a97virago
Honorary Members-
Posts
24 -
Joined
-
Last visited
Reputation
0 Neutral-
Again, I'm very sorry for the delay. I have requested access to the computer for this weekend. If I don't have it by Saturday morning, you have every right to consider this issue closed. You've been very helpful already, and I hate taking up more of your time and attention.
-
I just got word that I'll be able to get the computer this weekend. I'll run a FRST log for you as soon as I get it. Also, do you want me to run the Combofixa and systemlook steps, before or after the FRST. Or should I hold off on running those steps until I hear back after the FRST?
-
No problem
-
It is being used. That's why it is hard for me to get time on it. The processor usage is down to a normal level. And not that much critical is being done on it. There is a problem with one program (LPi Express) that can't send data out on port 82, but I'm not really sure what is stopping that, I'm investigating it, concurrently.
-
I'm really trying to get time on the computer. Please bear with me. Sorry this is taking so long to get back to.
-
Again, sorry this is taking so long. As it is a work computer, the time I have on it is very limited.
-
I don't have access to the computer at the moment. As soon as I do, will run these steps and get back to you. I want to take this moment, though, to thank you for helping me. I can see this is a drawn out process and I wouldn't have been able to accomplish it as completely without your help. So, thank you so much!
-
Windows is also calling for several (140) updates. I don't know if I could do these or would it interfere with the ongoing process. I'll wait until I hear from you.
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014 Ran by Sacred Heart at 2014-09-28 13:05:26 Running from C:\Users\Sacred Heart\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version: - Microsoft) Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: - Driver-Soft Inc.) Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google) HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - ) HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP) IDS Client (HKLM-x32\...\{01218E3C-86E4-4D70-A36F-69CD41B78DBC}) (Version: 3.2.1.4466 - IDS LLC) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab) Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden KeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl) LPi Express HTD 5.3 (HKLM-x32\...\LPi Express HTD) (Version: 5.3 - Liturgical Publications Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MiniTool Partition Wizard Home Edition 7.5 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.) Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP) Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WordPerfect Office 11 (HKLM-x32\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0.0.233 - Corel Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-09-2014 12:49:32 Windows Update 28-09-2014 15:58:55 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-28 10:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C386C0E-A445-47DA-901A-393EB6C2D382} - System32\Tasks\{297F2293-13B0-4FE3-9198-BB8A93BE8460} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {3F39A9C4-19EB-4085-866A-319B46C3831C} - System32\Tasks\{9C20487D-2C01-4F9E-974B-09089469BCF8} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {57C34F52-F55D-46A9-BBEC-7FE5497E2771} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {5E579732-3AE5-4CCE-98D9-C8936BB00502} - System32\Tasks\{153E2278-86B5-49E0-AE94-8AF4E54E5B22} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: {766E07AE-1135-40DF-846A-958749F829BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7CC6BFF0-97EA-4DC0-AED0-97DB14A902ED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8F7B41E9-2C26-4938-A4EE-F3BA6442CF6B} - System32\Tasks\{B3E80174-7A15-479A-8CC6-BE56E35E091D} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {AD5CF118-9EB3-4AB5-8CBA-2302A1EA732B} - System32\Tasks\{F66C47B5-EAA0-485C-8591-A65C09773112} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {B3670107-77A8-46F9-BDD5-6573E06A504B} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {C105B06E-52C7-4CFA-862C-2A85C608D415} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {C534DDA7-E6AF-4B97-9A5C-9FF71930D354} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {CE83A9E3-F3FE-4B66-A10B-BC53E06A8BF4} - System32\Tasks\{1B1556A2-E352-4B56-8363-A1F352A73E81} => Chrome.exe Task: {CF34E322-8BD7-48BB-BD6C-675495149C5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30] (Adobe Systems Incorporated) Task: {F1422699-57D0-4C49-B113-955A814AC852} - System32\Tasks\{2D3E9920-B639-4DE1-AE6E-AE6A472279CA} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-08-24 10:20 - 2010-03-31 11:51 - 00407040 _____ () C:\Windows\System32\HPM1210LM.DLL 2012-08-28 14:22 - 2011-04-29 23:14 - 00083752 _____ () C:\Windows\system32\PuzzlePort64.dll 2012-08-24 10:20 - 2010-03-31 11:51 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-08-06 12:07 - 2012-08-06 12:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-08-24 10:19 - 2010-04-28 11:49 - 00222720 _____ () C:\Windows\system32\m1210nwia.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Sacred Heart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^xwizard.lnk => C:\Windows\pss\xwizard.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Driver Genius => MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Device Center\itype.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: xwizard => "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe" MSCONFIG\startupreg: {f55de818-9e4d-43d0-0b46-54c71f088e85} => "C:\ProgramData\Microsoft\{f55de818-9e4d-43d0-0b46-54c71f088e85}\{f55de818-9e4d-43d0-0b46-54c71f088e85}.exe" MSCONFIG\startupreg: .tluafed => ========================= Accounts: ========================== Administrator (S-1-5-21-639415932-1215857684-1316868989-500 - Administrator - Disabled) Guest (S-1-5-21-639415932-1215857684-1316868989-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-639415932-1215857684-1316868989-1006 - Limited - Enabled) Sacred Heart (S-1-5-21-639415932-1215857684-1316868989-1003 - Administrator - Enabled) => C:\Users\Sacred Heart ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/28/2014 00:57:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x5e0 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 11:46:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x760 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x710 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062c3523 Faulting process id: 0x994 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009263523 Faulting process id: 0x870 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000008a83523 Faulting process id: 0x64c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000087d3523 Faulting process id: 0x878 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000050c3523 Faulting process id: 0xaec Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009883523 Faulting process id: 0xe00 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062d3523 Faulting process id: 0x72c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 System errors: ============= Error: (09/28/2014 01:00:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SMR322 Error: (09/28/2014 00:59:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (09/28/2014 00:57:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 11:47:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SMR322 Error: (09/28/2014 11:47:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (09/28/2014 11:46:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 10:56:03 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/28/2014 10:22:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 10:21:16 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/28/2014 09:47:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions: ========================= Error: (09/28/2014 00:57:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c15e001cfdb3378ea577aC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll97f3ce26-4730-11e4-95af-a180eb7df2ed Error: (09/28/2014 11:46:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c176001cfdb17fa7f70a9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll95f9f02e-4726-11e4-a196-90a0a8ee43eb Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c171001cfdb1081caacc9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllac48dd2a-470a-11e4-bafd-e7a61a1ba403 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062c352399401cfdb12c6a5c40eC:\Windows\explorer.exeunknown4322818f-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000926352387001cfdb12aebdab23C:\Windows\explorer.exeunknown01b7cda3-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000008a8352364c01cfdb1246672c35C:\Windows\Explorer.EXEunknownbd28fdcc-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000087d352387801cfdb120b482a89C:\Windows\Explorer.EXEunknown8176d469-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000050c3523aec01cfdb11cfa42258C:\Windows\Explorer.EXEunknown466d3f20-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000009883523e0001cfdb1193ba8589C:\Windows\Explorer.EXEunknown0a94d8a8-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062d352372c01cfdb1157db4911C:\Windows\Explorer.EXEunknownced875fe-4704-11e4-bafd-a6300096e01c CodeIntegrity Errors: =================================== Date: 2014-09-28 10:21:16.472 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-28 10:21:16.332 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A4-3400 APU with Radeon HD Graphics Percentage of memory in use: 34% Total physical RAM: 3570.79 MB Available physical RAM: 2324.95 MB Total Pagefile: 7139.75 MB Available Pagefile: 5665.13 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:864.46 GB) NTFS Drive e: (TravelDrive) (Removable) (Total:1.91 GB) (Free:0.73 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58CFF908) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 19048354) Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E) ==================== End Of Log ============================
-
Here is the new FRST scan after removing autokms Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014Ran by Sacred Heart (administrator) on SACREDHEART-PC on 28-09-2014 13:05:00Running from C:\Users\Sacred Heart\DesktopLoaded Profile: Sacred Heart (Available profiles: Sacred Heart)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe(HP) C:\Windows\System32\HPSIsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Policies\Explorer: [Run] "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe"HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION!HKU\S-1-5-18\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17416880 2012-07-13] (Skype Technologies S.A.)HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe [686792 2012-07-30] (Adobe Systems Incorporated)HKU\S-1-5-18\...\MountPoints2: D - D:\Programs\nu2menu\nu2menu.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBAF2A4F8647CE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-08-12]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30]FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ruFF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2014-08-12]FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ruFF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2014-08-12] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO)R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-29] ()S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.)R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-06-23] ()S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()S3 catchme; \??\C:\ComboFix\catchme.sys [X]S0 SMR322; System32\drivers\SMR322.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:54 - 2014-09-28 10:54 - 00025396 _____ () C:\Users\Sacred Heart\Desktop\FRST201409281056.txt2014-09-28 10:53 - 2014-09-28 13:03 - 00039260 _____ () C:\Users\Sacred Heart\Desktop\Addition.txt2014-09-28 10:52 - 2014-09-28 13:05 - 00013189 _____ () C:\Users\Sacred Heart\Desktop\FRST.txt2014-09-28 10:52 - 2014-09-28 13:05 - 00000000 ____D () C:\FRST2014-09-28 10:25 - 2014-09-28 10:25 - 00020510 _____ () C:\ComboFix.txt2014-09-28 09:19 - 2014-09-28 10:25 - 00000000 ____D () C:\Qoobox2014-09-28 09:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-09-28 09:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-09-28 09:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-09-28 09:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-09-28 09:18 - 2014-09-28 10:23 - 00000000 ____D () C:\Windows\erdnt2014-09-28 08:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-09-28 08:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-09-28 08:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-09-28 08:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2014-09-28 08:49 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-09-28 08:49 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-09-28 08:49 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-09-28 08:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-09-28 08:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-09-28 08:33 - 2014-09-28 08:34 - 00148009 _____ () C:\Users\Sacred Heart\Desktop\New Text Document.txt2014-09-28 08:04 - 2014-09-28 07:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sacred Heart\Desktop\mbam-setup-2.0.2.1012.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01699276 _____ (Thisisu) C:\Users\Sacred Heart\Desktop\JRT.exe2014-09-28 08:04 - 2014-09-27 22:35 - 01373475 _____ () C:\Users\Sacred Heart\Desktop\AdwCleaner.exe2014-09-28 08:04 - 2014-09-27 22:33 - 02108928 _____ (Farbar) C:\Users\Sacred Heart\Desktop\FRST64.exe2014-09-28 08:04 - 2014-09-27 22:27 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sacred Heart\Desktop\tdsskiller.exe2014-09-28 08:04 - 2014-09-27 22:23 - 05580995 ____R (Swearware) C:\Users\Sacred Heart\Desktop\ComboFix.exe2014-09-28 07:54 - 2014-09-28 13:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-28 07:54 - 2014-09-28 08:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-09-28 07:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-28 07:54 - 2014-09-28 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-28 07:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-28 07:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-28 07:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-27 21:23 - 2014-09-28 12:59 - 00001872 _____ () C:\Windows\setupact.log2014-09-27 21:23 - 2014-09-27 21:23 - 00000000 _____ () C:\Windows\setuperr.log2014-09-27 20:11 - 2014-09-05 09:56 - 00004130 _____ () C:\Users\Sacred Heart\Downloads\grrr - Copy.TXT2014-09-27 18:22 - 2014-09-27 18:19 - 34905600 _____ (Hewlett-Packard Development Company, L.P. ) C:\sp58084.exe2014-09-27 15:59 - 2014-09-05 09:58 - 00004130 _____ () C:\Users\Grrr.TXT2014-09-24 12:14 - 2014-09-24 12:14 - 00007016 ____N () C:\bootsqm.dat2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\VirtualStore2014-09-23 12:21 - 2014-09-24 08:18 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BFCE2EDA-C7EC-46A2-A6B4-FCF23DE328B7}2014-09-23 11:47 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\pdfforge2014-09-22 11:23 - 2014-09-22 11:23 - 00058880 _____ () C:\Users\Sacred Heart\Desktop\9_21_14-SUN_COLLECT.xls2014-09-22 11:19 - 2014-09-22 11:19 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_21_14-SUN_COLLECT.xls2014-09-22 08:19 - 2014-09-22 08:21 - 00000000 ____D () C:\ProgramData\Sophos2014-09-22 08:18 - 2014-09-22 08:18 - 00003237 _____ () C:\Users\Sacred Heart\Desktop\Sophos Virus Removal Tool.lnk2014-09-22 08:18 - 2014-09-22 08:18 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos2014-09-22 07:59 - 2014-09-22 07:59 - 00000000 ____D () C:\Program Files (x86)\Sophos2014-09-17 13:16 - 2014-09-17 13:16 - 00000448 ____H () C:\Users\Sacred Heart\AppData\Roaming\麽鎒駓覜2014-09-17 10:59 - 2014-09-17 14:11 - 00011366 _____ () C:\Users\Sacred Heart\Documents\liturgy 2014.xlsx2014-09-16 20:20 - 2014-09-18 09:16 - 118352120 _____ (Microsoft Corporation) C:\Users\Sacred Heart\Downloads\msert.exe2014-09-16 19:20 - 2014-09-16 19:20 - 00000000 ____D () C:\Windows\pss2014-09-16 15:12 - 2014-09-16 15:12 - 00002052 _____ () C:\Windows\epplauncher.mif2014-09-16 09:10 - 2014-09-16 09:10 - 00000000 __SHD () C:\Windows\system32\%APPDATA%2014-09-15 12:22 - 2014-09-15 12:28 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_14_14-SUN_COLLECT.xls2014-09-05 10:40 - 2014-09-28 08:25 - 00000000 ____D () C:\ProgramData\EvitpUseyw2014-08-29 13:22 - 2014-08-29 13:25 - 00219244 _____ () C:\Users\Sacred Heart\Desktop\fa1131bi.tif2014-08-29 13:21 - 2014-08-29 13:21 - 00000000 _____ () C:\Users\Sacred Heart\Downloads\fa1131bi.tif.en9r1v9.partial ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 13:04 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-28 13:03 - 2012-08-22 15:54 - 01057297 _____ () C:\Windows\WindowsUpdate.log2014-09-28 12:59 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-28 12:20 - 2012-07-30 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-28 11:55 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-28 11:55 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-28 11:46 - 2012-07-31 03:17 - 00266026 _____ () C:\Windows\PFRO.log2014-09-28 10:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default2014-09-28 10:22 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini2014-09-28 10:21 - 2012-08-22 15:55 - 00000000 ____D () C:\Users\Sacred Heart2014-09-28 08:30 - 2012-07-30 22:13 - 00000000 ____D () C:\Windows\Panther2014-09-28 07:55 - 2013-05-30 09:03 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\CrashDumps2014-09-28 07:54 - 2013-05-02 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-28 07:36 - 2013-11-08 11:43 - 00000000 ____D () C:\Program Files\Google2014-09-28 07:36 - 2012-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Google2014-09-27 22:45 - 2013-11-08 11:42 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Google2014-09-27 21:17 - 2012-08-22 17:41 - 00000000 ____D () C:\Users\Sacred Heart\Documents\My Scans2014-09-27 21:10 - 2014-02-21 15:52 - 00000000 ____D () C:\Users\Sacred Heart\Desktop\Publisher Bulletins2014-09-27 21:10 - 2013-05-10 12:18 - 00000000 ___SD () C:\Users\Sacred Heart\Documents\My Data Sources2014-09-27 20:21 - 2012-09-18 12:51 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Microsoft Games2014-09-27 20:21 - 2012-08-28 14:23 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\LPi Express HTD2014-09-27 20:21 - 2012-08-22 17:25 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Adobe2014-09-27 20:12 - 2012-08-22 16:30 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\AMD2014-09-27 20:12 - 2012-07-30 18:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2014-09-27 16:02 - 2014-08-12 09:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-09-27 16:02 - 2014-07-07 08:54 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\fc044c2014-09-27 16:02 - 2012-10-10 10:01 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple Computer2014-09-27 16:02 - 2012-08-22 17:28 - 00000000 ____D () C:\ProgramData\Ralink Driver2014-09-27 16:01 - 2012-12-06 10:29 - 00000000 ____D () C:\ebsword2014-09-27 16:01 - 2012-08-22 16:26 - 00000000 ____D () C:\ATI2014-09-27 16:01 - 2012-08-22 16:21 - 00000000 ____D () C:\AMD2014-09-26 08:42 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-25 13:31 - 2012-08-22 17:41 - 00011858 _____ () C:\Users\Sacred Heart\Documents\WEEKLY2.xlsx2014-09-25 08:44 - 2012-09-18 11:13 - 00001511 _____ () C:\Users\Sacred Heart\AppData\Local\print.ini2014-09-24 08:32 - 2012-07-30 18:30 - 00000000 __SHD () C:\Users\Sacred Heart\AppData\Roaming\dteivvbh2014-09-16 12:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-15 09:06 - 2012-07-30 18:59 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-05 12:02 - 2012-08-22 16:04 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple2014-09-05 12:02 - 2012-07-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-05 12:02 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-09-05 12:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-09-05 09:55 - 2013-03-13 12:12 - 14592872 _____ () C:\Users\Sacred Heart\Downloads\IMG_1150.mp42014-09-05 09:55 - 2012-08-22 17:41 - 00578630 _____ () C:\Users\Sacred Heart\Downloads\Palm01c_sc.eps2014-09-05 09:54 - 2013-09-24 10:23 - 00546002 _____ () C:\Users\Sacred Heart\Downloads\bi03fa06_sc.eps2014-09-05 09:54 - 2013-06-03 14:20 - 00636234 _____ () C:\Users\Sacred Heart\Downloads\bi57sp04_sc.eps Files to move or delete:====================C:\Users\Sacred Heart\acrobat.exeC:\Users\Sacred Heart\chrome935539.exeC:\Users\Sacred Heart\ctfmon132343.exeC:\Users\Sacred Heart\flashplayer560745.exeC:\Users\Sacred Heart\googleupdate.exeC:\Users\Sacred Heart\googleupdate27226.exeC:\Users\Sacred Heart\msconfig464447.exeC:\Users\Sacred Heart\mstsc524057.exeC:\Users\Sacred Heart\rundll3238542.exeC:\Users\Sacred Heart\rundll32826958.exeC:\Users\Sacred Heart\spoolsv35736.exeC:\Users\Sacred Heart\vlcplayer.exeC:\Users\Sacred Heart\vlcplayer566390.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-28 11:17 ==================== End Of Log ============================
-
To be on the safe side, I've removed it.
-
The brief research I just did, seems to indicate that it's some sort of Office crack, but I'm "reasonably" sure that the installation of Office on this computer is legitimate. This is a business computer that I've been brought in to clean up.
-
I have no idea what that is.
-
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014 Ran by Sacred Heart at 2014-09-28 10:53:38 Running from C:\Users\Sacred Heart\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{F4C71C2A-F068-8EEB-61AE-EA4707C57A1B}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.70727.2220 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0806.1212.19931 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1213.19931 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{131CD369-AA3B-424F-A83C-54DF3534B95C}) (Version: - Microsoft) Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: - Driver-Soft Inc.) Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google) HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - ) HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP) IDS Client (HKLM-x32\...\{01218E3C-86E4-4D70-A36F-69CD41B78DBC}) (Version: 3.2.1.4466 - IDS LLC) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) Kaspersky Anti-Virus 2011 (HKLM-x32\...\InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}) (Version: 11.0.2.556 - Kaspersky Lab) Kaspersky Anti-Virus 2011 (x32 Version: 11.0.2.556 - Kaspersky Lab) Hidden KeePass Password Safe 1.23 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.23 - Dominik Reichl) LPi Express HTD 5.3 (HKLM-x32\...\LPi Express HTD) (Version: 5.3 - Liturgical Publications Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MiniTool Partition Wizard Home Edition 7.5 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.3 - Frank Heindörfer, Philip Chinery) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Readiris Pro 12 (HKLM-x32\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.) Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP) Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WordPerfect Office 11 (HKLM-x32\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0.0.233 - Corel Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-09-2014 12:49:32 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-09-28 10:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1C386C0E-A445-47DA-901A-393EB6C2D382} - System32\Tasks\{297F2293-13B0-4FE3-9198-BB8A93BE8460} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {3F39A9C4-19EB-4085-866A-319B46C3831C} - System32\Tasks\{9C20487D-2C01-4F9E-974B-09089469BCF8} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {57C34F52-F55D-46A9-BBEC-7FE5497E2771} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {5E579732-3AE5-4CCE-98D9-C8936BB00502} - System32\Tasks\{153E2278-86B5-49E0-AE94-8AF4E54E5B22} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: {70B14C0D-C1D5-4F0C-A0AA-4312FA676299} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-07-31] () Task: {766E07AE-1135-40DF-846A-958749F829BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7CC6BFF0-97EA-4DC0-AED0-97DB14A902ED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8F7B41E9-2C26-4938-A4EE-F3BA6442CF6B} - System32\Tasks\{B3E80174-7A15-479A-8CC6-BE56E35E091D} => C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE [2011-04-06] (Microsoft Corporation) Task: {AD5CF118-9EB3-4AB5-8CBA-2302A1EA732B} - System32\Tasks\{F66C47B5-EAA0-485C-8591-A65C09773112} => C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [2010-04-21] (Driver-Soft Inc.) Task: {B3670107-77A8-46F9-BDD5-6573E06A504B} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {C105B06E-52C7-4CFA-862C-2A85C608D415} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {C534DDA7-E6AF-4B97-9A5C-9FF71930D354} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {CE83A9E3-F3FE-4B66-A10B-BC53E06A8BF4} - System32\Tasks\{1B1556A2-E352-4B56-8363-A1F352A73E81} => Chrome.exe Task: {CF34E322-8BD7-48BB-BD6C-675495149C5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30] (Adobe Systems Incorporated) Task: {F1422699-57D0-4C49-B113-955A814AC852} - System32\Tasks\{2D3E9920-B639-4DE1-AE6E-AE6A472279CA} => C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [2012-10-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-24 10:20 - 2010-03-31 11:51 - 00407040 _____ () C:\Windows\System32\HPM1210LM.DLL 2012-08-28 14:22 - 2011-04-29 23:14 - 00083752 _____ () C:\Windows\system32\PuzzlePort64.dll 2012-08-24 10:20 - 2010-03-31 11:51 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00212480 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-03-05 16:03 - 2012-03-05 16:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-02-16 14:53 - 2012-02-16 14:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2012-08-24 10:19 - 2010-04-28 11:49 - 00222720 _____ () C:\Windows\system32\m1210nwia.dll 2012-08-06 12:24 - 2012-08-06 12:24 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-08-06 12:07 - 2012-08-06 12:07 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Sacred Heart^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^xwizard.lnk => C:\Windows\pss\xwizard.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Driver Genius => MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Device Center\itype.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: xwizard => "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe" MSCONFIG\startupreg: {f55de818-9e4d-43d0-0b46-54c71f088e85} => "C:\ProgramData\Microsoft\{f55de818-9e4d-43d0-0b46-54c71f088e85}\{f55de818-9e4d-43d0-0b46-54c71f088e85}.exe" MSCONFIG\startupreg: .tluafed => ========================= Accounts: ========================== Administrator (S-1-5-21-639415932-1215857684-1316868989-500 - Administrator - Disabled) Guest (S-1-5-21-639415932-1215857684-1316868989-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-639415932-1215857684-1316868989-1006 - Limited - Enabled) Sacred Heart (S-1-5-21-639415932-1215857684-1316868989-1003 - Administrator - Enabled) => C:\Users\Sacred Heart ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 802.11n Wireless LAN Card Description: 802.11n Wireless LAN Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x710 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062c3523 Faulting process id: 0x994 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009263523 Faulting process id: 0x870 Faulting application start time: 0xexplorer.exe0 Faulting application path: explorer.exe1 Faulting module path: explorer.exe2 Report Id: explorer.exe3 Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000008a83523 Faulting process id: 0x64c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000087d3523 Faulting process id: 0x878 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000050c3523 Faulting process id: 0xaec Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000009883523 Faulting process id: 0xe00 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000062d3523 Faulting process id: 0x72c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:42:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000007d83523 Faulting process id: 0xc70 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (09/28/2014 07:41:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x0000000000000000 Faulting process id: 0xbc0 Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 System errors: ============= Error: (09/28/2014 10:22:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 10:21:16 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/28/2014 09:47:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (09/28/2014 08:32:54 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/28/2014 08:31:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SMR322 Error: (09/28/2014 08:30:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect. Error: (09/28/2014 08:26:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 08:25:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: %%1290 Error: (09/28/2014 08:25:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Base Filtering Engine service failed to start due to the following error: %%1290 Error: (09/28/2014 08:25:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Security Center service failed to start due to the following error: %%1314 Microsoft Office Sessions: ========================= Error: (09/28/2014 08:26:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.0501fefb5Device.dll4.1.0.04f55e10bc000000500000000000033c171001cfdb1081caacc9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllac48dd2a-470a-11e4-bafd-e7a61a1ba403 Error: (09/28/2014 07:54:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062c352399401cfdb12c6a5c40eC:\Windows\explorer.exeunknown4322818f-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:53:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.1.7601.175674d672ee4unknown0.0.0.000000000c0000005000000000926352387001cfdb12aebdab23C:\Windows\explorer.exeunknown01b7cda3-4706-11e4-bafd-a6300096e01c Error: (09/28/2014 07:51:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000008a8352364c01cfdb1246672c35C:\Windows\Explorer.EXEunknownbd28fdcc-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:49:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000087d352387801cfdb120b482a89C:\Windows\Explorer.EXEunknown8176d469-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:47:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000050c3523aec01cfdb11cfa42258C:\Windows\Explorer.EXEunknown466d3f20-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:46:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000009883523e0001cfdb1193ba8589C:\Windows\Explorer.EXEunknown0a94d8a8-4705-11e4-bafd-a6300096e01c Error: (09/28/2014 07:44:31 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000000500000000062d352372c01cfdb1157db4911C:\Windows\Explorer.EXEunknownced875fe-4704-11e4-bafd-a6300096e01c Error: (09/28/2014 07:42:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000007d83523c7001cfdb111c0a06bbC:\Windows\Explorer.EXEunknown92f21566-4704-11e4-bafd-a6300096e01c Error: (09/28/2014 07:41:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c000041d0000000000000000bc001cfdb10e04e57d7C:\Windows\Explorer.EXEunknown5723346f-4704-11e4-bafd-a6300096e01c CodeIntegrity Errors: =================================== Date: 2014-09-28 10:21:16.472 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-28 10:21:16.332 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A4-3400 APU with Radeon HD Graphics Percentage of memory in use: 71% Total physical RAM: 3570.79 MB Available physical RAM: 1006.53 MB Total Pagefile: 7139.75 MB Available Pagefile: 5610.53 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:867.21 GB) NTFS Drive e: (WINTOUSB) (Removable) (Total:14.89 GB) (Free:13.76 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58CFF908) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 14.9 GB) (Disk ID: 00005053) Partition 1: (Active) - (Size=14.9 GB) - (Type=0C) ==================== End Of Log ============================
-
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2014 Ran by Sacred Heart (administrator) on SACREDHEART-PC on 28-09-2014 10:52:48 Running from C:\Users\Sacred Heart\Desktop Loaded Profile: Sacred Heart (Available profiles: Sacred Heart) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP) C:\Windows\System32\HPSIsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl" HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...\Policies\Explorer: [Run] "C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\IEUpdate\xwizard.exe" HKU\S-1-5-21-639415932-1215857684-1316868989-1003\...A8F59079A8D5}\localserver32: <==== ATTENTION! HKU\S-1-5-18\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17416880 2012-07-13] (Skype Technologies S.A.) HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe [686792 2012-07-30] (Adobe Systems Incorporated) HKU\S-1-5-18\...\MountPoints2: D - D:\Programs\nu2menu\nu2menu.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBAF2A4F8647CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_33 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2014-08-12] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-30] FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2014-08-12] FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2014-08-12] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed] S3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [365336 2010-11-02] (Kaspersky Lab ZAO) R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed] S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed] S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-29] () S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.) R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28440 2011-06-23] () S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] () U3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 SMR322; System32\drivers\SMR322.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:52 - 2014-09-28 10:53 - 00013039 _____ () C:\Users\Sacred Heart\Desktop\FRST.txt 2014-09-28 10:52 - 2014-09-28 10:52 - 00000000 ____D () C:\FRST 2014-09-28 10:25 - 2014-09-28 10:25 - 00020510 _____ () C:\ComboFix.txt 2014-09-28 09:19 - 2014-09-28 10:25 - 00000000 ____D () C:\Qoobox 2014-09-28 09:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-28 09:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-28 09:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-28 09:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-28 09:18 - 2014-09-28 10:23 - 00000000 ____D () C:\Windows\erdnt 2014-09-28 08:50 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-28 08:50 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-28 08:50 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-09-28 08:50 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-28 08:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-28 08:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-28 08:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-28 08:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-28 08:33 - 2014-09-28 08:34 - 00148009 _____ () C:\Users\Sacred Heart\Desktop\New Text Document.txt 2014-09-28 08:04 - 2014-09-28 07:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sacred Heart\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-28 08:04 - 2014-09-27 22:35 - 01699276 _____ (Thisisu) C:\Users\Sacred Heart\Desktop\JRT.exe 2014-09-28 08:04 - 2014-09-27 22:35 - 01373475 _____ () C:\Users\Sacred Heart\Desktop\AdwCleaner.exe 2014-09-28 08:04 - 2014-09-27 22:33 - 02108928 _____ (Farbar) C:\Users\Sacred Heart\Desktop\FRST64.exe 2014-09-28 08:04 - 2014-09-27 22:27 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Sacred Heart\Desktop\tdsskiller.exe 2014-09-28 08:04 - 2014-09-27 22:23 - 05580995 ____R (Swearware) C:\Users\Sacred Heart\Desktop\ComboFix.exe 2014-09-28 07:54 - 2014-09-28 08:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-28 07:54 - 2014-09-28 08:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-28 07:54 - 2014-09-28 07:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-28 07:54 - 2014-09-28 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-28 07:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-28 07:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-28 07:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-27 21:23 - 2014-09-28 08:30 - 00000964 _____ () C:\Windows\setupact.log 2014-09-27 21:23 - 2014-09-27 21:23 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-27 20:11 - 2014-09-05 09:56 - 00004130 _____ () C:\Users\Sacred Heart\Downloads\grrr - Copy.TXT 2014-09-27 18:22 - 2014-09-27 18:19 - 34905600 _____ (Hewlett-Packard Development Company, L.P. ) C:\sp58084.exe 2014-09-27 15:59 - 2014-09-05 09:58 - 00004130 _____ () C:\Users\Grrr.TXT 2014-09-24 12:14 - 2014-09-24 12:14 - 00007016 ____N () C:\bootsqm.dat 2014-09-24 08:32 - 2014-09-24 08:32 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\VirtualStore 2014-09-23 12:21 - 2014-09-24 08:18 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BFCE2EDA-C7EC-46A2-A6B4-FCF23DE328B7} 2014-09-23 11:47 - 2014-09-23 11:47 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\pdfforge 2014-09-22 11:23 - 2014-09-22 11:23 - 00058880 _____ () C:\Users\Sacred Heart\Desktop\9_21_14-SUN_COLLECT.xls 2014-09-22 11:19 - 2014-09-22 11:19 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_21_14-SUN_COLLECT.xls 2014-09-22 08:19 - 2014-09-22 08:21 - 00000000 ____D () C:\ProgramData\Sophos 2014-09-22 08:18 - 2014-09-22 08:18 - 00003237 _____ () C:\Users\Sacred Heart\Desktop\Sophos Virus Removal Tool.lnk 2014-09-22 08:18 - 2014-09-22 08:18 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-09-22 07:59 - 2014-09-22 07:59 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-09-17 13:16 - 2014-09-17 13:16 - 00000448 ____H () C:\Users\Sacred Heart\AppData\Roaming\麽鎒駓覜 2014-09-17 10:59 - 2014-09-17 14:11 - 00011366 _____ () C:\Users\Sacred Heart\Documents\liturgy 2014.xlsx 2014-09-16 20:20 - 2014-09-18 09:16 - 118352120 _____ (Microsoft Corporation) C:\Users\Sacred Heart\Downloads\msert.exe 2014-09-16 19:20 - 2014-09-16 19:20 - 00000000 ____D () C:\Windows\pss 2014-09-16 15:12 - 2014-09-16 15:12 - 00002052 _____ () C:\Windows\epplauncher.mif 2014-09-16 09:10 - 2014-09-16 09:10 - 00000000 __SHD () C:\Windows\system32\%APPDATA% 2014-09-15 12:22 - 2014-09-15 12:28 - 00058880 _____ () C:\Users\Sacred Heart\Downloads\9_14_14-SUN_COLLECT.xls 2014-09-05 10:40 - 2014-09-28 08:25 - 00000000 ____D () C:\ProgramData\EvitpUseyw 2014-08-29 13:22 - 2014-08-29 13:25 - 00219244 _____ () C:\Users\Sacred Heart\Desktop\fa1131bi.tif 2014-08-29 13:21 - 2014-08-29 13:21 - 00000000 _____ () C:\Users\Sacred Heart\Downloads\fa1131bi.tif.en9r1v9.partial ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 10:25 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default 2014-09-28 10:22 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-28 10:21 - 2012-08-22 15:55 - 00000000 ____D () C:\Users\Sacred Heart 2014-09-28 10:20 - 2012-07-30 18:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-28 08:57 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-28 08:57 - 2009-07-14 00:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-28 08:50 - 2012-08-22 15:54 - 01897940 _____ () C:\Windows\WindowsUpdate.log 2014-09-28 08:35 - 2009-07-14 01:13 - 00730210 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-28 08:31 - 2012-07-31 15:00 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS 2014-09-28 08:30 - 2012-07-31 03:17 - 00265226 _____ () C:\Windows\PFRO.log 2014-09-28 08:30 - 2012-07-30 22:13 - 00000000 ____D () C:\Windows\Panther 2014-09-28 08:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-28 07:55 - 2013-05-30 09:03 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\CrashDumps 2014-09-28 07:54 - 2013-05-02 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-28 07:36 - 2013-11-08 11:43 - 00000000 ____D () C:\Program Files\Google 2014-09-28 07:36 - 2012-07-30 18:53 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-27 22:45 - 2013-11-08 11:42 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Google 2014-09-27 21:17 - 2012-08-22 17:41 - 00000000 ____D () C:\Users\Sacred Heart\Documents\My Scans 2014-09-27 21:10 - 2014-02-21 15:52 - 00000000 ____D () C:\Users\Sacred Heart\Desktop\Publisher Bulletins 2014-09-27 21:10 - 2013-05-10 12:18 - 00000000 ___SD () C:\Users\Sacred Heart\Documents\My Data Sources 2014-09-27 20:21 - 2012-09-18 12:51 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Microsoft Games 2014-09-27 20:21 - 2012-08-28 14:23 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\LPi Express HTD 2014-09-27 20:21 - 2012-08-22 17:25 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Roaming\Adobe 2014-09-27 20:12 - 2012-08-22 16:30 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\AMD 2014-09-27 20:12 - 2012-07-30 18:56 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2014-09-27 16:02 - 2014-08-12 09:26 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-09-27 16:02 - 2014-07-07 08:54 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\fc044c 2014-09-27 16:02 - 2012-10-10 10:01 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple Computer 2014-09-27 16:02 - 2012-08-22 17:28 - 00000000 ____D () C:\ProgramData\Ralink Driver 2014-09-27 16:01 - 2012-12-06 10:29 - 00000000 ____D () C:\ebsword 2014-09-27 16:01 - 2012-08-22 16:26 - 00000000 ____D () C:\ATI 2014-09-27 16:01 - 2012-08-22 16:21 - 00000000 ____D () C:\AMD 2014-09-26 08:42 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-25 13:31 - 2012-08-22 17:41 - 00011858 _____ () C:\Users\Sacred Heart\Documents\WEEKLY2.xlsx 2014-09-25 08:44 - 2012-09-18 11:13 - 00001511 _____ () C:\Users\Sacred Heart\AppData\Local\print.ini 2014-09-24 08:32 - 2012-07-30 18:30 - 00000000 __SHD () C:\Users\Sacred Heart\AppData\Roaming\dteivvbh 2014-09-16 12:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-05 12:03 - 2012-07-31 15:00 - 00000000 ____D () C:\Windows\AutoKMS 2014-09-05 12:02 - 2012-08-22 16:04 - 00000000 ____D () C:\Users\Sacred Heart\AppData\Local\Apple 2014-09-05 12:02 - 2012-07-31 14:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-05 12:02 - 2009-07-14 03:44 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-09-05 12:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration 2014-09-05 09:55 - 2013-03-13 12:12 - 14592872 _____ () C:\Users\Sacred Heart\Downloads\IMG_1150.mp4 2014-09-05 09:55 - 2012-08-22 17:41 - 00578630 _____ () C:\Users\Sacred Heart\Downloads\Palm01c_sc.eps 2014-09-05 09:54 - 2013-09-24 10:23 - 00546002 _____ () C:\Users\Sacred Heart\Downloads\bi03fa06_sc.eps 2014-09-05 09:54 - 2013-06-03 14:20 - 00636234 _____ () C:\Users\Sacred Heart\Downloads\bi57sp04_sc.eps Files to move or delete: ==================== C:\Users\Sacred Heart\acrobat.exe C:\Users\Sacred Heart\chrome935539.exe C:\Users\Sacred Heart\ctfmon132343.exe C:\Users\Sacred Heart\flashplayer560745.exe C:\Users\Sacred Heart\googleupdate.exe C:\Users\Sacred Heart\googleupdate27226.exe C:\Users\Sacred Heart\msconfig464447.exe C:\Users\Sacred Heart\mstsc524057.exe C:\Users\Sacred Heart\rundll3238542.exe C:\Users\Sacred Heart\rundll32826958.exe C:\Users\Sacred Heart\spoolsv35736.exe C:\Users\Sacred Heart\vlcplayer.exe C:\Users\Sacred Heart\vlcplayer566390.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-03 11:52 ==================== End Of Log ============================