DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.51.2
Run by s.metrau at 16:39:37 on 2014-11-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3241.416 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Citrix\GoToMeeting\1350\g2mstart.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Citrix\GoToMeeting\1350\g2mcomm.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\GoToMeeting\1350\g2mlauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\windows\explorer.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\dllhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
www.dell.com/
uDefault_Page_URL = hxxp://
www.dell.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
uRun: [Google Update] "c:\users\s.metrau\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\1350\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [XI] c:\drv\x7\XENGINE.EXE
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SpeechExec Startup] c:\program files\common files\philips speech shared\components\PSP.SpeechExec.StartupApp.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\s2386~1.met\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideStartupScripts = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} -
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12EP4-17152/event/ieatgpc1.cab
TCP: NameServer = 10.1.10.222 10.1.10.202
TCP: Interfaces\{58B434FC-61CD-4002-B52F-54A36F419F6A} : DHCPNameServer = 10.1.10.222 10.1.10.202
TCP: Interfaces\{58B434FC-61CD-4002-B52F-54A36F419F6A}\14D6472716B634F6E6E6563647 : DHCPNameServer = 10.65.104.1
TCP: Interfaces\{58B434FC-61CD-4002-B52F-54A36F419F6A}\5416379724F687D2731423241343 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{58B434FC-61CD-4002-B52F-54A36F419F6A}\56962736F6D6 : DHCPNameServer = 10.0.0.6
TCP: Interfaces\{58B434FC-61CD-4002-B52F-54A36F419F6A}\6573157344 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{58B434FC-61CD-4002-B52F-54A36F419F6A}\F43416C6C616768616E637 : DHCPNameServer = 77.75.184.4 77.75.184.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\s.metrau\appdata\roaming\mozilla\firefox\profiles\11w701tb.default-1415052472694\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\emusic download manager 6\npEMusic604.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npatgpc.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\s.metrau\appdata\local\citrix\plugins\97\npappdetector.dll
FF - plugin: c:\users\s.metrau\appdata\local\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\users\s.metrau\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-6-26 17904]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 95920]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-6-21 44144]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2012-6-21 39656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-5 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-5 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-5 51928]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-6-21 7434240]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-6-21 60904]
S1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2012-7-30 87064]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-5-4 224424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-6-21 14848]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-21 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-6-21 27136]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=c:\windows\system32\WScript.exe "%1" %* [UserChoice]
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-11-07 21:07:30 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e7a160e4-d1b3-4bb2-a9b2-640fad1a02c4}\gapaengine.dll
2014-11-07 21:07:12 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4d7a950a-2ac7-4b37-95d5-2392d88156a3}\mpengine.dll
2014-11-07 04:24:53 -------- d-----w- c:\program files\ESET
2014-11-07 04:20:20 8901368 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-07 04:03:54 -------- d-----w- c:\windows\ERUNT
2014-11-07 03:50:00 -------- d-----w- C:\AdwCleaner
2014-11-07 03:45:24 212064 ----a-w- c:\windows\system32\drivers\44047980.sys
2014-11-07 02:57:45 -------- d-----w- c:\programdata\BeklEqvaf
2014-11-07 02:57:21 -------- d-----w- c:\programdata\SoroNjac
2014-11-05 19:45:29 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-11-05 16:57:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-05 16:54:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-05 16:54:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-05 16:54:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-05 16:54:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-05 16:53:37 -------- d-----w- c:\users\s.metrau\appdata\local\Programs
2014-11-04 18:26:44 -------- d--h--w- c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-11-04 05:13:33 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a3427497-b6ba-41ec-85a5-9fff54c97383}\gapaengine.dll
2014-10-15 15:53:00 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-15 15:53:00 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-15 15:51:59 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
.
==================== Find3M ====================
.
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-10 01:39:38 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-29 15:47:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-29 15:47:09 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-29 00:41:36 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-19 01:25:12 4201472 ----a-w- c:\windows\system32\jscript9.dll
2014-09-19 01:14:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-19 01:14:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-19 01:02:07 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-19 00:50:15 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-19 00:49:31 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-19 00:44:23 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-09-19 00:36:23 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-19 00:18:55 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- c:\windows\system32\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- c:\windows\system32\msi.dll
2014-09-13 01:40:05 67072 ----a-w- c:\windows\system32\packager.dll
2014-09-09 21:47:10 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04:15 372736 ----a-w- c:\windows\system32\rastls.dll
2014-08-29 01:44:52 37376 ----a-w- c:\windows\system32\tsgqec.dll
2014-08-29 01:44:52 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-29 01:44:51 4922368 ----a-w- c:\windows\system32\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- c:\windows\system32\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- c:\windows\system32\mstsc.exe
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-19 02:41:38 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2014-08-19 02:41:22 50688 ----a-w- c:\windows\system32\appidapi.dll
2014-08-19 02:41:22 27648 ----a-w- c:\windows\system32\appidsvc.dll
2014-08-19 02:40:49 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2014-08-19 02:40:49 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2014-08-19 01:48:34 50176 ----a-w- c:\windows\system32\drivers\appid.sys
.
============= FINISH: 16:48:34.60 ===============