Jump to content

lamkini

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Looks like all is well. Thanks so much, Adam. Donation sent.
  2. Wait, false alarm. I deleted it. Sorry. Oh hey--no more ads!!
  3. I can't delete the folder. It says it's being used in another application. Inside is a .PS1 file. What should I do?
  4. Hi Adam. You can call me Josh. Thanks for your attention with this issue. DO YOU RECOGNIZE: I do not, in fact, recognize the folder C:\MATS, and the time on that folder is from about when all this mess started happening. Below is the Fixlog information from all the STEPS: STEP ONE: FRST Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03 Ran by Josh at 2014-11-16 17:48:37 Run:1 Running from C:\Users\Josh\Desktop Loaded Profile: Josh (Available profiles: Josh) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM-x32\...\Run: [] => [X] ProxyServer: http=127.0.0.1:56049;https=127.0.0.1:56049 HKU\S-1-5-21-3192440701-1458875013-2191657805-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File R2 webinstrT; C:\Windows\system32\Drivers\webinstrT.sys [63696 2014-11-15] (Corsica) 2014-11-15 10:20 - 2014-11-15 10:20 - 00063696 _____ (Corsica) C:\Windows\system32\Drivers\webinstrT.sys 2014-11-15 10:20 - 2014-11-15 10:20 - 00001904 _____ () C:\Windows\patsearch.bin 2014-11-15 10:20 - 2014-11-15 10:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X] CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: end ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\ProxyServer: http=127.0.0.1:56049;https=127.0.0.1:56049\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found. "HKU\S-1-5-21-3192440701-1458875013-2191657805-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. "HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found. webinstrT => Service stopped successfully. webinstrT => Service deleted successfully. C:\Windows\system32\Drivers\webinstrT.sys => Moved successfully. C:\Windows\patsearch.bin => Moved successfully. C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf => Moved successfully. PDIHWCTL => Service deleted successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK! Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Reseting Interface, OK! Restart the computer to complete this action. ========= End of CMD: ========= EmptyTemp: => Removed 126.3 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== STEP TWO: MBAM Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/16/2014 Scan Time: 6:04:58 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.16.06 Rootkit Database: v2014.11.12.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Josh Scan Type: Threat Scan Result: Completed Objects Scanned: 446143 Time Elapsed: 8 min, 20 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) STEP THREE:ESET Online Scan NO THREATS FOUND
  5. Honestly, I have tried everything I could find out there. I have run JRT, ComboFix, adwcleaner, HitmanPro, Malwarebytes, and probably others, and I cannot get rid of SpeedChecker ads! Please please help. Required FRST data below and attached as txt files. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014 Ran by Josh (administrator) on WORKSTATION on 15-11-2014 21:50:40 Running from C:\Users\Josh\Desktop Loaded Profile: Josh (Available profiles: Josh) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\System32\atieclxx.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Medical Information Technology, Inc.) C:\Program Files (x86)\MEDITECH\MTAppDwn.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Windows\System32\WTablet\Wacom_TabletUser.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Spotify Ltd) C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-21-3192440701-1458875013-2191657805-1001\...\Run: [spotify Web Helper] => C:\Users\Josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-24] (Spotify Ltd) HKU\S-1-5-21-3192440701-1458875013-2191657805-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3192440701-1458875013-2191657805-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk ShortcutTarget: Logo Calibration Loader.lnk -> C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk ShortcutTarget: ProfileReminder.lnk -> C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG) Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:56049;https=127.0.0.1:56049 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKU\S-1-5-21-3192440701-1458875013-2191657805-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {16CB56C3-2955-4F5B-A579-31C8D20C2F27} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {16CB56C3-2955-4F5B-A579-31C8D20C2F27} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.) Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {C87ACE20-4BA7-11D4-AD69-0000F80020BC} https://intranetcdmz.meditech.com:444/pchelp/MTAppDwn.exe Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\hlkyfpn9.default-1416104664039 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-11-15] Chrome: ======= CHR HomePage: Default -> hxxp://mail.meditech.com/ CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15] CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-22] CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15] CHR Extension: (Google Search) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15] CHR Extension: (Tabs to the Front) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2014-07-23] CHR Extension: (Website Logon) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2014-05-15] CHR Extension: (Hangouts) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-23] CHR Extension: (Google Wallet) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-15] CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15] CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-25] (CyberLink) R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-01-08] (Macrovision Europe Ltd.) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-15] (SurfRight B.V.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 MTAppManager; C:\Program Files (x86)\MEDITECH\MTAppDwn.exe [398096 2014-09-24] (Medical Information Technology, Inc.) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc) R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [6245744 2010-03-08] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2005-12-14] (GretagMacbeth LLC) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-29] () R2 webinstrT; C:\Windows\system32\Drivers\webinstrT.sys [63696 2014-11-15] (Corsica) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 21:50 - 2014-11-15 21:51 - 00018662 _____ () C:\Users\Josh\Desktop\FRST.txt 2014-11-15 21:50 - 2014-11-15 21:50 - 00000000 ____D () C:\FRST 2014-11-15 21:49 - 2014-11-15 21:49 - 02116608 _____ (Farbar) C:\Users\Josh\Desktop\FRST64.exe 2014-11-15 21:07 - 2014-11-15 21:07 - 00018356 _____ () C:\Users\Josh\Desktop\HitmanPro_20141115_2107.log 2014-11-15 21:01 - 2014-11-15 21:01 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-11-15 21:01 - 2014-11-15 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-11-15 21:01 - 2014-11-15 21:01 - 00000000 ____D () C:\Program Files\HitmanPro 2014-11-15 21:00 - 2014-11-15 21:07 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-11-15 20:59 - 2014-11-15 21:00 - 11222744 _____ (SurfRight B.V.) C:\Users\Josh\Desktop\HitmanPro_x64.exe 2014-11-15 20:57 - 2014-11-15 20:57 - 00001508 _____ () C:\Users\Josh\Desktop\JRT.txt 2014-11-15 20:55 - 2014-11-15 20:55 - 01707242 _____ (Thisisu) C:\Users\Josh\Desktop\JRT.exe 2014-11-15 20:55 - 2014-11-15 20:55 - 00000000 ____D () C:\Windows\ERUNT 2014-11-15 20:45 - 2014-11-15 20:45 - 00023248 _____ () C:\ComboFix.txt 2014-11-15 20:37 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-15 20:37 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-15 20:37 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-15 20:37 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-15 20:37 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-15 20:37 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-15 20:37 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-15 20:37 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-15 20:33 - 2014-11-15 20:45 - 00000000 ____D () C:\Qoobox 2014-11-15 20:33 - 2014-11-15 20:44 - 00000000 ____D () C:\Windows\erdnt 2014-11-15 20:32 - 2014-11-15 20:33 - 05598504 ____R (Swearware) C:\Users\Josh\Desktop\ComboFix.exe 2014-11-15 20:28 - 2014-11-15 20:28 - 00002040 _____ () C:\Users\Josh\Desktop\Rkill.txt 2014-11-15 20:27 - 2014-11-15 20:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Josh\Downloads\rkill.com 2014-11-15 19:38 - 2014-11-15 20:47 - 00000000 ____D () C:\AdwCleaner 2014-11-15 19:38 - 2014-11-15 19:38 - 02140160 _____ () C:\Users\Josh\Desktop\adwcleaner_4.101.exe 2014-11-15 18:42 - 2014-11-15 18:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-11-15 18:09 - 2014-11-15 18:09 - 00000000 __SHD () C:\Users\Josh\AppData\Local\EmieBrowserModeList 2014-11-15 11:19 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-15 11:19 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-15 11:19 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-15 11:19 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-15 11:19 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-15 11:19 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-15 11:19 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-15 11:19 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-15 11:19 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-15 11:19 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-15 11:19 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-15 11:19 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-15 11:19 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-15 11:19 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-15 11:19 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-15 11:19 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-15 11:19 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-15 11:19 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-15 11:19 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-15 11:19 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-15 11:19 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-15 11:19 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-15 11:19 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-15 11:19 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-15 11:19 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-15 11:19 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-15 11:19 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-15 11:19 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-15 11:19 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-15 11:19 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-15 11:19 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-15 11:19 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-15 11:19 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-15 11:19 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-15 11:19 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-15 11:19 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-15 11:19 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-15 11:19 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-15 11:19 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-15 11:19 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-15 11:19 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-15 11:19 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-15 11:19 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-15 11:19 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-15 11:19 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-15 11:19 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-15 11:19 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-15 11:19 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-15 11:19 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-15 11:19 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-15 11:19 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-15 11:19 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-15 11:19 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-15 11:19 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-15 11:19 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-15 11:19 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-15 11:18 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-15 11:18 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-15 11:18 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-15 11:18 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-15 11:18 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-15 11:18 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-15 11:18 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-15 11:18 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-15 11:18 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-15 11:18 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-15 11:18 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-15 11:18 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-15 11:18 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-15 11:18 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-15 11:18 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-15 11:18 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-15 11:18 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-15 11:18 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-15 11:18 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-15 11:18 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-15 11:18 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-15 11:18 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-15 11:18 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-15 11:18 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-15 11:18 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-15 11:18 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-15 11:18 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-15 11:18 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-15 11:18 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-15 11:18 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-15 11:18 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-15 11:18 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-15 11:18 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-15 11:18 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-15 11:18 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-15 11:18 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-15 11:18 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-15 11:18 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-15 11:18 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-15 11:18 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-15 11:18 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-15 11:18 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-15 11:18 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-15 11:18 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-15 10:54 - 2014-11-15 21:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-15 10:54 - 2014-11-15 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-15 10:54 - 2014-11-15 10:54 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-15 10:54 - 2014-11-15 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-15 10:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-15 10:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-15 10:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-15 10:42 - 2014-11-15 10:42 - 00000000 ____D () C:\MATS 2014-11-15 10:33 - 2014-11-15 10:33 - 00000000 ____D () C:\Windows\SysWOW64\Flash 2014-11-15 10:20 - 2014-11-15 10:20 - 00063696 _____ (Corsica) C:\Windows\system32\Drivers\webinstrT.sys 2014-11-15 10:20 - 2014-11-15 10:20 - 00001904 _____ () C:\Windows\patsearch.bin 2014-11-15 10:20 - 2014-11-15 10:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf 2014-11-15 10:16 - 2014-11-15 10:16 - 00000000 ____D () C:\Users\Josh\AppData\Local\MetaGeek,_LLC 2014-11-10 20:49 - 2014-11-10 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 20:34 - 2014-11-10 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-11-08 13:14 - 2014-11-08 13:14 - 00000000 ____D () C:\Users\Josh\AppData\Local\Intuit_Inc 2014-11-08 12:23 - 2014-11-08 12:23 - 00000000 ____D () C:\Users\Josh\AppData\Local\IsolatedStorage 2014-11-08 12:23 - 2014-11-08 12:23 - 00000000 ____D () C:\Users\Josh\AppData\Local\Intuit 2014-11-08 12:10 - 2014-11-13 21:07 - 00000000 ____D () C:\Program Files (x86)\Quicken 2014-11-08 12:10 - 2014-11-08 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015 2014-11-08 12:10 - 2014-08-28 22:09 - 04200664 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll 2014-10-25 08:23 - 2014-10-25 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-25 08:21 - 2014-10-25 08:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-25 08:20 - 2014-10-25 08:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-10-25 08:20 - 2014-10-25 08:21 - 00000000 ____D () C:\Program Files\iTunes 2014-10-25 08:20 - 2014-10-25 08:21 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-10-25 08:20 - 2014-10-25 08:20 - 00000000 ____D () C:\Program Files\iPod 2014-10-24 12:18 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-24 12:18 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-24 12:02 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-24 12:01 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-24 12:01 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-24 12:01 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-24 12:01 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-24 12:01 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-24 12:01 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-24 11:59 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-24 11:59 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-24 11:56 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-10-24 11:56 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-10-24 11:56 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-24 11:56 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-24 11:56 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-24 11:56 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-24 11:56 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-24 11:56 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-24 11:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-24 11:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-24 11:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-24 11:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-24 11:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-24 11:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-24 11:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-24 11:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-24 11:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-24 11:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-24 11:55 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-24 11:55 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-24 11:55 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-10-24 11:55 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-24 11:54 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-10-24 11:54 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-10-24 11:53 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-24 11:53 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-24 11:53 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-24 11:53 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-24 11:53 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-10-24 11:53 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-10-24 11:07 - 2014-10-24 11:07 - 00006494 _____ () C:\Users\Josh\Documents\PaymentChek Receipt10.24.14Water.htm 2014-10-24 11:07 - 2014-10-24 11:07 - 00000000 ____D () C:\Users\Josh\Documents\PaymentChek Receipt10.24.14Water_files ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-15 21:40 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-15 21:40 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-15 21:37 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-15 21:36 - 2011-12-29 17:32 - 01769208 _____ () C:\Windows\WindowsUpdate.log 2014-11-15 21:33 - 2014-05-15 08:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-15 21:33 - 2012-01-08 17:40 - 00000000 ____D () C:\Users\Josh\AppData\Roaming\WTablet 2014-11-15 21:33 - 2011-12-29 17:41 - 00000000 ____D () C:\ProgramData\PDFC 2014-11-15 21:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-15 21:33 - 2009-07-13 23:51 - 00065588 _____ () C:\Windows\setupact.log 2014-11-15 21:23 - 2014-05-15 08:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-15 21:10 - 2014-03-28 06:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-15 20:48 - 2010-11-20 22:47 - 00994324 _____ () C:\Windows\PFRO.log 2014-11-15 20:45 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default 2014-11-15 20:44 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-15 20:33 - 2012-01-07 11:22 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{346855B7-DB87-4999-A697-0340D1001E28} 2014-11-15 18:42 - 2011-12-29 17:39 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-15 11:31 - 2009-07-13 23:45 - 02219712 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-15 11:23 - 2013-07-22 19:41 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-15 11:20 - 2012-01-08 11:56 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-15 11:09 - 2012-01-08 13:27 - 00000000 ____D () C:\Users\Josh\AppData\Local\CrashDumps 2014-11-15 11:07 - 2012-04-26 06:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-15 11:07 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup 2014-11-15 10:18 - 2014-05-15 08:47 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-15 10:18 - 2014-05-15 08:47 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-15 10:10 - 2012-02-18 10:14 - 00000000 ____D () C:\Users\Josh\Documents\Personal 2014-11-15 09:43 - 2014-07-09 19:37 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJosh 2014-11-15 09:43 - 2014-07-09 19:37 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJosh.job 2014-11-15 09:42 - 2011-12-29 17:45 - 00000000 ____D () C:\ProgramData\truesuite 2014-11-14 18:06 - 2012-01-10 16:30 - 00000000 ____D () C:\Users\Josh\Documents\Quicken Backups 2014-11-13 19:33 - 2014-03-28 06:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-13 19:33 - 2013-12-05 21:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-13 19:33 - 2013-12-05 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 19:25 - 2012-01-11 08:40 - 00000000 ____D () C:\Users\Josh\Documents\Photography Biz 2014-11-10 20:57 - 2012-01-26 20:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-10 20:57 - 2012-01-09 19:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-08 12:10 - 2012-01-10 16:11 - 00000126 _____ () C:\Windows\QUICKEN.INI 2014-10-30 06:25 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-28 20:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-10-25 08:23 - 2012-01-08 13:41 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-10-25 08:20 - 2014-09-15 19:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-10-25 08:20 - 2012-02-18 10:43 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-10-25 08:13 - 2014-06-22 18:41 - 00000000 ____D () C:\Users\Josh\AppData\Local\Adobe Some content of TEMP: ==================== C:\Users\Josh\AppData\Local\Temp\Quarantine.exe C:\Users\Josh\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-07 17:50 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014 Ran by Josh at 2014-11-15 21:51:24 Running from C:\Users\Josh\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe) Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden AMD Catalyst Install Manager (HKLM\...\{58F369B9-E0E8-A7D0-E25B-E2661E33AACC}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.) AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team) AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.2925 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Evernote v. 5.6.4 (HKLM-x32\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.) Eye-One Match 3.6.2 (HKLM-x32\...\Eye-One Match_is1) (Version: 3.6.2 - GretagMacbeth) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.4 - Hewlett-Packard) HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company) HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden i1_driver_installer_utility_i1Match version 1.0 (HKLM-x32\...\i1_driver_installer_utility_i1Match_is1) (Version: - X-Rite) iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6346.0 - IDT) Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) MEDITECH Alert Server (HKLM-x32\...\Alert Server) (Version: - Medical Information Technology, Inc.) MEDITECH core (HKLM-x32\...\core) (Version: - Medical Information Technology, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org) OverDrive Media Console (HKLM-x32\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc) PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.) Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit) Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.3.3 - Intuit) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Spotify (HKU\S-1-5-21-3192440701-1458875013-2191657805-1001\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden VIP Access SDK (1.0.1.4) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.) Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Wacom Tablet (HKLM-x32\...\Wacom Tablet Driver) (Version: - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.4 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.3 - Wacom Technology Corp.) WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 01-11-2014 16:39:03 Windows Update 07-11-2014 22:18:06 Windows Update 10-11-2014 23:10:57 Windows Update 14-11-2014 00:45:40 Windows Update 15-11-2014 15:03:48 Installed inSSIDer 15-11-2014 16:19:38 Windows Update 16-11-2014 02:06:44 Checkpoint by HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-11-15 20:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {12025F0B-6187-43B4-9890-E9E4DADD3140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe Task: {1E1DA92B-C86A-4CEE-960D-230852A2B10C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.) Task: {25BB1C57-6FB7-4C59-9A6B-F88F86250067} - System32\Tasks\{51106799-C5B4-418A-B89F-AA529541C9DC} => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {42073F3B-0C7D-46EA-9219-AF3968C9E2BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {642715DB-1E5C-4CEF-9F15-AA0CEA141271} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {65930C97-E3DD-4C9F-A1DD-7D1140E5ECD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe Task: {6808B3F6-0E4C-436A-9D44-7F9FD65A823D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {80AE597E-A0BC-4A76-939E-3A6A7412DBE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {D792C764-74D7-49D5-A980-B7F728480686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.) Task: {D7A84DB9-4F44-4C17-9494-4CD4D040F61C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D86CCA44-F3F7-4842-A8A6-D5D7C18DC001} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard) Task: {E42ED079-BB14-453E-87D5-E20977CA3BED} - System32\Tasks\HPCeeScheduleForJosh => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {ED52B1EA-0709-465A-935F-647335DE42F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated) Task: {F4F0C42A-0CFA-4611-AA43-3241096825CE} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe [2009-02-27] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJosh.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2011-12-29 17:36 - 2009-02-27 22:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe 2011-04-11 15:20 - 2011-04-11 15:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-04-11 15:20 - 2011-04-11 15:20 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-26 15:47 - 2014-08-26 15:47 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2014-08-26 15:47 - 2014-08-26 15:47 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2011-12-29 17:36 - 2009-02-19 20:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL 2014-11-10 20:49 - 2014-11-10 20:50 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3192440701-1458875013-2191657805-500 - Administrator - Disabled) Guest (S-1-5-21-3192440701-1458875013-2191657805-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3192440701-1458875013-2191657805-1002 - Limited - Enabled) Josh (S-1-5-21-3192440701-1458875013-2191657805-1001 - Administrator - Enabled) => C:\Users\Josh ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000220,(null),0,REG_BINARY,000000000198F150.72). hr = 0x80070005, Access is denied. . Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002fc,(null),0,REG_BINARY,000000000129E3C0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {de5f63bd-5fb9-4284-9d92-a1f06ea627d5} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a1c,(null),0,REG_BINARY,000000000C31E1A0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {e6579b9d-edab-4b30-8916-951ad5f11549} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a40,(null),0,REG_BINARY,000000000113E350.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {56bf94b0-f27b-47d2-8d25-df78af88abd8} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,(null),0,REG_BINARY,000000000268EBF0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {4d548374-f514-4152-ab01-2707d5b462ab} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,(null),0,REG_BINARY,00000000027CEBE0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {d5e93caa-fe08-4189-bcf5-2f2ba31a080b} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002fc,(null),0,REG_BINARY,000000000129E3C0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {de5f63bd-5fb9-4284-9d92-a1f06ea627d5} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a40,(null),0,REG_BINARY,000000000113E350.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {56bf94b0-f27b-47d2-8d25-df78af88abd8} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a1c,(null),0,REG_BINARY,000000000C31E1A0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {e6579b9d-edab-4b30-8916-951ad5f11549} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,(null),0,REG_BINARY,00000000027CEBE0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {d5e93caa-fe08-4189-bcf5-2f2ba31a080b} System errors: ============= Error: (11/15/2014 09:33:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The PDIHWCTL service failed to start due to the following error: %%2 Error: (11/15/2014 09:31:52 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (11/15/2014 09:26:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Type with the following error: %%5 Microsoft Office Sessions: ========================= Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000220,(null),0,REG_BINARY,000000000198F150.72)0x80070005, Access is denied. Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000002fc,(null),0,REG_BINARY,000000000129E3C0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {de5f63bd-5fb9-4284-9d92-a1f06ea627d5} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000a1c,(null),0,REG_BINARY,000000000C31E1A0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {e6579b9d-edab-4b30-8916-951ad5f11549} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000a40,(null),0,REG_BINARY,000000000113E350.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {56bf94b0-f27b-47d2-8d25-df78af88abd8} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x0000020c,(null),0,REG_BINARY,000000000268EBF0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {4d548374-f514-4152-ab01-2707d5b462ab} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001d0,(null),0,REG_BINARY,00000000027CEBE0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {d5e93caa-fe08-4189-bcf5-2f2ba31a080b} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000002fc,(null),0,REG_BINARY,000000000129E3C0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {de5f63bd-5fb9-4284-9d92-a1f06ea627d5} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000a40,(null),0,REG_BINARY,000000000113E350.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {56bf94b0-f27b-47d2-8d25-df78af88abd8} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000a1c,(null),0,REG_BINARY,000000000C31E1A0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {e6579b9d-edab-4b30-8916-951ad5f11549} Error: (11/15/2014 09:07:11 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001d0,(null),0,REG_BINARY,00000000027CEBE0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {d5e93caa-fe08-4189-bcf5-2f2ba31a080b} CodeIntegrity Errors: =================================== Date: 2014-11-15 20:44:16.721 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-15 20:44:16.659 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-03-13 21:51:05.690 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-03-13 21:51:05.682 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i7-2600 CPU @ 3.40GHz Percentage of memory in use: 15% Total physical RAM: 16364.31 MB Available physical RAM: 13875.75 MB Total Pagefile: 32726.8 MB Available Pagefile: 29980.99 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1850.78 GB) (Free:1231.15 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:12.13 GB) (Free:1.49 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 305355CF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1850.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.