Jump to content

I'm infected with something


MCL

Recommended Posts

There is audio running in the background whenever I use my computer.

 

Here are my logs:

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Mlaukha (administrator) on CDG07001538 on 10-04-2014 20:01:02
Running from C:\Users\mlaukha\Downloads
Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
(O2Micro International) C:\WINDOWS\system32\DRIVERS\o2flash.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Specops Software) C:\Windows\System32\SppClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sysinternals) C:\Windows\Scripts\Bginfo\Bginfo.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprostat.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Juniper Networks) C:\Users\mlaukha\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
(IBM) C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20110310-0045\win32\x86\notes2.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(salesforce.com) C:\Program Files\salesforce.com\common\SForceDB.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(The Neat Company) C:\Program Files\NeatWorks\exec\NeatReceipts.QuickScan.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\bin\IHAMCNotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [bGInfo] - C:\Windows\Scripts\BGINFO.bat [97 2011-03-08] ()
HKLM\...\Run: [specops Password Client] - C:\Windows\system32\SppClient.exe [858328 2010-11-23] (Specops Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] - C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [DCERegBootClean] - C:\WINDOWS\RegBootClean.exe [181272 2014-04-10] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-150485414-301174314-2440751699-8203\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-03-07] (SUPERAntiSpyware.com)
AppInit_DLLs: IESearchPlugin32.dll => C:\Program Files\Surf Canyon\IESearchPlugin32.dll [153600 2013-10-07] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
SearchScopes: HKCU - DefaultScope {D01D0105-DA22-4F0E-89C1-D9F7A7BDF4C5} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS476
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Brwsr-v6IE&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {D01D0105-DA22-4F0E-89C1-D9F7A7BDF4C5} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS476
SearchScopes: HKCU - {E60FFE1E-07EA-4950-8818-70148ACB935B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C0B269BB-18F3-4DB5-8B41-B2C0243A3C79&apn_sauid=D8995714-85AF-4338-B834-48FBDA519356
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files\verizontb\auxi\verizonAu.dll (Visicom Media)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://usherwip12:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://usherwip12:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://usherwip12:4343/officescan/console/html/root/AtxEnc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {9B815712-2EF0-4F81-8505-72EDC73B5626} https://na13.salesforce.com/dwnld/offline2/offline2.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bio-rad.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bio-rad.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8A2314A-16E1-48CB-8EE7-A221207CBEEE} http://usherisx01.global.bio-rad.com/ucontent/8acc281bae9f42d187f9ee729af1a677_en-US/gh/html//assets/cab/rwdsot.CAB
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 192.101.136.183      connect.bio-rad.com
Tcpip\Parameters: [DhcpNameServer] 10.42.18.140 10.42.18.139

Chrome:
=======


CHR Extension: (YouTube) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01]
CHR Extension: (Google Search) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-01]
CHR Extension: (Gmail) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)
S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149416 2011-01-12] (Dell Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 Lotus Notes Diagnostics; C:\Program Files\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 mozyprobackup; C:\Program Files\MozyPro\mozyprobackup.exe [54600 2013-12-11] (Mozy, Inc.)
S3 MSSQL$NR2007; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Multi-user Cleanup Service; C:\Program Files\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2320640 2013-11-16] (Trend Micro Inc.)
R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72296 2011-07-08] (O2Micro International)
S3 PSEXESVC; C:\WINDOWS\PSEXESVC.EXE [181064 2014-02-20] (Sysinternals)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [497272 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)
S2 Winmgmt; C:\WINDOWS\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [43888 2011-07-08] (ST Microelectronics)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
S3 MEI; C:\WINDOWS\system32\drivers\HECI.sys [41088 2011-07-08] (Intel Corporation)
R1 mozyproFilter; C:\WINDOWS\System32\DRIVERS\mozypro.sys [55520 2013-12-11] (Mozy, Inc.)
R3 NETwNs32; C:\WINDOWS\System32\DRIVERS\NETwNs32.sys [7434240 2011-07-08] (Intel Corporation)
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [62208 2011-07-08] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [141568 2011-07-08] (Renesas Electronics Corporation)
S3 O2MDFRDR; C:\WINDOWS\system32\drivers\O2MDFw7.sys [60904 2011-07-08] (O2Micro )
S3 O2MDRRDR; C:\WINDOWS\system32\drivers\O2MDRw7.sys [62440 2011-07-08] (O2Micro )
R3 O2SDJRDR; C:\WINDOWS\System32\DRIVERS\o2sdjw7.sys [63976 2011-07-08] (O2Micro )
S3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)
R2 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [146232 2012-06-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [282936 2012-06-21] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\mlaukha\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-10 20:01 - 2014-04-10 20:01 - 00016509 _____ () C:\Users\mlaukha\Downloads\FRST.txt
2014-04-10 20:00 - 2014-04-10 20:00 - 01145856 _____ (Farbar) C:\Users\mlaukha\Downloads\FRST.exe
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____S () C:\WINDOWS\system32\uymo.vry
2014-04-10 15:44 - 2014-04-10 16:20 - 00003530 _____ () C:\WINDOWS\RegBootClean.CFG
2014-04-09 17:25 - 2014-04-09 17:25 - 00537600 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\apcbus.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00126464 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\hdhhqzq.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00045568 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\neelde.dll
2014-04-09 15:45 - 2014-04-09 15:45 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\smkits
2014-04-09 14:28 - 2014-04-09 14:28 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-09 14:14 - 2014-04-09 14:14 - 00000000 ____S () C:\WINDOWS\system32\fpzzf.svk
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____S () C:\WINDOWS\system32\krkvhoo.wgr
2014-04-04 15:56 - 2014-04-04 15:56 - 00000000 _____ () C:\WINDOWS\invcol.tmp
2014-04-04 15:51 - 2014-04-08 13:33 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-03-28 20:16 - 2014-03-28 20:16 - 00130048 _____ () C:\Users\mlaukha\AppData\Roaming\kqoipf.dll
2014-03-28 20:16 - 2014-03-28 20:16 - 00024064 _____ () C:\Users\mlaukha\AppData\Roaming\eqnvun.dll
2014-03-26 20:52 - 2014-03-26 20:52 - 00002973 _____ () C:\Users\mlaukha\Desktop\HiJackThis.lnk
2014-03-26 20:52 - 2014-03-26 20:52 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-26 20:50 - 2014-03-26 20:51 - 01402880 _____ () C:\Users\mlaukha\Downloads\HijackThis.msi
2014-03-26 16:13 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 11020800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 02078208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 01232896 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-26 16:11 - 2014-02-24 09:39 - 01638912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-26 16:11 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-26 16:11 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2014-03-26 16:11 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2014-03-26 16:11 - 2013-03-18 23:33 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2014-03-26 16:10 - 2014-02-06 21:07 - 02349056 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-26 16:09 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-03-26 16:09 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-03-26 16:09 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-03-26 16:09 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-03-26 16:09 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2014-03-26 16:09 - 2013-10-03 21:56 - 01796096 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-03-26 16:09 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2014-03-26 16:09 - 2013-10-02 21:58 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-03-26 16:08 - 2013-09-24 22:01 - 00136640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-03-26 16:08 - 2013-09-24 22:01 - 00067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2014-03-26 16:08 - 2013-09-24 21:57 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-03-26 16:08 - 2013-09-24 21:57 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2014-03-26 16:08 - 2013-09-24 21:57 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2014-03-26 16:08 - 2013-09-24 21:56 - 01038848 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-03-26 16:08 - 2013-09-24 21:56 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2014-03-26 16:08 - 2013-09-24 20:49 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2014-03-26 16:08 - 2013-09-24 20:49 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2014-03-26 16:08 - 2013-07-04 08:16 - 00369848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-03-26 16:07 - 2013-12-31 19:05 - 00420008 _____ () C:\WINDOWS\system32\locale.nls
2014-03-26 16:07 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-03-26 16:07 - 2013-12-09 22:02 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-03-26 16:07 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-03-26 16:07 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_isv.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_ssp_isv.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_ssp.dll
2014-03-26 16:07 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-03-26 16:07 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_isv.exe
2014-03-26 16:07 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate.exe
2014-03-26 16:07 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_ssp.exe
2014-03-26 16:07 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_ssp_isv.exe
2014-03-26 16:07 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-03-26 16:07 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2014-03-26 16:06 - 2013-10-01 20:42 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbFlt.sys
2014-03-26 16:06 - 2013-10-01 20:32 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-26 16:06 - 2013-10-01 20:30 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-26 16:06 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsRdpWebAccess.dll
2014-03-26 16:06 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2014-03-26 16:06 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-26 16:06 - 2013-10-01 19:45 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbGDCoInstaller.dll
2014-03-26 16:06 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-26 16:06 - 2013-10-01 19:00 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2014-03-26 16:06 - 2013-10-01 18:53 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2014-03-26 16:06 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-03-26 16:06 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-26 16:03 - 2013-11-26 07:11 - 00240576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-03-26 16:02 - 2013-11-26 21:14 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-03-26 15:33 - 2014-03-26 15:33 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\SUPERAntiSpyware.com
2014-03-26 15:32 - 2014-03-26 15:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-26 00:55 - 2014-03-26 00:55 - 00004764 _____ () C:\WINDOWS\system32\CcmFramework.ini
2014-03-26 00:55 - 2014-03-26 00:55 - 00000621 _____ () C:\WINDOWS\system32\CcmFramework.h
2014-03-26 00:53 - 2014-03-26 00:53 - 00000000 ____D () C:\WINDOWS\ms
2014-03-25 21:19 - 2014-03-25 21:19 - 00000000 ____S () C:\WINDOWS\system32\ewqs.lme
2014-03-25 20:42 - 2014-04-10 17:22 - 00000082 _____ () C:\WINDOWS\system32\rpctwo.wdu
2014-03-25 20:31 - 2014-03-25 20:31 - 00000064 _____ () C:\WINDOWS\system32\dkge.mmq
2014-03-25 20:31 - 2014-03-25 20:31 - 00000000 _____ () C:\WINDOWS\system32\jppa.gqv
2014-03-21 17:03 - 2014-03-21 17:03 - 00008947 _____ () C:\Users\mlaukha\Desktop\plaxo_ab_outlook.csv
2014-03-19 07:44 - 2014-03-19 07:44 - 00377857 ____S () C:\WINDOWS\system32\tadybn.vru

==================== One Month Modified Files and Folders =======

2014-04-10 20:01 - 2014-04-10 20:01 - 00016509 _____ () C:\Users\mlaukha\Downloads\FRST.txt
2014-04-10 20:01 - 2013-11-27 20:03 - 00000000 ____D () C:\FRST
2014-04-10 20:00 - 2014-04-10 20:00 - 01145856 _____ (Farbar) C:\Users\mlaukha\Downloads\FRST.exe
2014-04-10 19:50 - 2011-09-29 15:20 - 01303413 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-10 19:47 - 2011-05-09 14:46 - 00029233 _____ () C:\WINDOWS\setupact.log
2014-04-10 19:16 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 19:16 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 19:15 - 2012-04-24 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-10 19:08 - 2011-10-05 12:53 - 00001296 __RSH () C:\Users\mlaukha\ntuser.pol
2014-04-10 19:08 - 2011-10-05 12:53 - 00000000 ____D () C:\Users\mlaukha
2014-04-10 19:07 - 2011-09-29 15:46 - 00001032 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-04-10 17:22 - 2014-03-25 20:42 - 00000082 _____ () C:\WINDOWS\system32\rpctwo.wdu
2014-04-10 17:19 - 2013-06-05 16:23 - 00000635 _____ () C:\WINDOWS\system32\Drivers\etc\tmsshf.bin
2014-04-10 16:44 - 2011-02-08 14:21 - 00005800 _____ () C:\WINDOWS\mozypro.blk
2014-04-10 16:44 - 2011-02-08 14:21 - 00001254 _____ () C:\WINDOWS\mozypro.flt
2014-04-10 16:20 - 2014-04-10 15:44 - 00003530 _____ () C:\WINDOWS\RegBootClean.CFG
2014-04-10 16:20 - 2012-03-23 07:33 - 00181272 _____ () C:\WINDOWS\RegBootClean.exe
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____S () C:\WINDOWS\system32\uymo.vry
2014-04-10 15:26 - 2011-09-29 15:47 - 00029280 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 15:17 - 2011-12-09 10:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-09 17:25 - 2014-04-09 17:25 - 00537600 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\apcbus.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00126464 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\hdhhqzq.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00045568 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\neelde.dll
2014-04-09 15:45 - 2014-04-09 15:45 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\smkits
2014-04-09 14:28 - 2014-04-09 14:28 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-09 14:14 - 2014-04-09 14:14 - 00000000 ____S () C:\WINDOWS\system32\fpzzf.svk
2014-04-09 14:04 - 2009-07-14 00:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-08 13:33 - 2014-04-04 15:51 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-08 13:33 - 2011-10-05 16:56 - 01047484 _____ () C:\WINDOWS\PFRO.log
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____S () C:\WINDOWS\system32\krkvhoo.wgr
2014-04-04 15:56 - 2014-04-04 15:56 - 00000000 _____ () C:\WINDOWS\invcol.tmp
2014-04-04 15:42 - 2011-10-05 16:27 - 06236742 _____ () C:\WINDOWS\system32\TmInstall.log
2014-04-04 15:41 - 2011-10-05 16:28 - 00012584 _____ () C:\WINDOWS\cfgall.ini
2014-04-04 14:40 - 2010-11-20 17:01 - 01173646 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-04 14:39 - 2011-10-05 16:26 - 00000021 _____ () C:\tmuninst.ini
2014-03-28 20:16 - 2014-03-28 20:16 - 00130048 _____ () C:\Users\mlaukha\AppData\Roaming\kqoipf.dll
2014-03-28 20:16 - 2014-03-28 20:16 - 00024064 _____ () C:\Users\mlaukha\AppData\Roaming\eqnvun.dll
2014-03-26 22:56 - 2009-07-13 22:37 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-26 21:09 - 2013-12-25 19:54 - 00000000 ____D () C:\Program Files\Surf Canyon
2014-03-26 20:52 - 2014-03-26 20:52 - 00002973 _____ () C:\Users\mlaukha\Desktop\HiJackThis.lnk
2014-03-26 20:52 - 2014-03-26 20:52 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-26 20:52 - 2013-02-01 19:38 - 00000000 ____D () C:\Program Files\Trend Micro
2014-03-26 20:51 - 2014-03-26 20:50 - 01402880 _____ () C:\Users\mlaukha\Downloads\HijackThis.msi
2014-03-26 17:30 - 2011-09-29 15:28 - 00000570 _____ () C:\WINDOWS\SMSCFG.INI
2014-03-26 16:59 - 2009-07-14 00:33 - 00403872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-26 16:13 - 2013-10-25 08:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-26 16:03 - 2013-10-23 12:59 - 00000000 ____D () C:\WINDOWS\ccmcache
2014-03-26 15:33 - 2014-03-26 15:33 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\SUPERAntiSpyware.com
2014-03-26 15:32 - 2014-03-26 15:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-26 00:58 - 2009-07-13 22:37 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-26 00:56 - 2013-10-23 12:59 - 00000000 ____D () C:\WINDOWS\CCM
2014-03-26 00:55 - 2014-03-26 00:55 - 00004764 _____ () C:\WINDOWS\system32\CcmFramework.ini
2014-03-26 00:55 - 2014-03-26 00:55 - 00000621 _____ () C:\WINDOWS\system32\CcmFramework.h
2014-03-26 00:55 - 2013-10-23 12:59 - 00002203 _____ () C:\WINDOWS\system32\InstallUtil.InstallLog
2014-03-26 00:53 - 2014-03-26 00:53 - 00000000 ____D () C:\WINDOWS\ms
2014-03-26 00:53 - 2014-02-21 02:31 - 00000000 ____D () C:\WINDOWS\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2014-03-25 21:19 - 2014-03-25 21:19 - 00000000 ____S () C:\WINDOWS\system32\ewqs.lme
2014-03-25 20:31 - 2014-03-25 20:31 - 00000064 _____ () C:\WINDOWS\system32\dkge.mmq
2014-03-25 20:31 - 2014-03-25 20:31 - 00000000 _____ () C:\WINDOWS\system32\jppa.gqv
2014-03-25 20:31 - 2011-10-05 12:57 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\Adobe
2014-03-21 17:03 - 2014-03-21 17:03 - 00008947 _____ () C:\Users\mlaukha\Desktop\plaxo_ab_outlook.csv
2014-03-19 07:44 - 2014-03-19 07:44 - 00377857 ____S () C:\WINDOWS\system32\tadybn.vru
2014-03-12 03:15 - 2012-04-24 16:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 03:15 - 2011-11-07 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\9bjqlj6.bxx
C:\ProgramData\9bjqlj6.fvv
C:\ProgramData\9bjqlj6.reg

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2010-11-20 17:29] - [2010-11-20 17:29] - 0378368 ____A (Microsoft Corporation) DAF0F58C2969E7F067E62E8336920849

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 21:23

==================== End Of Log ============================

 

And the Additional

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Mlaukha (administrator) on CDG07001538 on 10-04-2014 20:01:02
Running from C:\Users\mlaukha\Downloads
Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
(O2Micro International) C:\WINDOWS\system32\DRIVERS\o2flash.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Specops Software) C:\Windows\System32\SppClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sysinternals) C:\Windows\Scripts\Bginfo\Bginfo.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprostat.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Mozy, Inc.) C:\Program Files\MozyPro\mozyprobackup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Juniper Networks) C:\Users\mlaukha\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
(IBM) C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20110310-0045\win32\x86\notes2.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(salesforce.com) C:\Program Files\salesforce.com\common\SForceDB.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(The Neat Company) C:\Program Files\NeatWorks\exec\NeatReceipts.QuickScan.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\bin\IHAMCNotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [bGInfo] - C:\Windows\Scripts\BGINFO.bat [97 2011-03-08] ()
HKLM\...\Run: [specops Password Client] - C:\Windows\system32\SppClient.exe [858328 2010-11-23] (Specops Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] - C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [DCERegBootClean] - C:\WINDOWS\RegBootClean.exe [181272 2014-04-10] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-150485414-301174314-2440751699-8203\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-03-07] (SUPERAntiSpyware.com)
AppInit_DLLs: IESearchPlugin32.dll => C:\Program Files\Surf Canyon\IESearchPlugin32.dll [153600 2013-10-07] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
SearchScopes: HKCU - DefaultScope {D01D0105-DA22-4F0E-89C1-D9F7A7BDF4C5} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS476
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Brwsr-v6IE&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {D01D0105-DA22-4F0E-89C1-D9F7A7BDF4C5} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS476
SearchScopes: HKCU - {E60FFE1E-07EA-4950-8818-70148ACB935B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C0B269BB-18F3-4DB5-8B41-B2C0243A3C79&apn_sauid=D8995714-85AF-4338-B834-48FBDA519356
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files\verizontb\auxi\verizonAu.dll (Visicom Media)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://usherwip12:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://usherwip12:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.gameofficials.net/utility/smsx.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://usherwip12:4343/officescan/console/html/root/AtxEnc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {9B815712-2EF0-4F81-8505-72EDC73B5626} https://na13.salesforce.com/dwnld/offline2/offline2.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bio-rad.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bio-rad.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8A2314A-16E1-48CB-8EE7-A221207CBEEE} http://usherisx01.global.bio-rad.com/ucontent/8acc281bae9f42d187f9ee729af1a677_en-US/gh/html//assets/cab/rwdsot.CAB
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll (Trend Micro Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 192.101.136.183      connect.bio-rad.com
Tcpip\Parameters: [DhcpNameServer] 10.42.18.140 10.42.18.139

Chrome:
=======


CHR Extension: (YouTube) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-01]
CHR Extension: (Google Search) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-01]
CHR Extension: (Gmail) - C:\Users\mlaukha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1090656 2012-11-21] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [470112 2012-11-21] (Microsoft Corporation)
S2 dsiasrv; C:\Program Files\Dell\SysMgt\dsia\bin\DsiaSrv32.exe [149416 2011-01-12] (Dell Inc.)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615720 2009-12-09] (Juniper Networks)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 Lotus Notes Diagnostics; C:\Program Files\IBM\Lotus\Notes\nsd.exe [3417480 2011-03-23] (IBM)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 mozyprobackup; C:\Program Files\MozyPro\mozyprobackup.exe [54600 2013-12-11] (Mozy, Inc.)
S3 MSSQL$NR2007; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 Multi-user Cleanup Service; C:\Program Files\IBM\Lotus\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp)
R2 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2320640 2013-11-16] (Trend Micro Inc.)
R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72296 2011-07-08] (O2Micro International)
S3 PSEXESVC; C:\WINDOWS\PSEXESVC.EXE [181064 2014-02-20] (Sysinternals)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [275536 2012-11-21] (Microsoft Corporation)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [497272 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)
S2 Winmgmt; C:\WINDOWS\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [43888 2011-07-08] (ST Microelectronics)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2009-12-09] (Juniper Networks)
R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
S3 MEI; C:\WINDOWS\system32\drivers\HECI.sys [41088 2011-07-08] (Intel Corporation)
R1 mozyproFilter; C:\WINDOWS\System32\DRIVERS\mozypro.sys [55520 2013-12-11] (Mozy, Inc.)
R3 NETwNs32; C:\WINDOWS\System32\DRIVERS\NETwNs32.sys [7434240 2011-07-08] (Intel Corporation)
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [62208 2011-07-08] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [141568 2011-07-08] (Renesas Electronics Corporation)
S3 O2MDFRDR; C:\WINDOWS\system32\drivers\O2MDFw7.sys [60904 2011-07-08] (O2Micro )
S3 O2MDRRDR; C:\WINDOWS\system32\drivers\O2MDRw7.sys [62440 2011-07-08] (O2Micro )
R3 O2SDJRDR; C:\WINDOWS\System32\DRIVERS\o2sdjw7.sys [63976 2011-07-08] (O2Micro )
S3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [20840 2012-11-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)
R2 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R1 TmLwf; C:\WINDOWS\System32\DRIVERS\tmlwf.sys [146232 2012-06-21] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 tmWfp; C:\WINDOWS\System32\DRIVERS\tmwfp.sys [282936 2012-06-21] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\mlaukha\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; system32\DRIVERS\vmci.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-10 20:01 - 2014-04-10 20:01 - 00016509 _____ () C:\Users\mlaukha\Downloads\FRST.txt
2014-04-10 20:00 - 2014-04-10 20:00 - 01145856 _____ (Farbar) C:\Users\mlaukha\Downloads\FRST.exe
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____S () C:\WINDOWS\system32\uymo.vry
2014-04-10 15:44 - 2014-04-10 16:20 - 00003530 _____ () C:\WINDOWS\RegBootClean.CFG
2014-04-09 17:25 - 2014-04-09 17:25 - 00537600 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\apcbus.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00126464 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\hdhhqzq.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00045568 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\neelde.dll
2014-04-09 15:45 - 2014-04-09 15:45 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\smkits
2014-04-09 14:28 - 2014-04-09 14:28 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-09 14:14 - 2014-04-09 14:14 - 00000000 ____S () C:\WINDOWS\system32\fpzzf.svk
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____S () C:\WINDOWS\system32\krkvhoo.wgr
2014-04-04 15:56 - 2014-04-04 15:56 - 00000000 _____ () C:\WINDOWS\invcol.tmp
2014-04-04 15:51 - 2014-04-08 13:33 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-03-28 20:16 - 2014-03-28 20:16 - 00130048 _____ () C:\Users\mlaukha\AppData\Roaming\kqoipf.dll
2014-03-28 20:16 - 2014-03-28 20:16 - 00024064 _____ () C:\Users\mlaukha\AppData\Roaming\eqnvun.dll
2014-03-26 20:52 - 2014-03-26 20:52 - 00002973 _____ () C:\Users\mlaukha\Desktop\HiJackThis.lnk
2014-03-26 20:52 - 2014-03-26 20:52 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-26 20:50 - 2014-03-26 20:51 - 01402880 _____ () C:\Users\mlaukha\Downloads\HijackThis.msi
2014-03-26 16:13 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 11020800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 02078208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 01232896 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-03-26 16:11 - 2014-02-24 11:35 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-03-26 16:11 - 2014-02-24 09:39 - 01638912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-03-26 16:11 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-26 16:11 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2014-03-26 16:11 - 2014-01-27 22:07 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2014-03-26 16:11 - 2013-03-18 23:33 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2014-03-26 16:10 - 2014-02-06 21:07 - 02349056 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-26 16:09 - 2013-10-11 22:03 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-03-26 16:09 - 2013-10-11 22:01 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-03-26 16:09 - 2013-10-11 22:01 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-03-26 16:09 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-03-26 16:09 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2014-03-26 16:09 - 2013-10-03 21:56 - 01796096 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-03-26 16:09 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2014-03-26 16:09 - 2013-10-02 21:58 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-03-26 16:08 - 2013-09-24 22:01 - 00136640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-03-26 16:08 - 2013-09-24 22:01 - 00067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2014-03-26 16:08 - 2013-09-24 21:57 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-03-26 16:08 - 2013-09-24 21:57 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2014-03-26 16:08 - 2013-09-24 21:57 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2014-03-26 16:08 - 2013-09-24 21:56 - 01038848 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-03-26 16:08 - 2013-09-24 21:56 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2014-03-26 16:08 - 2013-09-24 20:49 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2014-03-26 16:08 - 2013-09-24 20:49 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2014-03-26 16:08 - 2013-07-04 08:16 - 00369848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-03-26 16:07 - 2013-12-31 19:05 - 00420008 _____ () C:\WINDOWS\system32\locale.nls
2014-03-26 16:07 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-03-26 16:07 - 2013-12-09 22:02 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-03-26 16:07 - 2013-12-05 22:02 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-03-26 16:07 - 2013-12-05 22:02 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_isv.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_ssp_isv.dll
2014-03-26 16:07 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\secproc_ssp.dll
2014-03-26 16:07 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-03-26 16:07 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_isv.exe
2014-03-26 16:07 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate.exe
2014-03-26 16:07 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_ssp.exe
2014-03-26 16:07 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMActivate_ssp_isv.exe
2014-03-26 16:07 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-03-26 16:07 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2014-03-26 16:06 - 2013-10-01 20:42 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbFlt.sys
2014-03-26 16:06 - 2013-10-01 20:32 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-26 16:06 - 2013-10-01 20:30 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-26 16:06 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsRdpWebAccess.dll
2014-03-26 16:06 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2014-03-26 16:06 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-26 16:06 - 2013-10-01 19:45 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbGDCoInstaller.dll
2014-03-26 16:06 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-26 16:06 - 2013-10-01 19:00 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2014-03-26 16:06 - 2013-10-01 18:53 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2014-03-26 16:06 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-03-26 16:06 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-26 16:03 - 2013-11-26 07:11 - 00240576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-03-26 16:02 - 2013-11-26 21:14 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2014-03-26 16:02 - 2013-11-26 21:13 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-03-26 15:33 - 2014-03-26 15:33 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\SUPERAntiSpyware.com
2014-03-26 15:32 - 2014-03-26 15:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-26 00:55 - 2014-03-26 00:55 - 00004764 _____ () C:\WINDOWS\system32\CcmFramework.ini
2014-03-26 00:55 - 2014-03-26 00:55 - 00000621 _____ () C:\WINDOWS\system32\CcmFramework.h
2014-03-26 00:53 - 2014-03-26 00:53 - 00000000 ____D () C:\WINDOWS\ms
2014-03-25 21:19 - 2014-03-25 21:19 - 00000000 ____S () C:\WINDOWS\system32\ewqs.lme
2014-03-25 20:42 - 2014-04-10 17:22 - 00000082 _____ () C:\WINDOWS\system32\rpctwo.wdu
2014-03-25 20:31 - 2014-03-25 20:31 - 00000064 _____ () C:\WINDOWS\system32\dkge.mmq
2014-03-25 20:31 - 2014-03-25 20:31 - 00000000 _____ () C:\WINDOWS\system32\jppa.gqv
2014-03-21 17:03 - 2014-03-21 17:03 - 00008947 _____ () C:\Users\mlaukha\Desktop\plaxo_ab_outlook.csv
2014-03-19 07:44 - 2014-03-19 07:44 - 00377857 ____S () C:\WINDOWS\system32\tadybn.vru

==================== One Month Modified Files and Folders =======

2014-04-10 20:01 - 2014-04-10 20:01 - 00016509 _____ () C:\Users\mlaukha\Downloads\FRST.txt
2014-04-10 20:01 - 2013-11-27 20:03 - 00000000 ____D () C:\FRST
2014-04-10 20:00 - 2014-04-10 20:00 - 01145856 _____ (Farbar) C:\Users\mlaukha\Downloads\FRST.exe
2014-04-10 19:50 - 2011-09-29 15:20 - 01303413 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-10 19:47 - 2011-05-09 14:46 - 00029233 _____ () C:\WINDOWS\setupact.log
2014-04-10 19:16 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 19:16 - 2009-07-14 00:34 - 00019328 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 19:15 - 2012-04-24 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-10 19:08 - 2011-10-05 12:53 - 00001296 __RSH () C:\Users\mlaukha\ntuser.pol
2014-04-10 19:08 - 2011-10-05 12:53 - 00000000 ____D () C:\Users\mlaukha
2014-04-10 19:07 - 2011-09-29 15:46 - 00001032 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-04-10 17:22 - 2014-03-25 20:42 - 00000082 _____ () C:\WINDOWS\system32\rpctwo.wdu
2014-04-10 17:19 - 2013-06-05 16:23 - 00000635 _____ () C:\WINDOWS\system32\Drivers\etc\tmsshf.bin
2014-04-10 16:44 - 2011-02-08 14:21 - 00005800 _____ () C:\WINDOWS\mozypro.blk
2014-04-10 16:44 - 2011-02-08 14:21 - 00001254 _____ () C:\WINDOWS\mozypro.flt
2014-04-10 16:20 - 2014-04-10 15:44 - 00003530 _____ () C:\WINDOWS\RegBootClean.CFG
2014-04-10 16:20 - 2012-03-23 07:33 - 00181272 _____ () C:\WINDOWS\RegBootClean.exe
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____S () C:\WINDOWS\system32\uymo.vry
2014-04-10 15:26 - 2011-09-29 15:47 - 00029280 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 15:17 - 2011-12-09 10:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-09 17:25 - 2014-04-09 17:25 - 00537600 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\apcbus.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00126464 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\hdhhqzq.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00045568 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\neelde.dll
2014-04-09 15:45 - 2014-04-09 15:45 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\smkits
2014-04-09 14:28 - 2014-04-09 14:28 - 00001961 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-09 14:14 - 2014-04-09 14:14 - 00000000 ____S () C:\WINDOWS\system32\fpzzf.svk
2014-04-09 14:04 - 2009-07-14 00:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-08 13:33 - 2014-04-04 15:51 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-08 13:33 - 2011-10-05 16:56 - 01047484 _____ () C:\WINDOWS\PFRO.log
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____S () C:\WINDOWS\system32\krkvhoo.wgr
2014-04-04 15:56 - 2014-04-04 15:56 - 00000000 _____ () C:\WINDOWS\invcol.tmp
2014-04-04 15:42 - 2011-10-05 16:27 - 06236742 _____ () C:\WINDOWS\system32\TmInstall.log
2014-04-04 15:41 - 2011-10-05 16:28 - 00012584 _____ () C:\WINDOWS\cfgall.ini
2014-04-04 14:40 - 2010-11-20 17:01 - 01173646 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-04 14:39 - 2011-10-05 16:26 - 00000021 _____ () C:\tmuninst.ini
2014-03-28 20:16 - 2014-03-28 20:16 - 00130048 _____ () C:\Users\mlaukha\AppData\Roaming\kqoipf.dll
2014-03-28 20:16 - 2014-03-28 20:16 - 00024064 _____ () C:\Users\mlaukha\AppData\Roaming\eqnvun.dll
2014-03-26 22:56 - 2009-07-13 22:37 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-26 21:09 - 2013-12-25 19:54 - 00000000 ____D () C:\Program Files\Surf Canyon
2014-03-26 20:52 - 2014-03-26 20:52 - 00002973 _____ () C:\Users\mlaukha\Desktop\HiJackThis.lnk
2014-03-26 20:52 - 2014-03-26 20:52 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-03-26 20:52 - 2013-02-01 19:38 - 00000000 ____D () C:\Program Files\Trend Micro
2014-03-26 20:51 - 2014-03-26 20:50 - 01402880 _____ () C:\Users\mlaukha\Downloads\HijackThis.msi
2014-03-26 17:30 - 2011-09-29 15:28 - 00000570 _____ () C:\WINDOWS\SMSCFG.INI
2014-03-26 16:59 - 2009-07-14 00:33 - 00403872 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-26 16:13 - 2013-10-25 08:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-26 16:03 - 2013-10-23 12:59 - 00000000 ____D () C:\WINDOWS\ccmcache
2014-03-26 15:33 - 2014-03-26 15:33 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\SUPERAntiSpyware.com
2014-03-26 15:32 - 2014-03-26 15:32 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-26 00:58 - 2009-07-13 22:37 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-03-26 00:56 - 2013-10-23 12:59 - 00000000 ____D () C:\WINDOWS\CCM
2014-03-26 00:55 - 2014-03-26 00:55 - 00004764 _____ () C:\WINDOWS\system32\CcmFramework.ini
2014-03-26 00:55 - 2014-03-26 00:55 - 00000621 _____ () C:\WINDOWS\system32\CcmFramework.h
2014-03-26 00:55 - 2013-10-23 12:59 - 00002203 _____ () C:\WINDOWS\system32\InstallUtil.InstallLog
2014-03-26 00:53 - 2014-03-26 00:53 - 00000000 ____D () C:\WINDOWS\ms
2014-03-26 00:53 - 2014-02-21 02:31 - 00000000 ____D () C:\WINDOWS\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2014-03-25 21:19 - 2014-03-25 21:19 - 00000000 ____S () C:\WINDOWS\system32\ewqs.lme
2014-03-25 20:31 - 2014-03-25 20:31 - 00000064 _____ () C:\WINDOWS\system32\dkge.mmq
2014-03-25 20:31 - 2014-03-25 20:31 - 00000000 _____ () C:\WINDOWS\system32\jppa.gqv
2014-03-25 20:31 - 2011-10-05 12:57 - 00000000 ____D () C:\Users\mlaukha\AppData\Roaming\Adobe
2014-03-21 17:03 - 2014-03-21 17:03 - 00008947 _____ () C:\Users\mlaukha\Desktop\plaxo_ab_outlook.csv
2014-03-19 07:44 - 2014-03-19 07:44 - 00377857 ____S () C:\WINDOWS\system32\tadybn.vru
2014-03-12 03:15 - 2012-04-24 16:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 03:15 - 2011-11-07 14:34 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\9bjqlj6.bxx
C:\ProgramData\9bjqlj6.fvv
C:\ProgramData\9bjqlj6.reg

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2010-11-20 17:29] - [2010-11-20 17:29] - 0378368 ____A (Microsoft Corporation) DAF0F58C2969E7F067E62E8336920849

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 21:23

==================== End Of Log ============================

 

Thanks so much for taking a look

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run FRST one more time:

 

Type the following in the edit box after "Search:".

 

rpcss.dll

 

Click Search button and post the log (Search.txt) it makes to your reply.

 

Kevin

Link to post
Share on other sites

Hi Kevin,

I typed rpcss.dll into the Search box and this was the text.

arbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Mlaukha at 2014-04-11 06:04:10
Running from C:\Users\mlaukha\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2010-11-20 17:29] - [2010-11-20 17:29] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF

C:\Windows\System32\rpcss.dll
[2010-11-20 17:29] - [2010-11-20 17:29] - 0378368 ____A (Microsoft Corporation) DAF0F58C2969E7F067E62E8336920849

C:\Windows\erdnt\cache\rpcss.dll
[2013-02-01 19:13] - [2010-11-20 17:29] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF

=== End Of Search ===

 

It just occured to me that I should have run FRST before I did the search. If I should do that, tell me and I'll do it.

 

Thanks for looking at this,

Mike

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

fixlist.txt

Link to post
Share on other sites

Here we go:

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Mlaukha at 2014-04-11 15:34:19 Run:1
Running from C:\Users\mlaukha\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll C:\Windows\System32\rpcss.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - {E60FFE1E-07EA-4950-8818-70148ACB935B} URL = http://websearch.ask...34-48FBDA519356
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\Users\mlaukha\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; system32\DRIVERS\vmci.sys [X]
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____S () C:\WINDOWS\system32\uymo.vry
2014-04-09 17:25 - 2014-04-09 17:25 - 00537600 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\apcbus.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00126464 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\hdhhqzq.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00045568 _____ (Microsoft Corporation) C:\Users\mlaukha\AppData\Roaming\neelde.dll
2014-04-09 14:14 - 2014-04-09 14:14 - 00000000 ____S () C:\WINDOWS\system32\fpzzf.svk
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____S () C:\WINDOWS\system32\krkvhoo.wgr
2014-03-28 20:16 - 2014-03-28 20:16 - 00130048 _____ () C:\Users\mlaukha\AppData\Roaming\kqoipf.dll
2014-03-28 20:16 - 2014-03-28 20:16 - 00024064 _____ () C:\Users\mlaukha\AppData\Roaming\eqnvun.dll
2014-03-25 21:19 - 2014-03-25 21:19 - 00000000 ____S () C:\WINDOWS\system32\ewqs.lme
2014-03-25 20:42 - 2014-04-10 17:22 - 00000082 _____ () C:\WINDOWS\system32\rpctwo.wdu
2014-03-25 20:31 - 2014-03-25 20:31 - 00000064 _____ () C:\WINDOWS\system32\dkge.mmq
2014-03-25 20:31 - 2014-03-25 20:31 - 00000000 _____ () C:\WINDOWS\system32\jppa.gqv
2014-03-19 07:44 - 2014-03-19 07:44 - 00377857 ____S () C:\WINDOWS\system32\tadybn.vru
C:\ProgramData\9bjqlj6.bxx
C:\ProgramData\9bjqlj6.fvv
C:\ProgramData\9bjqlj6.reg
End
*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E60FFE1E-07EA-4950-8818-70148ACB935B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E60FFE1E-07EA-4950-8818-70148ACB935B} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
catchme => Service deleted successfully.
VGPU => Service deleted successfully.
vmci => Service deleted successfully.
Could not move "C:\WINDOWS\system32\uymo.vry" => Scheduled to move on reboot.
C:\Users\mlaukha\AppData\Roaming\apcbus.dll => Moved successfully.
C:\Users\mlaukha\AppData\Roaming\hdhhqzq.dll => Moved successfully.
C:\Users\mlaukha\AppData\Roaming\neelde.dll => Moved successfully.
C:\WINDOWS\system32\fpzzf.svk => Moved successfully.
C:\WINDOWS\system32\krkvhoo.wgr => Moved successfully.
C:\Users\mlaukha\AppData\Roaming\kqoipf.dll => Moved successfully.
C:\Users\mlaukha\AppData\Roaming\eqnvun.dll => Moved successfully.
C:\WINDOWS\system32\ewqs.lme => Moved successfully.
C:\WINDOWS\system32\rpctwo.wdu => Moved successfully.
C:\WINDOWS\system32\dkge.mmq => Moved successfully.
Could not move "C:\WINDOWS\system32\jppa.gqv" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\tadybn.vru" => Scheduled to move on reboot.
C:\ProgramData\9bjqlj6.bxx => Moved successfully.
C:\ProgramData\9bjqlj6.fvv => Moved successfully.
C:\ProgramData\9bjqlj6.reg => Moved successfully.

 

And the MalwareBytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/11/2014
Scan Time: 4:04:31 PM
Logfile: MalwareBytes 4-11-14.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.11.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Mlaukha

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335184
Time Elapsed: 19 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-1817078517-3534338127-3063044471-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [3fd9db4e7209a1957275b2b2a062649c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

I think I downloaded the full version of MalwareBytes. There wasn't a quick scan option.

Let me knwo what else needs to be done.

Thanks,

Mike

Link to post
Share on other sites

Yes new version of Malwarebytes is different, default scan is Threat scan, not much change in the log. I`m guessing the audio ads have ceased after we run FRST fix...

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post thos two logs, let me know if any remaining issues or concerns..

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Here's what came from the Eset scan (I was unable to turn off my antivirus, but it doesn't look like it mattered).

C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win32/Patched.IB trojan unable to clean
C:\Program Files\verizontb\verizonDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
C:\Program Files\verizontb\verizontb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined

 

And the security check:

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Java 7 Update 51 
 Adobe Flash Player  12.0.0.77 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

The ads have stopped and I think everything's good.

 

Thank you so much, Kevin. I really appreciate your time and knowledge.
 

Link to post
Share on other sites

Ok thanks.. Run the following to clean up..

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed... Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.