheduler Daemon;C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radsched.exe [2013-3-5 236008]
    R2 Radstgms;HPCA MSI Redirector;C:\Program Files (x86)\Hewlett-Packard\CM\Agent\radstgms.exe [2013-3-5 358888]
    R2 Sentinel64;Sentinel64;C:\windows\System32\drivers\sentinel64.sys [2013-10-11 145448]
    R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]
    R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]
    R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [2012-12-17 143928]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-9-30 2320920]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2010-2-18 2045232]
    R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2013-6-18 63096]
    R3 AgilentPXIResourceManager;Agilent PXI Resource Manager;C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [2013-4-18 243016]
    R3 AgPciMem;AgPciMem;C:\Program Files\Agilent\IO Libraries Suite\agPcimem.sys [2013-4-18 15592]
    R3 agRun;USB to GPIB Driver;C:\windows\System32\drivers\agt357run.sys [2013-4-18 29000]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-9-30 35104]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2013-9-30 227896]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2013-9-30 340656]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2013-4-17 56344]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-23 25928]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2013-4-17 7680512]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
    R3 RadiaMsi;RadiaMsi;C:\windows\System32\drivers\radiamsi.sys [2011-12-14 43320]
    R3 rismcx64;RICOH Smart Card Reader;C:\windows\System32\drivers\rismcx64.sys [2013-9-30 59008]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 agBoot;Agilent Technologies 82357 firmware download service;C:\windows\System32\drivers\agt82357.sys [2013-4-18 38984]
    S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-6-20 117248]
    S3 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-4-19 567216]
    S3 LV_Tracker;LV_Tracker;C:\windows\System32\drivers\LV_Tracker64.sys [2012-11-28 54824]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\windows\System32\drivers\SNTUSB64.SYS [2009-9-17 58792]
    S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SyDvCtrl64.sys [2012-12-17 34352]
    S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2010-11-20 34816]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 tsusbhub;Remote Deskotop USB Hub;C:\windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
    .
    =============== Created Last 30 ================
    .
    2014-01-23 22:37:26 -------- d-----w- C:\ProgramData\Agilent Technologies, Inc
    2014-01-23 22:37:12 -------- d-----w- C:\Program Files\Common Files\Agilent
    2014-01-23 22:32:26 -------- d-----w- C:\Agilent_89600_dvd
    2014-01-23 18:37:37 -------- d-----w- C:\Users\mwwagner\AppData\Roaming\Malwarebytes
    2014-01-23 18:37:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-01-23 18:37:24 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-01-23 18:37:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-22 18:27:05 -------- d-----w- C:\Program Files (x86)\Show-Password
    2014-01-22 18:27:00 -------- d-----w- C:\Users\mwwagner\AppData\Local\FilesFrog Update Checker
    2014-01-18 19:20:20 -------- d-----w- C:\Program Files (x86)\Common Files\RootsMagic Shared
    2014-01-18 19:20:12 -------- d-----w- C:\Users\mwwagner\AppData\Roaming\RootsMagic
    2014-01-18 19:20:12 -------- d-----w- C:\ProgramData\RootsMagic Shared
    2014-01-18 19:20:12 -------- d-----w- C:\ProgramData\RootsMagic
    2014-01-18 19:20:12 -------- d-----w- C:\Program Files (x86)\RootsMagic 6
    2014-01-13 03:59:07 -------- d-----w- C:\Program Files (x86)\Image Resizer
    2014-01-13 02:16:18 -------- d-----w- C:\Program Files (x86)\HyperSnap 7
    2014-01-06 19:23:36 4558848 ----a-w- C:\windows\SysWow64\GPhotos.scr
    2013-12-26 08:43:49 3155968 ----a-w- C:\windows\System32\win32k.sys
    2013-12-26 08:43:38 81408 ----a-w- C:\windows\System32\imagehlp.dll
    2013-12-26 08:43:38 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
    2013-12-26 08:43:27 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
    2013-12-26 08:43:27 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
    .
    ==================== Find3M ====================
    .
    2013-12-11 07:54:24 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-11 07:54:24 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-04 23:00:05 24744 ----a-w- C:\windows\System32\drivers\RrNetCapFilterDriver.sys
    2013-11-02 02:28:15 1188864 ----a-w- C:\windows\System32\wininet.dll
    2013-11-02 02:07:14 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-11-02 01:30:23 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2013-11-02 01:13:30 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 18:09:55.54 ===============
  2. January 24th, 2014, 10:10 PM #2
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    =================================

    I still need Attach.txt log from DDS.

    Your MBAM log says "No action taken".
    Re-run MBAM fix all issues and post new log.
    My Home Page
  3. January 25th, 2014, 11:13 AM #3
    mwwagner
    mwwagner is offline Virtual Med Student
    Join Date
    Jan 2014
    Posts
    3

    Resolved - "Show Password" found and removed

    Quote Originally Posted by Broni View Post
    Welcome aboard

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    =================================

    I still need Attach.txt log from DDS.

    Your MBAM log says "No action taken".
    Re-run MBAM fix all issues and post new log.


    Thanks for your reply, Broni. I re-read a previous thread in this forum which led me to a renegade app called show_password or something like that. I figured out another little trick of sorting by date in the remove programs list to find all the recently added programs. After removing the password program and rebooting, everything is running normally.

    I didn't attempt to resolve issues with MBAM because I thought you had to pay and install it for that.

    Thanks again.
  4. January 25th, 2014, 12:57 PM #4
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please don't quote my replies as it creates unnecessary clutter.
    Thank you

    You don't have to pay for anything to remove threats found by MBAM.
    Re-run MBAM fix all issues and post new log.
    My Home Page
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules