Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help! Viral/Worm infection in all machines in home network


  • Please log in to reply

#1
majorlag

majorlag

    Member

  • Member
  • PipPip
  • 70 posts

I have a serious infection that has crippled/disabled the network adapters for all three computers in my home network (Win7 machines and WHS2011, all hardwired).  While playing an online video game on a public server, my computer came under heavy attack (very high ping, stalling, etc), As I tried to switch to my desktop to see what was going on, Comodo firewall popped up asking me to allow or reject some program or intrusion from doing something, but I couldn't see what it was due to video mode.  Unfortunately, this happened just as I was swapping to the desktop and I must've accidentally clicked on "allow", I think.   I had no intention of doing that, because I thought it seemed very suspicious at the time.  It all happened so quickly, though.

 

Immediately thereafter, I started seeing a lot UDP traffic in Comodo, and was catching UDP traffic in packet sniffer SMSNIFF that was originating as a "local address" from outside IPs--I think the addresses for Comodo DNS servers.  As I was trying to isolate the problem, I disconnected from the router.  Then I went to another machine to see if I could research the symptoms online and find a possible solution.  In the meantime, I was rebooting and trying everything I could think of, running Superantispyware scans, etc, but everthing was coming up clean.  I noticed the WUDFHOST.exe consuming a lot of resources in process explorer, but could not kill the process--access was denied even to see the process properties and path.

 

The second machine I was running needed Avast and Comodo updates, as it had been in hibernation for several days.  I performed those updates and rebooted, and that's when that machine lost network connectivity.  IPCONFIG was showing an IP address that was, I think, 192.168.1.97, which was not correct for my router DHCP address range.  After trying to investigate some more with release and renews, and trying to directly access my router administrative pages, I ended up disconnected with the 169.xx IP assigned.  But, I can't ping anything, including 127.0.0.1, and just get "General Failure" errors.

 

Since this point, I've disconnected all three machines from the internet and have turned them off, fearing further infection of files.  I burned fresh defnitions of Malwarebytes from my only known clean machine (at work) and ran scans of one of the machines, and it found two instances of "POP.Shopathome" or something, and removed them.  I rebooted, but the the behavior remained the same.  I also ran OTL on that machine.  Malware However, since my only functional machine is my employer's, I cannot directly copy the log file through a memory stick for fear of spreading this infection.  At this point, I'm leery of attempting to burn a DVD/CD from the infected machines, also. 

 

I noted several Zero Access entries in the log file, which seems suspicious to me.

 

I am attaching a PDF for what I'll call Machine 2--the second one to show infection.  Please note that this PDF was made from a paper printout and scanned by a copier at my employer, and is not a file copied from the infected machine. 

 

I would greatly appreciate whatever assistance you can provide in helping me to clean these three machines and/or salvaging my most critical files (personal photographs). 

 

Thanks in advance,


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No attachment.

 

Open a command window with admin rights on the second machine and type:

net  start  dhcp

Does it say the service has been started?

 

How about

net start bfe

Does it say it has already started?

 

 

 

Try:

netsh  winsock  reset catalog
NetSH WinHTTP reset proxy
netsh int ipv4 reset %userprofile%\Desktop\reset4.log
netsh int ipv6 reset %userprofile%\Desktop\reset6.log

Reboot and then try to

ping 127.0.0.1

Also try uninstalling Comodo as the firewall might just be hosed.  Try running a boottime scan with Avast:

 

First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  Did it find anything?

 

Since all three of your PCs are having problems it may be that the router has been compromised.  If you have a separate cable or dsl modem then you can just reset the router by sticking a pin in the hole in the back and holding it for 10 seconds.  If you have a single modem/router then you will need to reenter the DSL or cable info after the reset.  Or if you know what you are doing you can just logon to the router and see if it has dhcp turned on and what dns address it is using and if there are any strange routes in it.
 

 

 


  • 0

#3
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

Terribly sorry about the attachment, here it is.  Attached File  OTL.pdf   808.31KB   237 downloads

 

I'll try your suggestions when I get home.  Thank you!


  • 0

#4
majorlag

majorlag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

I just ran OTL on my work computer, which was running abnormally slow, with large amounts of disk access and a lot of UDP activity to port 1900, and I feared this same infection, since I had been remoted in via Teamviewer when I got the attack at home.

 

It also showed exactly 11 Zero Access items, with very very similar registry keys...does this log look normal?  (OTL for machine attached).

 

Attached File  OTL.Txt   146.76KB   275 downloads


Edited by majorlag, 07 April 2014 - 02:21 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

It's not Zero Access.  The entries you see are normally changed by Zero Access but yours are the defaults.  However, the following files are suspicious:

 



[2013/09/25 13:48:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\chw29wo.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2013/09/25 13:48:13 | 000,000,341 | ---- | C] () -- C:\Windows\SysWow64\sotwaz3.dll
[2013/09/25 13:48:13 | 000,000,101 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\zzppqel.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\qn76h6o.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\nd4nejy.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\h8ghqs4.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\cmci8zx.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\cgm011a.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\b027w5p.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\a2dvk59.dll
[2013/09/25 13:48:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll

 

 

All at the same time and most the same size with random names.  I would submit one or two of them to virustotal.com and see what they say it is.

 

 
Easiest way to submit a file is to copy the path:
 
 C:\Windows\SysWow64\chw29wo.dll
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with spoolsv.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46 different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 46 then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 
I would normally just remove the files with OTL but since this is a work computer we should probably verify that they are bad:
 

Copy the text in the code box by highlighting and Ctrl + c
 
:OTL

[2013/09/25 13:48:13 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\chw29wo.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2013/09/25 13:48:13 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2013/09/25 13:48:13 | 000,000,341 | ---- | C] () -- C:\Windows\SysWow64\sotwaz3.dll
[2013/09/25 13:48:13 | 000,000,101 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\zzppqel.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\qn76h6o.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\nd4nejy.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\h8ghqs4.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\cmci8zx.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\cgm011a.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\b027w5p.dll
[2013/09/25 13:48:13 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\a2dvk59.dll
[2013/09/25 13:48:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll

 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04072013-some number.log so look there if you don't see it.
 
We can run FRST and see if it sees anything else going on:
 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
    And Also Process Explorer to see if something is eating the CPU time:
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
     

    • 0

    #6
    majorlag

    majorlag

      Member

    • Topic Starter
    • Member
    • PipPip
    • 70 posts

    I  checked the files with Virus total.  Several of them were the same files, none of them had any detections (0/42 or more).  I noticed a few of the files have no permissions set for them, which is weird.  I did not run OTL to remove them yet, as I'm afraid of losing completely at the moment.

     

    Here is the FRST log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by achutsell at 2014-04-07 17:20:45
    Running from C:\Users\achutsell\Desktop\Cleanup Aisle 5
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

    ==================== Installed Programs ======================

    64 Bit HP CIO Components Installer (Version: 7.2.7 - Hewlett-Packard) Hidden
    Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.06 - Adobe Systems)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
    Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
    Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.9 - Bentley Systems, Incorporated)
    Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.404 - Bentley Systems, Incorporated)
    Bentley GEOPAK Suite - 2004 Edition (V 08.08.03.24) (HKLM-x32\...\{DDB5409E-2FAF-4219-9612-534FAD956468}) (Version: 08.08.03.24 - Bentley Systems, Incorporated.)
    Bentley GEOPAK Suite - 2004 Edition (x32 Version: 08.08.03.24 - Bentley Systems, Incorporated.) Hidden
    Bentley GEOPAK Suite V8i (SELECTseries 2) (HKLM-x32\...\{DBA81933-E3F4-4695-A2E7-1426A23C914E}) (Version: 08.11.07.536 - Bentley Systems, Incorporated)
    Bentley IEG License Service (HKLM-x32\...\{B1687FC2-7412-4B52-83AC-E5475022B506}) (Version: 2.0.20.1 - Bentley Systems, Inc.)
    Bentley InRoads Group 2004 Edition (V8.8) (HKLM-x32\...\{31CC17A9-2AE1-41E9-B2BA-9CDFF61920CC}) (Version: 08.08.00.46 - Bentley)
    Bentley InRoads Group V8i (SELECTseries 2) (HKLM-x32\...\{5193210B-5492-42B8-B6C4-51E786187A64}) (Version: 08.11.07.536 - Bentley Systems, Incorporated)
    Bentley MicroStation (V 08.05.02.70) - 1 (HKLM-x32\...\{D88E167D-7D6A-45CD-9135-7D8156C959F4}_0) (Version:  - )
    Bentley OpenSTAADOEM (HKLM-x32\...\{703B113F-F445-4875-A244-EE60F8254C10}) (Version: 08.02.09.16 - Bentley Systems, Inc.)
    Bentley V8i (SELECTseries 2) - Autodesk® RealDWG™ 2010 (HKLM-x32\...\{477F115E-D48E-4D9D-B839-2AF37CA2987B}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
    CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
    Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
    Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell KACE Agent (HKLM-x32\...\{5067EC6E-3349-42E1-8C4B-7195CD11C8AB}) (Version: 5.5.30275 - Dell Inc.)
    DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
    EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
    ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
    FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
    Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.3.1.218 - Foxit Corporation)
    Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
    GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
    GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    HEC-RAS 4.1.0 (HKLM-x32\...\{692F1402-6F45-42F3-9D82-9AAEFBFAD4A1}) (Version: 4.1.0 - Hydrologic Engineering Center)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
    Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
    Intel® Network Connections 16.8.45.00 (Version: 16.8.45.00 - Dell) Hidden
    IZArc 3.81 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 3.81 Build 1550 - Ivan Zahariev)
    Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Kentucky Transportation Cabinet CADD Standards MS V8i (HKLM-x32\...\Kentucky Transportation Cabinet CADD Standards MS V8i) (Version:  - )
    LiveUpdate 1.0 (HKLM-x32\...\{AB4EA1B6-67A6-4F00-A5D0-3912628B214C}_is1) (Version: 1.1.0.60 - ZiWu-Soft EDV Systeme GmbH)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Mathcad 8 (HKLM-x32\...\Mathcad 8) (Version:  - )
    MegaRAID Storage Manager v12.05.03.0000 (HKLM-x32\...\{E706A846-56DE-47FD-B5A2-9947B60FDBBE}) (Version: 12.05.03.0000 - LSI)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Business Portal ActiveX (HKLM-x32\...\{532E58E1-C29E-4EAF-BE0D-C7EE9C30A20A}) (Version: 3.0.1855.0 - Microsoft)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4535.1004 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
    MicroStation V8i (SELECTseries 2) 08.11.07.443 (HKLM-x32\...\{7E9B0F70-EEF6-41E1-BF89-FDC4B9EDBD9C}) (Version: 8.11.7.443 - Bentley Systems, Incorporated)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
    Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
    NVIDIA Control Panel 320.09 (Version: 320.09 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 320.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.09 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.122.791 - NVIDIA Corporation) Hidden
    NVIDIA nView 140.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.54 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1004 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1004 - Microsoft Corporation) Hidden
    Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
    Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
    PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
    PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.2.8 - EXP Systems LLC)
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    PipeLink for STAAD.Pro V8i (Build 20.13.2.27) (HKLM-x32\...\{88A34C6C-D222-4FC2-9B1B-D7EC8B520E65}) (Version: 20.13.2.27 - Bentley Systems, Inc.)
    Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
    Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5890 - Realtek Semiconductor Corp.)
    RedistSysFiles (x32 Version: 8.1.0 -  ) Hidden
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
    ShapeCAD version 2.0 (HKLM-x32\...\ShapeCAD_is1) (Version:  - )
    ShapeDesigner SaaS (HKLM-x32\...\{54EB1265-13E1-4FEA-955F-1C7123EEF205}) (Version: 2010 - )
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SI TSS (Version: 2.1.41 - Security Innovation) Hidden
    Simpson Strong-Tie® Anchor Designer™ (HKLM-x32\...\{45D1D5C8-56FC-4E06-AB80-A2B8F800CF63}_is1) (Version: 2.2.5154.2753 - Simpson Strong-Tie®)
    SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
    STAAD.foundation V8i (SELECTseries 4) Release 5.3 (HKLM-x32\...\{C3010B65-2BF1-4028-B1D0-0B3D513664AD}) (Version: 05.03.00.32 - Bentley Systems Inc.)
    STAAD.Pro V8i SELECTseries 4 (HKLM-x32\...\{9260B6A1-12FE-4912-A7C5-6AF7EB1FBA58}) (Version: 20.07.09.31 - Bentley Systems, Inc.)
    StrucLink for STAAD.Pro V8i (Build 20.13.3.14) (HKLM-x32\...\{74DB7277-BA51-450A-AB13-FC3EEFC688CE}) (Version: 20.13.3.14 - Bentley Systems, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
    Symantec Endpoint Protection (HKLM\...\{19B62EDC-C108-4393-B3F1-8A813096CC8E}) (Version: 12.1.1000.157 - Symantec Corporation)
    SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
    TAEG 2.1 (HKLM-x32\...\{20FB45A1-9987-412E-B2B0-485642D88914}) (Version: 1.0.0.0 - )
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
    toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
    Trimble Link Engine (HKLM-x32\...\{35554E51-3A67-43B8-B71F-7D77F2CC2950}) (Version:  - )
    Trimble Link Engine (HKLM-x32\...\Trimble Link Engine) (Version: 2.0.25.0 - Trimble Navigation Limited.)
    Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
    VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
    Visual Basic for Applications ® Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
    Visual Basic for Applications ® Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
    Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
    Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
    Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
    Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)
    Xobni (HKLM-x32\...\XobniMain) (Version: 2.0.4.13745 - Xobni Corp.)
    Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden

    ==================== Restore Points  =========================

    09-03-2014 00:56:25 Windows Update
    14-03-2014 14:07:09 Windows Update
    02-04-2014 21:28:45 Installed TAEG 2.1

    ==================== Hosts content: ==========================

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {01AD460B-0C3D-4589-9F2F-BB9DC410F457} - System32\Tasks\Amazon Music Helper => C:\Users\achutsell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2014-01-14] ()
    Task: {1DA5E820-440A-43CC-AC0A-B2A631C24DB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
    Task: {3DE8EEF5-5E2B-42A4-A458-CF847FB93EBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
    Task: {4B6BE1A9-38C6-4208-A6C7-49924EFA38B3} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
    Task: {623240F5-26D5-4FAE-8DA1-31085C1DC289} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-07-22] (Microsoft Corporation)
    Task: {674FAC39-6BC3-4AF6-911A-2013A52117BA} - System32\Tasks\Synctoy ENGR Backup => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
    Task: {6A236673-1F9E-4EF2-AC92-37F68355092F} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
    Task: {91854639-1875-48D8-B495-7FED36CD2118} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {fd833658-f4c7-4bce-a09d-c020d1a91cdf} achutsell.VaughnMelton.com => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-09-25] (Microsoft Corporation)
    Task: {A74EA23F-5BCD-473E-A280-E15FE793C75B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-09-25] (Microsoft Corporation)
    Task: {A8DE7CFF-DA12-46CD-8AAE-B3D14DDCD693} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2013-09-25] (Microsoft Corporation)
    Task: {DD4601EA-1AA4-45F8-B6E3-7266E913215E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-09-25] (Microsoft Corporation)
    Task: {F03BD1F1-34BF-4584-9987-2DD75A37EF8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2008-08-05 02:07 - 2008-08-05 02:07 - 00064704 _____ () C:\Windows\System32\PDFreDirectMon64.dll
    2013-03-11 11:05 - 2013-03-11 11:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    2013-03-11 11:04 - 2013-03-11 11:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
    2012-05-11 10:47 - 2012-05-11 10:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_ENU.dll
    2013-09-25 15:41 - 2013-07-15 03:14 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
    2013-09-25 15:41 - 2013-07-22 00:25 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
    2013-09-25 15:41 - 2013-07-15 03:15 - 00612520 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
    2012-03-12 10:11 - 2012-03-12 10:11 - 00069632 ____R () c:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
    2013-09-18 06:53 - 2013-04-29 21:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-09-30 17:02 - 2014-01-14 15:46 - 03140608 _____ () C:\Users\achutsell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    2013-09-25 15:48 - 2013-09-25 15:48 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2011-12-07 15:43 - 2010-02-21 20:30 - 01858560 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ricA4FUR.dll
    2013-09-25 16:45 - 2013-09-25 16:45 - 01118720 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\IPSPrintDrvUI.dll
    2009-08-23 13:24 - 2009-08-23 13:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2013-09-18 06:53 - 2013-04-29 23:53 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
    2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
    2013-03-12 07:26 - 2013-03-12 07:26 - 19345408 _____ () C:\SProV8i\STAAD\SProSTAAD\SProSTAAD.exe
    2012-03-12 10:09 - 2012-03-12 10:09 - 00068704 ____R () C:\Program Files (x86)\MegaRAID Storage Manager\Framework\Authenticate.dll
    2012-03-12 10:10 - 2012-03-12 10:10 - 00802885 ____R () C:\Program Files (x86)\MegaRAID Storage Manager\Framework\CIMPlugin.dll
    2012-03-12 10:09 - 2012-03-12 10:09 - 00172032 ____R () C:\Program Files (x86)\MegaRAID Storage Manager\Framework\storelibirjni.dll
    2012-03-12 10:09 - 2012-03-12 10:09 - 00172032 ____R () C:\Program Files (x86)\MegaRAID Storage Manager\Framework\storelibjni.dll
    2013-09-25 15:42 - 2013-09-25 15:48 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2013-09-25 15:42 - 2013-09-25 15:45 - 00121920 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
    2013-09-25 15:42 - 2013-09-25 15:42 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
    2013-09-25 15:42 - 2013-09-25 15:42 - 00359080 _____ () C:\Program Files\Microsoft Office 15\root\Office15\c2r32.dll
    2010-07-15 13:48 - 2010-07-15 13:48 - 00005632 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.PowerPlatform.FeatureAspects.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00176128 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.MicroStation.Templates.Support.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00008192 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.TaskNavigation.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00049152 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.PropertyManager.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00090112 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.PointCloud.resources.dll
    2010-07-15 13:33 - 2010-07-15 13:33 - 00010240 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.UI.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00036864 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.RasterManager.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00008192 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.RasterPropertiesEnabler.resources.dll
    2010-07-15 13:33 - 2010-07-15 13:33 - 00073728 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.ECObjects.2.0.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00010752 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.ViewAttributesDialog.resources.dll
    2013-10-07 15:21 - 2013-10-07 15:21 - 01777664 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 01224192 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 00290816 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGUtils.DLL
    2013-10-07 15:24 - 2013-10-07 15:24 - 00631808 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 01393664 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 00751104 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 03105280 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 00059392 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 00519168 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
    2013-10-07 15:52 - 2013-10-07 15:52 - 17652224 _____ () C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 00726016 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 01050624 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll
    2013-10-07 15:32 - 2013-10-07 15:32 - 00015872 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll
    2013-10-07 15:21 - 2013-10-07 15:21 - 07877632 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll
    2013-10-07 15:21 - 2013-10-07 15:21 - 06174208 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll
    2013-10-07 15:21 - 2013-10-07 15:21 - 00518656 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll
    2013-10-07 15:28 - 2013-10-07 15:28 - 00086528 _____ () C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll
    2013-10-07 15:21 - 2013-10-07 15:21 - 00018944 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll
    2013-10-07 15:21 - 2013-10-07 15:21 - 00158208 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll
    2013-10-07 15:24 - 2013-10-07 15:24 - 00145408 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
    2013-09-25 15:42 - 2013-09-25 15:42 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2013-09-25 15:42 - 2013-09-25 15:42 - 00359080 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
    2013-09-25 15:42 - 2013-09-25 15:48 - 08866472 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00007680 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\ElementInfo.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00003584 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\bentley.designexplorer.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00036864 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\bentley.designexplorer.elementexplorer.resources.dll
    2010-07-15 13:32 - 2010-07-15 13:32 - 00151552 _____ () C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\en\Bentley.MicroStation.PrintFoundation.resources.dll
    2013-09-25 15:42 - 2013-09-25 15:42 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2013-09-25 15:42 - 2013-09-25 15:42 - 00359080 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
    2009-08-23 13:58 - 2009-08-23 13:58 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2005-10-22 17:35 - 2005-10-22 17:35 - 01855488 _____ () C:\Program Files (x86)\PDF reDirect\bin\gsdll32.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 02792448 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\MathDllSE.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 00058368 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\CEngEfi.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00170496 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\EfiUtils.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 00340480 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\efi.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00208896 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\matrix.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00032256 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\NewMsg.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00018944 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\McXML.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00153600 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\spellchkMD.dll
    2013-09-26 15:20 - 1998-11-10 12:04 - 00433152 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\CEngCoreSE.DLL
    2013-09-26 15:20 - 1998-11-05 09:35 - 00235520 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\ResDllSE.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00143872 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\GarbCol.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00047616 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\funcman.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00112128 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\diffeq.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 00053248 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\fft.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00158208 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\ImExport.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00095744 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\integration.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 00060416 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\plot.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00024576 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\polynomials.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00023040 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\rootfinder.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00084992 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\SpecialFunctions.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00374272 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\statistical.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 00087552 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\SolverSE.dll
    2013-09-26 15:20 - 1998-11-05 09:35 - 00175616 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\FRONTMIP.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 00138240 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\CEngFront.dll
    2013-09-26 15:20 - 1998-11-10 10:31 - 00214016 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\MapleEng.dll
    2013-09-26 15:20 - 1998-11-03 15:43 - 00439808 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\liboem.dll
    2013-09-26 15:20 - 1998-11-03 15:43 - 00503296 _____ () C:\Program Files (x86)\MathSoft\Mathcad 8\MKERNEL.dll
    2014-02-05 10:53 - 2014-02-05 10:53 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
    2014-02-05 10:53 - 2014-02-05 10:53 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
    2014-02-05 10:53 - 2014-02-05 10:53 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
    2012-11-29 11:46 - 2012-11-29 11:46 - 04476998 _____ () C:\SProV8i\STAAD\dbSectionInterface.dll
    2009-05-18 10:35 - 2009-05-18 10:35 - 00069696 _____ () C:\SProV8i\STAAD\REIOpenGLLib.dll
    2010-08-09 10:24 - 2010-08-09 10:24 - 00131138 _____ () C:\SProV8i\STAAD\GetPlateStress.dll
    2008-05-12 10:01 - 2008-05-12 10:01 - 00028740 _____ () C:\SProV8i\STAAD\DiffUtils.dll
    2011-05-05 15:22 - 2011-05-05 15:22 - 00065536 _____ () C:\SProV8i\STAAD\SPROHELP.dll
    2008-05-20 14:45 - 2008-05-20 14:45 - 00106556 _____ () C:\SProV8i\STAAD\SurfMesh.dll
    2010-01-22 16:20 - 2010-01-22 16:20 - 00159812 _____ () C:\SProV8i\STAAD\TransferForceDLL.dll
    2008-05-12 10:10 - 2008-05-12 10:10 - 00094208 _____ () C:\SProV8i\STAAD\ZipArchiveInterface.dll
    2011-09-27 23:12 - 2011-09-27 23:12 - 00045056 _____ () C:\SProV8i\STAAD\SPROSECTION.dll
    2010-09-02 14:30 - 2010-09-02 14:30 - 00028672 _____ () C:\SProV8i\STAAD\XMLWriter.dll
    2012-04-02 12:01 - 2012-04-02 12:01 - 00065536 _____ () C:\SProV8i\STAAD\QueryDB.dll
    2009-05-18 10:35 - 2009-05-18 10:35 - 00090171 _____ () C:\SProV8i\STAAD\LoadGen.dll
    2011-09-12 15:36 - 2011-09-12 15:36 - 01028159 _____ () C:\SProV8i\STAAD\IBCSpectrum.dll
    2008-05-14 11:43 - 2008-05-14 11:43 - 00080963 _____ () C:\SProV8i\STAAD\CrashRpt.dll
    1998-07-12 00:13 - 1998-07-12 00:13 - 00053760 _____ () C:\SProV8i\STAAD\zlib.dll
    2008-05-12 10:00 - 2008-05-12 10:00 - 00045126 _____ () C:\SProV8i\STAAD\DbInterface.dll
    2010-02-04 11:54 - 2010-02-04 11:54 - 00118858 _____ () C:\SProV8i\STAAD\Plugins\LoadAttributes.dll
    2014-03-20 10:18 - 2014-03-20 10:18 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-03-07 14:55 - 2014-03-07 14:55 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
    2013-09-25 15:44 - 2013-09-25 15:46 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2013-06-18 14:36 - 2013-06-18 14:36 - 00004608 _____ () C:\Program Files (x86)\Xobni\ManagedAggregator.dll
    2013-06-18 14:39 - 2013-06-18 14:39 - 00063096 _____ () C:\Program Files (x86)\Xobni\XobniMainConnector.dll
    2013-09-26 13:01 - 2013-09-26 13:01 - 00003072 _____ () C:\Windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\Extensibility.dll
    2014-03-08 06:22 - 2014-03-08 06:22 - 01028608 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\b1b034570a758dabaf2bc2dcf38ee44b\Microsoft.Office.Interop.Outlook.ni.dll
    2013-06-18 14:38 - 2013-06-18 14:38 - 00045056 _____ () C:\Program Files (x86)\Xobni\XobniFailsafeUpdateChecker.dll
    2014-03-08 06:22 - 2014-03-08 06:22 - 01122304 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\338ecd9323fc6e46a1883e10f93c3e16\Xobni.XMapiAccessor.ni.dll
    2013-09-26 13:01 - 2013-09-26 13:01 - 00516096 _____ () C:\Windows\assembly\GAC_32\Xobni.XMapiAccessor\2.0.4.13745__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll
    2013-09-26 13:01 - 2012-03-21 08:46 - 00904704 _____ () C:\Program Files (x86)\Xobni\System.Data.SQLite.dll
    2014-03-08 06:22 - 2014-03-08 06:22 - 00506880 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\office\8944520a90167b172d1ed31e45a78bb1\office.ni.dll
    2014-03-08 06:22 - 2014-03-08 06:22 - 00438272 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\39fff9695ea8703a34ff0b76be89ceeb\LinqBridge.ni.dll
    2013-06-18 14:36 - 2013-06-18 14:36 - 00125440 _____ () C:\Program Files (x86)\Xobni\WindowDriver.dll
    2012-11-29 11:46 - 2012-11-29 11:46 - 04476998 _____ () C:\SProV8i\STAAD\SProSTAAD\dbSectionInterface.dll
    2008-05-28 17:05 - 2008-05-28 17:05 - 00106572 _____ () C:\SProV8i\STAAD\SProSTAAD\SurfMeshEngine.dll
    2013-10-04 12:43 - 2007-04-16 15:50 - 00163840 _____ () C:\Program Files (x86)\IZArc\unrar3.dll
    2013-10-04 12:43 - 2006-03-05 23:28 - 00517120 _____ () C:\Program Files (x86)\IZArc\7-zip32.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/07/2014 02:17:37 PM) (Source: Application Hang) (User: )
    Description: The program Staadpro.exe version 20.7.8.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 5fd0

    Start Time: 01cf5044d6a4f742

    Termination Time: 152

    Application Path: C:\SProV8i\STAAD\Staadpro.exe

    Report Id: d388d9f0-be80-11e3-ba0b-b8ca3aa78c06

    Error: (04/04/2014 10:07:28 PM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
    Faulting module name: Scxpx86.dll, version: 12.2.0.5, time stamp: 0x5316a8b4
    Exception code: 0xc00000fd
    Fault offset: 0x000293d9
    Faulting process id: 0x5154
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (04/04/2014 08:44:24 PM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
    Faulting module name: JitV.dll, version: 0.0.0.0, time stamp: 0x509a3a7d
    Exception code: 0xc00000fd
    Fault offset: 0x0000b8a5
    Faulting process id: 0x1340
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (04/04/2014 01:08:00 PM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
    Faulting module name: Scxpx86.dll, version: 12.2.0.5, time stamp: 0x5316a8b4
    Exception code: 0xc00000fd
    Fault offset: 0x0002ddc6
    Faulting process id: 0x7084
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (04/02/2014 09:30:36 PM) (Source: Application Error) (User: )
    Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4535.1004, time stamp: 0x5212ff76
    Faulting module name: OUTLOOK.EXE, version: 15.0.4535.1004, time stamp: 0x5212ff76
    Exception code: 0xc0000005
    Fault offset: 0x00ac5fb5
    Faulting process id: 0x72c0
    Faulting application start time: 0xOUTLOOK.EXE0
    Faulting application path: OUTLOOK.EXE1
    Faulting module path: OUTLOOK.EXE2
    Report Id: OUTLOOK.EXE3

    Error: (04/02/2014 09:27:17 PM) (Source: Application Error) (User: )
    Description: Faulting application name: OUTLOOK.EXE, version: 15.0.4535.1004, time stamp: 0x5212ff76
    Faulting module name: OUTLOOK.EXE, version: 15.0.4535.1004, time stamp: 0x5212ff76
    Exception code: 0xc0000005
    Fault offset: 0x00ac5fb5
    Faulting process id: 0x166c
    Faulting application start time: 0xOUTLOOK.EXE0
    Faulting application path: OUTLOOK.EXE1
    Faulting module path: OUTLOOK.EXE2
    Report Id: OUTLOOK.EXE3

    Error: (04/02/2014 08:14:19 PM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
    Faulting module name: AppvIsvSubsystems32.dll, version: 5.151.36.0, time stamp: 0x515df0ba
    Exception code: 0xc00000fd
    Fault offset: 0x000304db
    Faulting process id: 0x5e80
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (04/01/2014 02:17:54 PM) (Source: Application Error) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
    Exception code: 0xc0000005
    Fault offset: 0x00000000000257d5
    Faulting process id: 0x1224
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (04/01/2014 09:13:58 AM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
    Faulting module name: JitV.dll, version: 0.0.0.0, time stamp: 0x509a3a7d
    Exception code: 0xc00000fd
    Fault offset: 0x0000b8b3
    Faulting process id: 0x68a0
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3

    Error: (03/31/2014 04:56:57 PM) (Source: Application Error) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16521, time stamp: 0x53114399
    Faulting module name: AppvIsvSubsystems32.dll, version: 5.151.36.0, time stamp: 0x515df0ba
    Exception code: 0xc00000fd
    Fault offset: 0x000304fd
    Faulting process id: 0x55f4
    Faulting application start time: 0xIEXPLORE.EXE0
    Faulting application path: IEXPLORE.EXE1
    Faulting module path: IEXPLORE.EXE2
    Report Id: IEXPLORE.EXE3


    System errors:
    =============
    Error: (03/14/2014 05:08:22 PM) (Source: Service Control Manager) (User: )
    Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (03/14/2014 05:08:22 PM) (Source: Service Control Manager) (User: )
    Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (03/14/2014 05:08:19 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (03/14/2014 05:08:18 PM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (03/12/2014 04:14:50 PM) (Source: NETLOGON) (User: )
    Description: This computer was not able to set up a secure session with a domain
    controller in domain VAUGHNMELTON due to the following:
    %%1311

    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.



    ADDITIONAL INFO

    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.

    Error: (03/12/2014 08:03:09 AM) (Source: Service Control Manager) (User: )
    Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (03/12/2014 08:03:09 AM) (Source: Service Control Manager) (User: )
    Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (03/12/2014 08:03:05 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (03/12/2014 08:03:04 AM) (Source: Microsoft-Windows-TaskScheduler) (User: NT AUTHORITY)
    Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Error: (03/10/2014 10:54:10 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.


    Microsoft Office Sessions:
    =========================
    Error: (04/07/2014 02:17:37 PM) (Source: Application Hang)(User: )
    Description: Staadpro.exe20.7.8.05fd001cf5044d6a4f742152C:\SProV8i\STAAD\Staadpro.exed388d9f0-be80-11e3-ba0b-b8ca3aa78c06

    Error: (04/04/2014 10:07:28 PM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE11.0.9600.1652153114399Scxpx86.dll12.2.0.55316a8b4c00000fd000293d9515401cf50287eb19eb2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20140404.001\Scxpx86.dll0915fe73-bc67-11e3-ba0b-b8ca3aa78c06

    Error: (04/04/2014 08:44:24 PM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE11.0.9600.1652153114399JitV.dll0.0.0.0509a3a7dc00000fd0000b8a5134001cf4f7f8b6fa4dfC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft Office 15\root\Office15\JitV.dll6e5d8cf2-bc5b-11e3-ba0b-b8ca3aa78c06

    Error: (04/04/2014 01:08:00 PM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE11.0.9600.1652153114399Scxpx86.dll12.2.0.55316a8b4c00000fd0002ddc6708401cf4ed2e3a84e4aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20140403.001\Scxpx86.dllac7eced2-bc1b-11e3-ba0b-b8ca3aa78c06

    Error: (04/02/2014 09:30:36 PM) (Source: Application Error)(User: )
    Description: OUTLOOK.EXE15.0.4535.10045212ff76OUTLOOK.EXE15.0.4535.10045212ff76c000000500ac5fb572c001cf4edbe74f6e3aC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE8dce721a-bacf-11e3-ba0b-b8ca3aa78c06

    Error: (04/02/2014 09:27:17 PM) (Source: Application Error)(User: )
    Description: OUTLOOK.EXE15.0.4535.10045212ff76OUTLOOK.EXE15.0.4535.10045212ff76c000000500ac5fb5166c01cf41fa308068adC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE1763a82a-bacf-11e3-ba0b-b8ca3aa78c06

    Error: (04/02/2014 08:14:19 PM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE11.0.9600.1652153114399AppvIsvSubsystems32.dll5.151.36.0515df0bac00000fd000304db5e8001cf4dac4b61a761C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft Office 15\root\Office15\AppvIsvSubsystems32.dlle5fff6da-bac4-11e3-ba0b-b8ca3aa78c06

    Error: (04/01/2014 02:17:54 PM) (Source: Application Error)(User: )
    Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000500000000000257d5122401cf41e1f06dbb25C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dllf1444f02-b9c9-11e3-ba0b-b8ca3aa78c06

    Error: (04/01/2014 09:13:58 AM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE11.0.9600.1652153114399JitV.dll0.0.0.0509a3a7dc00000fd0000b8b368a001cf4ce6bed37fcdC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft Office 15\root\Office15\JitV.dll7b90e361-b99f-11e3-ba0b-b8ca3aa78c06

    Error: (03/31/2014 04:56:57 PM) (Source: Application Error)(User: )
    Description: IEXPLORE.EXE11.0.9600.1652153114399AppvIsvSubsystems32.dll5.151.36.0515df0bac00000fd000304fd55f401cf4a967589bda9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Microsoft Office 15\root\Office15\AppvIsvSubsystems32.dllfe70b2fd-b916-11e3-ba0b-b8ca3aa78c06


    CodeIntegrity Errors:
    ===================================
      Date: 2014-03-17 09:08:30.492
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-14 17:08:03.180
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-12 08:02:58.460
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-07 14:14:45.372
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-03-07 14:05:18.349
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-01-27 09:01:16.534
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-01-27 08:36:30.934
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2014-01-03 10:13:00.795
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-12-17 08:44:39.506
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

      Date: 2013-12-17 08:35:25.020
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 43%
    Total physical RAM: 16309.73 MB
    Available physical RAM: 9246.52 MB
    Total Pagefile: 32617.65 MB
    Available Pagefile: 24101.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:464.48 GB) (Free:171.83 GB) NTFS
    Drive f: () (Removable) (Total:1.86 GB) (Free:0.52 GB) FAT
    Drive k: (DATAPART2) (Network) (Total:272.23 GB) (Free:4.23 GB) NTFS
    Drive o: (DATAPART2) (Network) (Total:272.23 GB) (Free:4.23 GB) NTFS
    Drive r: (DATAPART1) (Network) (Total:115.91 GB) (Free:95.35 GB) NTFS
    Drive x: (Data) (Network) (Total:3663.09 GB) (Free:3429.16 GB) NTFS
    Drive y: (New Volume) (Network) (Total:930.52 GB) (Free:239.36 GB) NTFS
    Drive z: (Tennessee Archives) (Network) (Total:3663.09 GB) (Free:3429.16 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465 GB) (Disk ID: E83DB389)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 2 GB) (Disk ID: 48A048A0)
    Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

    ==================== End Of Log ============================


    • 0

    #7
    majorlag

    majorlag

      Member

    • Topic Starter
    • Member
    • PipPip
    • 70 posts

    Sorry, that was Addition.txt.  Here is FRST:

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
    Ran by achutsell (administrator) on ACHUTSELL on 07-04-2014 17:19:38
    Running from C:\Users\achutsell\Desktop\Cleanup Aisle 5
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    (Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
    (Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    () c:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
    (Sun Microsystems, Inc.) c:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    () C:\Users\achutsell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Sun Microsystems, Inc.) c:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\java.exe
    (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
    (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
    (Bentley Systems Inc.) C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\ustation.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\KACE\AMPAgent.exe
    (Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
    (Aplin Software) C:\Windows\System32\Safekeys\Neo's SafeKeys v3.exe
    (Bentley Systems, Inc.) C:\BentleyV8\Program\MicroStation\ustation.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
    (Bentley Systems Inc.) C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\ustation.exe
    (Bentley Systems Inc.) C:\Program Files (x86)\Bentley\MicroStation V8i (SELECTseries)\MicroStation\ustation.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
    (Kansas Department of Transportation (KDOT)) C:\Program Files (x86)\TAEG 2.1\TAEG 2.1.exe
    (Microsoft Corporation) C:\Windows\system32\SnippingTool.exe
    (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
    (Bentley Systems Inc.) C:\Program Files (x86)\Common Files\Bentley Shared\IEG\IEGLCS\BAppMon.exe
    (EXP Systems LLC) C:\Program Files (x86)\PDF reDirect\Capture.exe
    (EXP Systems LLC) C:\Program Files (x86)\PDF reDirect\PDF_reDirect.exe
    (MathSoft, Inc.) C:\Program Files (x86)\MathSoft\Mathcad 8\Mathcad.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    (NirSoft) C:\Users\achutsell\Documents\OLD Desktop\OLD COMPUTER\V&M\OLD C\Program Files\NirSoft\SmartSniff\smsniff.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    (Bentley Systems, Inc.) C:\SProV8i\STAAD\Staadpro.exe
    (Bentley Systems, Inc.) C:\SProV8i\STAAD\Staadpro.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
    (Microsoft Corporation) C:\Windows\system32\cmd.exe
    () C:\SProV8i\STAAD\SProSTAAD\SProSTAAD.exe
    (IZSoftware) C:\Program Files (x86)\IZArc\IZArc.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SymCorpUI.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SmcGui.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ProtectionUtilSurrogate.exe
    (Bentley Systems, Inc.) C:\SProV8i\STAAD\Staadpro.exe
    (OldTimer Tools) C:\Users\achutsell\Desktop\Cleanup Aisle 5\OTL.exe
    (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
    (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SavUI.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2716960 2013-04-29] ()
    HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NUSB3MON] - c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Popup] - c:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe [61440 2012-03-12] (LSI)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] - [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
    HKLM\...\Winlogon: [Userinit] C:\Windows\System32\KUsrInit.exe,
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
    Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
    HKU\S-1-5-21-2737030581-2526190988-2324023135-1135\...\Run: [Amazon Cloud Player] - C:\Users\achutsell\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
    HKU\S-1-5-21-2737030581-2526190988-2324023135-1135\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
    HKU\S-1-5-21-2737030581-2526190988-2324023135-1135\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe [841096 2014-03-07] (Adobe Systems Incorporated)
    Lsa: [Authentication Packages] msv1_0 wvauth
    Startup: C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\procexp.exe - Shortcut.lnk
    ShortcutTarget: procexp.exe - Shortcut.lnk -> C:\Windows\System32\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.connectv...Pages/Home.aspx
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    SearchScopes: HKLM - DefaultScope {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} URL = http://www.bing.com/...=IE10TR&pc=DCJB
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} URL = http://www.bing.com/...=IE10TR&pc=DCJB
    SearchScopes: HKLM-x32 - DefaultScope {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} URL = http://www.bing.com/...=IE10TR&pc=DCJB
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} URL = http://www.bing.com/...=IE10TR&pc=DCJB
    SearchScopes: HKCU - DefaultScope {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} URL =
    SearchScopes: HKCU - {520AAC53-8750-4AC6-A3D2-CFC22B5CD3C4} URL =
    BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
    DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} https://www.connectv...intCab&Arch=X86
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.3.199 192.168.100.27 204.97.212.10

    FireFox:
    ========
    FF ProfilePath: C:\Users\achutsell\AppData\Roaming\Mozilla\Firefox\Profiles\er59c11d.default
    FF Homepage: hxxp://www.bing.com/
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-25]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFF
    FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFF [2013-10-03]
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

    ==================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
    R2 AMPAgent; C:\Program Files (x86)\Dell\KACE\AMPAgent.exe [2872424 2013-11-12] (Dell Inc.)
    R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
    R2 MSMFramework; c:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe [69632 2012-03-12] ()
    R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1901752 2013-07-22] (Microsoft Corporation)
    R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [137224 2011-10-30] (Symantec Corporation)
    R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe [2594816 2011-10-30] (Symantec Corporation)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe [324016 2011-10-30] (Symantec Corporation)
    S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] ()
    R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.)
    S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)
    R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [63096 2013-06-18] (Xobni Corporation)

    ==================== Drivers (Whitelisted) ====================

    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20140319.011\BHDrvx64.sys [1525976 2014-04-01] (Symantec Corporation)
    R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20140404.001\IDSvia64.sys [525016 2014-03-25] (Symantec Corporation)
    R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1982952 2011-09-23] (Realtek Semiconductor Corp.)
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20140407.018\ENG64.SYS [126040 2013-10-14] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20140407.018\EX64.SYS [2099288 2013-10-14] (Symantec Corporation)
    R0 percsas2; C:\Windows\System32\drivers\percsas2.sys [51536 2012-11-14] (LSI Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS [678008 2011-10-30] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS [39032 2011-10-30] (Symantec Corporation)
    S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\SyDvCtrl64.sys [29664 2011-10-30] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [451192 2011-10-30] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [931448 2011-10-30] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2013-09-25] (Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [171128 2011-10-30] (Symantec Corporation)
    R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [386168 2011-10-30] (Symantec Corporation)
    R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [118768 2013-09-25] (Symantec Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-07 17:16 - 2014-04-07 17:19 - 00000000 ____D () C:\FRST
    2014-04-07 15:57 - 2014-04-07 15:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-04-07 15:54 - 2014-04-07 15:40 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\achutsell\Downloads\firefox.kas.exe
    2014-04-07 15:43 - 2014-04-07 15:44 - 04118841 _____ () C:\Users\achutsell\Downloads\tdsskiller (2).zip
    2014-04-07 15:33 - 2014-04-07 15:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\achutsell\Downloads\iexplore.kas.exe
    2014-04-07 15:14 - 2014-04-07 15:14 - 00000000 ____D () C:\Users\achutsell\Desktop\OTL 4.7.2014
    2014-04-07 13:04 - 2014-04-07 13:05 - 88551496 _____ (AVAST Software) C:\Users\achutsell\Downloads\avast_free_antivirus_setup.exe
    2014-04-07 08:56 - 2014-04-07 08:56 - 00000000 ____D () C:\ProgramData\Panda Security
    2014-04-07 08:55 - 2014-04-07 08:55 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
    2014-04-07 08:55 - 2014-04-07 08:55 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
    2014-04-06 19:01 - 2014-04-06 19:01 - 01729021 _____ (Igor Pavlov) C:\Users\achutsell\Downloads\staad.pro_verification_v20_07_09.exe
    2014-04-06 19:01 - 2013-01-26 12:43 - 00000000 ____D () C:\Users\achutsell\Downloads\Spro Verificaiton Manual SS4
    2014-04-06 14:29 - 2014-04-07 17:19 - 00000000 ____D () C:\Users\achutsell\Desktop\Cleanup Aisle 5
    2014-04-05 21:49 - 2014-04-07 17:19 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
    2014-04-02 17:29 - 2014-04-03 12:14 - 00000000 ____D () C:\Program Files (x86)\TAEG 2.1
    2014-04-02 17:29 - 2014-04-02 17:29 - 00002895 _____ () C:\Users\achutsell\Desktop\TAEG 2.1.lnk
    2014-04-02 17:29 - 2014-04-02 17:29 - 00000000 ____D () C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TAEG 2.1
    2014-03-25 16:24 - 2014-03-25 16:31 - 01907741 _____ () C:\Users\achutsell\Desktop\CNK244_Concrete.mcd
    2014-03-21 17:11 - 2014-03-21 17:11 - 00029403 _____ () C:\Users\achutsell\Desktop\Copy of Westland Drive Drainage  Bridge Impr Bid Comparison.xlsx
    2014-03-20 10:18 - 2014-03-20 10:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-12 10:04 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-03-12 10:04 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-03-12 10:04 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-03-12 10:04 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-03-12 10:04 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-03-12 10:04 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-03-12 10:04 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-03-12 10:04 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-03-12 10:04 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-03-12 10:04 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-03-12 10:04 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-03-12 10:04 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-03-12 10:04 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-03-12 10:04 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-03-12 10:04 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-03-12 10:04 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-03-12 10:04 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-03-12 10:04 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-03-12 10:04 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-03-12 10:04 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-03-12 10:04 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-03-12 10:04 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-03-12 10:04 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-03-12 10:04 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-03-12 10:04 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-03-12 10:04 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-03-12 10:04 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-03-12 10:04 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-03-12 10:04 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-03-12 10:04 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-03-12 10:04 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-03-12 10:04 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-03-12 10:04 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-03-12 10:04 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-03-12 10:04 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-03-12 10:04 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-03-12 10:04 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-03-12 10:04 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-03-12 10:04 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-03-12 10:04 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-03-12 10:04 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-03-12 10:04 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-03-12 10:04 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-03-12 10:04 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-03-12 10:04 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-03-12 10:04 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-03-12 10:04 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2014-03-12 10:04 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2014-03-11 09:29 - 2014-03-12 07:50 - 00000000 ____D () C:\Users\achutsell\AppData\Roaming\Notepad++
    2014-03-11 09:29 - 2014-03-11 09:29 - 07624808 _____ () C:\Users\achutsell\Downloads\npp.6.5.5.Installer.exe
    2014-03-11 09:29 - 2014-03-11 09:29 - 00000000 ____D () C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2014-03-11 09:29 - 2014-03-11 09:29 - 00000000 ____D () C:\Program Files (x86)\Notepad++
    2014-03-10 11:00 - 2014-03-10 11:00 - 00137909 _____ () C:\Users\achutsell\Desktop\MS Detailer.zip

    ==================== One Month Modified Files and Folders =======

    2014-04-07 17:19 - 2014-04-07 17:16 - 00000000 ____D () C:\FRST
    2014-04-07 17:19 - 2014-04-06 14:29 - 00000000 ____D () C:\Users\achutsell\Desktop\Cleanup Aisle 5
    2014-04-07 17:19 - 2014-04-05 21:49 - 00005014 _____ () C:\Windows\System32\Tasks\WSCEAA
    2014-04-07 17:13 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-04-07 17:13 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-04-07 16:35 - 2013-09-25 14:36 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
    2014-04-07 15:57 - 2014-04-07 15:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-04-07 15:44 - 2014-04-07 15:43 - 04118841 _____ () C:\Users\achutsell\Downloads\tdsskiller (2).zip
    2014-04-07 15:40 - 2014-04-07 15:54 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\achutsell\Downloads\firefox.kas.exe
    2014-04-07 15:34 - 2014-04-07 15:33 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\achutsell\Downloads\iexplore.kas.exe
    2014-04-07 15:22 - 2013-10-01 15:47 - 00000000 ____D () C:\Users\achutsell\Documents\ACH
    2014-04-07 15:14 - 2014-04-07 15:14 - 00000000 ____D () C:\Users\achutsell\Desktop\OTL 4.7.2014
    2014-04-07 14:45 - 2013-09-18 06:47 - 01146716 _____ () C:\Windows\WindowsUpdate.log
    2014-04-07 13:05 - 2014-04-07 13:04 - 88551496 _____ (AVAST Software) C:\Users\achutsell\Downloads\avast_free_antivirus_setup.exe
    2014-04-07 12:27 - 2013-12-19 21:20 - 00001092 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-04-07 08:56 - 2014-04-07 08:56 - 00000000 ____D () C:\ProgramData\Panda Security
    2014-04-07 08:55 - 2014-04-07 08:55 - 00003072 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
    2014-04-07 08:55 - 2014-04-07 08:55 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
    2014-04-06 19:01 - 2014-04-06 19:01 - 01729021 _____ (Igor Pavlov) C:\Users\achutsell\Downloads\staad.pro_verification_v20_07_09.exe
    2014-04-06 12:22 - 2009-07-13 22:34 - 00000480 _____ () C:\Windows\win.ini
    2014-04-06 11:26 - 2014-02-05 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
    2014-04-06 10:38 - 2013-12-30 15:13 - 00001409 _____ () C:\Windows\SysWOW64\HydrainW.fot
    2014-04-03 12:14 - 2014-04-02 17:29 - 00000000 ____D () C:\Program Files (x86)\TAEG 2.1
    2014-04-02 17:29 - 2014-04-02 17:29 - 00002895 _____ () C:\Users\achutsell\Desktop\TAEG 2.1.lnk
    2014-04-02 17:29 - 2014-04-02 17:29 - 00000000 ____D () C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TAEG 2.1
    2014-04-01 15:08 - 2013-10-11 16:27 - 00005006 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {fd833658-f4c7-4bce-a09d-c020d1a91cdf} achutsell.VaughnMelton.com
    2014-03-27 11:35 - 2013-09-30 15:02 - 00000000 ____D () C:\Users\achutsell\AppData\Local\Paint.NET
    2014-03-25 16:31 - 2014-03-25 16:24 - 01907741 _____ () C:\Users\achutsell\Desktop\CNK244_Concrete.mcd
    2014-03-25 11:39 - 2009-07-14 01:13 - 00802594 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-03-25 11:37 - 2014-02-02 02:00 - 00001756 _____ () C:\Windows\setupact.log
    2014-03-24 16:09 - 2014-03-02 14:09 - 00032256 _____ () C:\Users\achutsell\Desktop\Stand.dgn
    2014-03-24 09:17 - 2013-09-26 08:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-21 17:11 - 2014-03-21 17:11 - 00029403 _____ () C:\Users\achutsell\Desktop\Copy of Westland Drive Drainage  Bridge Impr Bid Comparison.xlsx
    2014-03-20 10:18 - 2014-03-20 10:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-03-18 10:15 - 2013-09-18 06:56 - 00000000 ____D () C:\Program Files (x86)\Dell
    2014-03-17 09:52 - 2013-09-25 15:13 - 00000000 ____D () C:\BentleyV8
    2014-03-14 17:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-03-14 17:07 - 2009-07-14 00:45 - 00602120 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-03-14 17:06 - 2013-09-25 16:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-03-14 17:06 - 2013-09-25 16:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-03-14 10:10 - 2013-09-25 14:07 - 00000000 ____D () C:\Windows\system32\MRT
    2014-03-14 10:09 - 2013-09-25 14:07 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-03-12 07:50 - 2014-03-11 09:29 - 00000000 ____D () C:\Users\achutsell\AppData\Roaming\Notepad++
    2014-03-11 09:29 - 2014-03-11 09:29 - 07624808 _____ () C:\Users\achutsell\Downloads\npp.6.5.5.Installer.exe
    2014-03-11 09:29 - 2014-03-11 09:29 - 00000000 ____D () C:\Users\achutsell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
    2014-03-11 09:29 - 2014-03-11 09:29 - 00000000 ____D () C:\Program Files (x86)\Notepad++
    2014-03-10 11:00 - 2014-03-10 11:00 - 00137909 _____ () C:\Users\achutsell\Desktop\MS Detailer.zip
    2014-03-08 22:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-03-08 20:57 - 2011-02-10 10:33 - 00796970 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

    Some content of TEMP:
    ====================
    C:\Users\achutsell\AppData\Local\Temp\xmlUpdater.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-18 04:24

    ==================== End Of Log ============================


    • 0

    #8
    majorlag

    majorlag

      Member

    • Topic Starter
    • Member
    • PipPip
    • 70 posts

    Process explorer output:

     

     

     

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    System Idle Process    66.66    0 K    24 K    0            
    SProStaad.exe    24.83    723,672 K    495,956 K    29772    SProStaad MFC Application        
    procexp64.exe    2.55    29,832 K    54,224 K    10796    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
    wmplayer.exe    0.71    70,172 K    89,300 K    22068    Windows Media Player    Microsoft Corporation    
    FlashPlayerPlugin_12_0_0_70.exe    0.64    93,916 K    97,816 K    30356    Adobe Flash Player 12.0 r0    Adobe Systems, Inc.    
    plugin-container.exe    0.55    26,536 K    34,268 K    5216    Plugin Container for Firefox    Mozilla Corporation    
    audiodg.exe    0.42    33,988 K    31,300 K    5508    Windows Audio Device Graph Isolation     Microsoft Corporation    
    firefox.exe    0.33    486,764 K    523,724 K    22688    Firefox    Mozilla Corporation    
    System    0.29    240 K    1,688 K    4            
    csrss.exe    0.27    37,840 K    26,508 K    544    Client Server Runtime Process    Microsoft Corporation    
    Staadpro.exe    0.27    145,840 K    187,928 K    15504    Staadpro Executable    Bentley Systems, Inc.    
    taskmgr.exe    0.27    4,076 K    17,640 K    27268    Windows Task Manager    Microsoft Corporation    
    Interrupts    0.24    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    explorer.exe    0.23    198,096 K    192,532 K    30392    Windows Explorer    Microsoft Corporation    
    Smc.exe    0.16    20,420 K    9,172 K    1204    Symantec CMC Smc    Symantec Corporation    
    FlashPlayerPlugin_12_0_0_70.exe    0.15    5,288 K    17,100 K    29604    Adobe Flash Player 12.0 r0    Adobe Systems, Inc.    
    ustation.exe    0.13    304,668 K    94,500 K    6864    MicroStation V8i (SELECTseries 2)    Bentley Systems Inc.    
    googleearth.exe    0.13    449,280 K    26,260 K    7800    Google Earth    Google    
    ustation.exe    0.13    318,144 K    128,200 K    15864    MicroStation V8i (SELECTseries 2)    Bentley Systems Inc.    
    ustation.exe    0.10    219,960 K    83,820 K    14192    MicroStation V8i (SELECTseries 2)    Bentley Systems Inc.    
    smsniff.exe    0.09    10,588 K    17,384 K    31792    SmartSniff    NirSoft    
    Staadpro.exe    0.08    28,860 K    49,540 K    32060    Staadpro Executable    Bentley Systems, Inc.    
    ccSvcHst.exe    0.08    110,044 K    27,768 K    1688    Symantec Service Framework    Symantec Corporation    
    ustation.exe    0.08    50,532 K    12,304 K    16244    MicroStation for Windows x86    Bentley Systems, Inc.    
    SearchIndexer.exe    0.07    67,416 K    115,508 K    3156    Microsoft Windows Search Indexer    Microsoft Corporation    
    SymCorpUI.exe    0.06    8,420 K    28,080 K    12284    Symantec Endpoint Protection    Symantec Corporation    
    PDF_reDirect.exe    0.05    104,316 K    81,288 K    29440    User Interface for PDF reDirect    EXP Systems LLC    
    FRST64.exe    0.05    25,512 K    38,480 K    29828    Aut2Exe    Farbar    
    svchost.exe    0.04    48,368 K    60,656 K    464    Host Process for Windows Services    Microsoft Corporation    
    SearchProtocolHost.exe    0.03    3,968 K    9,540 K    19544    Microsoft Windows Search Protocol Host    Microsoft Corporation    
    SavUI.exe    0.03    3,868 K    14,436 K    1976    Symantec Endpoint Protection    Symantec Corporation    
    EXCEL.EXE    0.03    127,252 K    109,008 K    29012    Microsoft Excel    Microsoft Corporation    
    OUTLOOK.EXE    0.03    274,788 K    299,216 K    23520    Microsoft Outlook    Microsoft Corporation    
    wisptis.exe    0.03    3,596 K    5,272 K    31376    Microsoft Pen and Touch Input Component    Microsoft Corporation    
    svchost.exe    0.02    25,312 K    24,280 K    1012    Host Process for Windows Services    Microsoft Corporation    
    Neo's SafeKeys v3.exe    0.02    3,272 K    7,076 K    8752        Aplin Software    
    TeamViewer.exe    0.02    15,968 K    33,900 K    22612    TeamViewer 9    TeamViewer GmbH    
    dwm.exe    0.01    3,956 K    12,200 K    4044    Desktop Window Manager    Microsoft Corporation    
    java.exe    0.01    40,048 K    18,112 K    5544    Java™ Platform SE binary    Sun Microsystems, Inc.    
    Staadpro.exe    0.01    212,900 K    253,820 K    25828    Staadpro Executable    Bentley Systems, Inc.    
    SmcGui.exe    0.01    6,284 K    7,204 K    8624    Symantec CMC SmcGui    Symantec Corporation    
    SUPERANTISPYWARE.EXE    0.01    220,324 K    181,276 K    5356    SUPERAntiSpyware Application    SUPERAntiSpyware    
    javaw.exe    0.01    45,280 K    16,200 K    1600    Java™ Platform SE binary    Sun Microsystems, Inc.    
    svchost.exe    0.01    6,624 K    9,772 K    788    Host Process for Windows Services    Microsoft Corporation    
    splwow64.exe    < 0.01    40,752 K    71,588 K    6964    Print driver host for 32bit applications    Microsoft Corporation    
    nusb3mon.exe    < 0.01    2,484 K    1,940 K    5436    USB 3.0 Monitor    Renesas Electronics Corporation    
    TeamViewer_Service.exe    < 0.01    7,216 K    18,560 K    29356    TeamViewer 9    TeamViewer GmbH    
    WINWORD.EXE    < 0.01    87,336 K    56,280 K    15456    Microsoft Word    Microsoft Corporation    
    iexplore.exe    < 0.01    97,144 K    120,984 K    11548    Internet Explorer    Microsoft Corporation    
    lsass.exe    < 0.01    11,964 K    44,912 K    664    Local Security Authority Process    Microsoft Corporation    
    thunderbird.exe    < 0.01    133,060 K    167,892 K    29964    Thunderbird    Mozilla Corporation    
    Capture.exe    < 0.01    9,604 K    8,976 K    20300    Data Processor for PDF reDirect    EXP Systems LLC    
    OTL.exe    < 0.01    5,952 K    17,284 K    24144        OldTimer Tools    
    LMS.exe    < 0.01    4,384 K    2,620 K    2880    Local Manageability Service    Intel Corporation    
    SearchFilterHost.exe    < 0.01    3,004 K    7,044 K    32544    Microsoft Windows Search Filter Host    Microsoft Corporation    
    services.exe    < 0.01    8,044 K    14,048 K    656    Services and Controller app    Microsoft Corporation    
    SASCore64.exe    < 0.01    2,032 K    708 K    1720    Core Service    SUPERAntiSpyware.com    
    taskhost.exe    < 0.01    10,512 K    10,116 K    2252    Host Process for Windows Tasks    Microsoft Corporation    
    TAEG 2.1.exe    < 0.01    17,604 K    29,284 K    31076        Kansas Department of Transportation (KDOT)    
    IZArc.exe    < 0.01    11,400 K    22,680 K    27092    IZArc Archiver    IZSoftware    
    svchost.exe    < 0.01    35,812 K    16,048 K    1308    Host Process for Windows Services    Microsoft Corporation    
    ProtectionUtilSurrogate.exe    < 0.01    2,668 K    1,560 K    32044    Symantec Endpoint Protection    Symantec Corporation    
    tv_w32.exe    < 0.01    2,248 K    6,424 K    32404    TeamViewer 9    TeamViewer GmbH    
    integratedoffice.exe    < 0.01    29,896 K    21,792 K    1140    Microsoft Office Click-to-Run    Microsoft Corporation    
    XobniService.exe    < 0.01    21,596 K    11,564 K    2576    XobniService    Xobni Corporation    
    WLIDSVC.EXE    < 0.01    9,120 K    5,472 K    2480    Microsoft® Windows Live ID Service    Microsoft Corp.    
    svchost.exe    < 0.01    11,036 K    14,212 K    896    Host Process for Windows Services    Microsoft Corporation    
    tv_x64.exe    < 0.01    2,660 K    6,632 K    30196    TeamViewer 9    TeamViewer GmbH    
    Foxit Reader.exe    < 0.01    402,776 K    170,920 K    5144    Foxit Reader 4.3, Best Reader for Everyday Use!    Foxit Corporation    
    iexplore.exe    < 0.01    15,872 K    40,132 K    5692    Internet Explorer    Microsoft Corporation    
    Mathcad.exe    < 0.01    43,648 K    33,016 K    28732    Mathcad Application    MathSoft, Inc.    
    ccSvcHst.exe    < 0.01    6,920 K    4,204 K    2544    Symantec Service Framework    Symantec Corporation    
    SnippingTool.exe    < 0.01    4,220 K    2,448 K    28652    Snipping Tool    Microsoft Corporation    
    nvvsvc.exe    < 0.01    5,700 K    9,308 K    3900    NVIDIA Driver Helper Service, Version 320.09    NVIDIA Corporation    
    csrss.exe    < 0.01    2,744 K    9,860 K    476    Client Server Runtime Process    Microsoft Corporation    
    conhost.exe    < 0.01    1,820 K    5,348 K    15284    Console Window Host    Microsoft Corporation    
    AMPAgent.exe    < 0.01    65,564 K    13,812 K    7700    AMP Service    Dell Inc.    
    notepad.exe    < 0.01    2,188 K    7,548 K    2472    Notepad    Microsoft Corporation    
    notepad.exe    < 0.01    2,152 K    7,248 K    29528    Notepad    Microsoft Corporation    
    svchost.exe    < 0.01    10,992 K    20,620 K    320    Host Process for Windows Services    Microsoft Corporation    
    notepad.exe    < 0.01    2,192 K    7,284 K    30564    Notepad    Microsoft Corporation    
    notepad.exe    < 0.01    12,584 K    6,064 K    21588    Notepad    Microsoft Corporation    
    notepad.exe    < 0.01    2,244 K    7,400 K    31512    Notepad    Microsoft Corporation    
    notepad.exe    < 0.01    2,256 K    8,024 K    20512    Notepad    Microsoft Corporation    
    notepad.exe    < 0.01    2,152 K    7,368 K    32384    Notepad    Microsoft Corporation    
    spoolsv.exe    < 0.01    16,640 K    22,944 K    1476    Spooler SubSystem App    Microsoft Corporation    
    GoogleCrashHandler64.exe    < 0.01    2,428 K    756 K    996    Google Crash Handler    Google Inc.    
    WUDFHost.exe        6,716 K    9,004 K    3768    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    
    WmiPrvSE.exe        187,136 K    62,880 K    2748    WMI Provider Host    Microsoft Corporation    
    WmiPrvSE.exe        5,680 K    6,816 K    2788    WMI Provider Host    Microsoft Corporation    
    WLIDSVCM.EXE        1,964 K    672 K    2616    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    
    winlogon.exe        4,140 K    8,712 K    608    Windows Logon Application    Microsoft Corporation    
    wininit.exe        1,644 K    3,108 K    552    Windows Start-Up Application    Microsoft Corporation    
    WaveAMService.exe        4,856 K    3,680 K    2428    WaveAMService    Wave Systems Corp.    
    VivaldiFramework.exe        1,740 K    748 K    2932            
    USBVaccine.exe        5,816 K    1,336 K    20212    USB Vaccine    Panda Security    
    upeksvr.exe        4,732 K    21,320 K    4128    Fingerprint Server Process for Vista    Authentec Inc.    
    unsecapp.exe        2,328 K    1,732 K    4016    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    
    UNS.exe        7,028 K    4,608 K    1920    User Notification Service    Intel Corporation    
    TrustedInstaller.exe        296,988 K    37,908 K    1716    Windows Modules Installer    Microsoft Corporation    
    TdmService.exe        7,256 K    14,368 K    1512    TDM Service    Wave Systems Corp.    
    TdmNotify.exe        2,524 K    1,876 K    5296    Trusted Drive Manager User Notifier    Wave Systems Corp.    
    taskeng.exe        2,416 K    5,944 K    2412    Task Scheduler Engine    Microsoft Corporation    
    svchost.exe        7,932 K    7,444 K    1564    Host Process for Windows Services    Microsoft Corporation    
    svchost.exe        31,608 K    28,764 K    352    Host Process for Windows Services    Microsoft Corporation    
    svchost.exe        1,804 K    732 K    2028    Host Process for Windows Services    Microsoft Corporation    
    svchost.exe        7,052 K    7,336 K    1044    Host Process for Windows Services    Microsoft Corporation    
    svchost.exe        3,060 K    3,516 K    3452    Host Process for Windows Services    Microsoft Corporation    
    svchost.exe        13,924 K    10,668 K    1604    Host Process for Windows Services    Microsoft Corporation    
    svchost.exe        1,788 K    756 K    1596    Host Process for Windows Services    Microsoft Corporation    
    smss.exe        680 K    2,328 K    300    Windows Session Manager    Microsoft Corporation    
    RtDCpl64.exe        4,236 K    1,580 K    5280    HD Audio Control Panel    Realtek Semiconductor Corp.    
    procexp.exe        3,152 K    7,788 K    17468    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    
    pbadrvsvc.exe        2,012 K    972 K    1364    Dell Preboot Authentication Service    Dell, Inc.    
    nvxdsync.exe        8,228 K    23,152 K    3892    NVIDIA User Experience Driver Component    NVIDIA Corporation    
    nvvsvc.exe        3,384 K    4,864 K    856    NVIDIA Driver Helper Service, Version 320.09    NVIDIA Corporation    
    lsm.exe        4,176 K    3,596 K    672    Local Session Manager Service    Microsoft Corporation    
    jhi_service.exe        1,576 K    1,020 K    1988    Intel  IPT Host Interface Service    Intel Corporation    
    IPROSetMonitor.exe        2,096 K    692 K    1928    Intel® PROSet Monitoring Service    Intel Corporation    
    GoogleCrashHandler.exe        1,924 K    988 K    1068    Google Crash Handler    Google Inc.    
    EmbassyServer.exe        4,344 K    6,184 K    1876    EmbassyServer Application        
    cmd.exe        2,396 K    828 K    2960    Windows Command Processor    Microsoft Corporation    
    cmd.exe        2,736 K    3,736 K    32096    Windows Command Processor    Microsoft Corporation    
    BAppMon.exe        2,500 K    4,360 K    12976    Bentley IEG Application Monitor    Bentley Systems Inc.    
    armsvc.exe        1,536 K    1,400 K    1796    Adobe Acrobat Update Service    Adobe Systems Incorporated    
    Amazon Music Helper.exe        6,880 K    8,700 K    5336            
    acrotray.exe        2,356 K    5,592 K    5516    AcroTray    Adobe Systems Inc.    
     


    • 0

    #9
    majorlag

    majorlag

      Member

    • Topic Starter
    • Member
    • PipPip
    • 70 posts

    I should also amend that the file C:\Windows\SysWow64\a2dvk59.dll was recognized at having been scanned before, but I cannot get it to reanalyze, for whatever that's worth.


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Looks like your slowness is coming from

     

    SProStaad.exe    24.83 

     

    Don't know what the program is but it and Symantec are throwing a lot of errors and Prostaad is using a lot of CPU time.  I would re-install both programs.  (If you must use Symantec.  I really hate the program.  It's such a CPU hog.)  There is also some problem with it not finding the Domain controller.  Is there one?

     

    I don't see any malware in the FRST scan.


    • 0

    Advertisements


    #11
    majorlag

    majorlag

      Member

    • Topic Starter
    • Member
    • PipPip
    • 70 posts

    Thank you for your input on my work machine behavior.  I haven't had this machine very long, or pushed it as hard as I have been the last few days, but I've never had it stall like that with so much direct drive access, and the timing frankly scared the whizz out of me.  Do you think it appears clean-ish? 

     

    STAAD is a piece of 3D structural modeling software and is a real resource hog, but mostly just CPU time.  Unfortunately, I have to use Symantec.  I'm no fan of theirs as they allowed me to get a massive infection some years back, with a fully patched and updated corporate version.

     

    Not sure about the domain controller issue, but it wouldn't surprise me--my friend in our IT department tells me things are set up very well.  How would be able to check?

     

    I will try your suggestions on Machine #2 when I get home.  Will it be OK to bring back scanned copies of logs like I did with the OTL PDF this morning?

     

    Thanks again for your continued help--may I continue bringing stuff from each home machine in turn?

     

    And, thank you also for your efforts on the Hercules, keeping us all safe.

     

    -Andrew


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Prostaad is showing some alarms so I'm not sure it is working correctly.

     

    To check for problems with the domain controller and prostaad:

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
    This will show us any new alarms from the reboot.  
     
    We can also check the health of the machine with Speccy:
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
     
    This will show us the health of the hard drive and also give us the CPU temps.  A hot PC is a slow PC.
     

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Forgot to say that scans of the logs are fine.


    • 0

    #14
    majorlag

    majorlag

      Member

    • Topic Starter
    • Member
    • PipPip
    • 70 posts

    If it is OK with you, I will just bring the logs from Machine 2 next, and then the other machines in my network, unless you would prefer that I do them as separate threads.  And thank you for your help!

     

    Below is the VEW output.  I was the one closing Teamviewer 9 today, twice by killing the process and then by closing the application, although the time stamps look weird.  Don't agree with system time.

     

    After trying a few things, I think I managed to recreate the events that spooked me on my work machine by combining some operations in the Staad program--one of which does involve the program deleting some very large files. It caused high disk access (though not as high), a slow, lagging mouse, and graphical disturbances.  Separately, not much effect, but together it did make the machine stutter some. But, anyhow, here's VEW:

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 07/04/2014 8:40:50 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 07/04/2014 9:51:56 PM
    Type: Error Category: 0
    Event: 7034 Source: Service Control Manager
    The TeamViewer 9 service terminated unexpectedly.  It has done this 3 time(s).

    Log: 'System' Date/Time: 07/04/2014 9:51:36 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The TeamViewer 9 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 07/04/2014 9:51:26 PM
    Type: Error Category: 0
    Event: 7031 Source: Service Control Manager
    The TeamViewer 9 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 14/03/2014 9:08:22 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

    Log: 'System' Date/Time: 14/03/2014 9:08:22 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

    Log: 'System' Date/Time: 14/03/2014 9:08:19 PM
    Type: Error Category: 403
    Event: 413 Source: Microsoft-Windows-TaskScheduler
    Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Log: 'System' Date/Time: 14/03/2014 9:08:18 PM
    Type: Error Category: 403
    Event: 413 Source: Microsoft-Windows-TaskScheduler
    Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Log: 'System' Date/Time: 12/03/2014 8:14:50 PM
    Type: Error Category: 0
    Event: 5719 Source: NETLOGON
    This computer was not able to set up a secure session with a domain controller in domain VAUGHNMELTON due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.    ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

    Log: 'System' Date/Time: 12/03/2014 12:03:09 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

    Log: 'System' Date/Time: 12/03/2014 12:03:09 PM
    Type: Error Category: 0
    Event: 7001 Source: Service Control Manager
    The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

    Log: 'System' Date/Time: 12/03/2014 12:03:05 PM
    Type: Error Category: 403
    Event: 413 Source: Microsoft-Windows-TaskScheduler
    Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Log: 'System' Date/Time: 12/03/2014 12:03:04 PM
    Type: Error Category: 403
    Event: 413 Source: Microsoft-Windows-TaskScheduler
    Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

    Log: 'System' Date/Time: 10/03/2014 2:54:10 PM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    Log: 'System' Date/Time: 10/03/2014 1:41:59 PM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    Log: 'System' Date/Time: 10/03/2014 1:14:09 PM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    Log: 'System' Date/Time: 10/03/2014 12:10:59 PM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    Log: 'System' Date/Time: 10/03/2014 11:34:08 AM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    Log: 'System' Date/Time: 10/03/2014 10:40:58 AM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    Log: 'System' Date/Time: 10/03/2014 9:37:08 AM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    Log: 'System' Date/Time: 10/03/2014 9:09:58 AM
    Type: Error Category: 0
    Event: 1058 Source: Microsoft-Windows-GroupPolicy
    The processing of Group Policy failed. Windows attempted to read the file \\VaughnMelton.com\sysvol\VaughnMelton.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:  a) Name Resolution/Network Connectivity to the current domain controller.  b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).  c) The Distributed File System (DFS) client has been disabled.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 07/04/2014 11:29:04 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name 19.139.121.74.in-addr.arpa timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 07/04/2014 5:09:48 AM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name cdn.superantispyware.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 04/04/2014 12:52:13 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name www.allsteelpipe.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 04/04/2014 9:01:12 AM
    Type: Warning Category: 0
    Event: 1 Source: MEIx64
    The Intel® Management Engine Interface is being reset.

    Log: 'System' Date/Time: 25/03/2014 4:00:05 PM
    Type: Warning Category: 223
    Event: 225 Source: Microsoft-Windows-Kernel-PnP
    The application \Device\HarddiskVolume3\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe with process id 5144 stopped the removal or ejection for the device USB\VID_18A5&PID_3E23\0702C20ADD7C06DB.

    Log: 'System' Date/Time: 24/03/2014 9:08:22 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name www.section4f.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 14/03/2014 9:09:34 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_1.19#20052243710F42F0CF20&0#.

    Log: 'System' Date/Time: 12/03/2014 12:05:00 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9347#0303757255&0#.

    Log: 'System' Date/Time: 07/03/2014 7:06:40 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9347#0303757255&0#.

    Log: 'System' Date/Time: 04/03/2014 3:15:34 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name www.misteruniverse.net timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 17/02/2014 6:17:49 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name public.kaarmls.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 07/02/2014 3:22:53 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name www.pamshouseblend.com timed out after none of the configured DNS servers responded.
     


    Edited by majorlag, 07 April 2014 - 07:04 PM.

    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    OK.  Any order is fine as long as I can tell which PC is which.

     

    Doesn't look like you cleared the old alarms but there aren't any new domain alarms.  One of your older alarms looks like you might need a newer intel driver.  You can let intel check for you if you have Java:  http://www.intel.com.../support/detect (it might work without Java if you use IE to visit the site.)

     

    Event: 1014  errors may just be a slow network connection startup.  Probably not significant but might be improved by new intel driver.

     

    Can you run VEW again and let it look at Application logs the same way?


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP