Sarge Posted August 22, 2014 ID:870045 Share Posted August 22, 2014 Ran the MBAM, MBAR & MS security essentials programs, because this thing is opening up rogue browser windows left and right. Cleaned what these programs found with no joy. Results of FRST scan:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014Ran by Owner (administrator) on Patty on 22-08-2014 14:27:47Running from J:\Installers\AV & SecurityPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe(Malwarebytes Corporation) C:\Program Files (x86)\MBAM\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\MBAM\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\MBAM\mbam.exe() C:\Windows\ntrtm.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Google Inc.) C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\browser.exe(Google Inc.) C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\browser.exe(Google Inc.) C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\browser.exe(Google Inc.) C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\browser.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1607760843-250622856-4008182566-1000\...\Run: [ToolPale] => C:\Windows\system32\rundll32.exe "C:\Users\Owner\AppData\Local\ToolPale\ToolPale.dll",DllRegisterServer <===== ATTENTIONHKU\S-1-5-21-1607760843-250622856-4008182566-1000\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Startup ()ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGWSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {B021971C-AB64-4665-B9DF-B32BB3F15C17} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileHandler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No FileHandler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No FileHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.99.2 FireFox:========FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No FileFF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKCU\...\Firefox\Extensions: [Lyrics@LyricsContainer.co] - C:\Program Files (x86)\LyricsContainer\125.xpi Chrome: =======CHR HomePage: hxxp://www.google.com/CHR StartupUrls: "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-13]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\MBAM\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\MBAM\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R2 netupdate; C:\Windows\ntrtm.exe [57344 2013-08-20] () [File not signed]R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-27] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-02-27] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-02-27] (Intuit Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-22] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 14:27 - 2014-08-22 14:27 - 00000000 ____D () C:\FRST2014-08-22 11:09 - 2014-08-22 11:53 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-08-21 11:56 - 2014-08-21 11:56 - 00022889 _____ () C:\Users\Owner\Desktop\hs_err_pid12124.log2014-08-21 11:56 - 2014-08-21 11:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\ToolPale2014-08-18 13:22 - 2014-08-18 13:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F8947412-34EE-4E7C-BCDF-A6A5E8E1A1B6}2014-08-14 16:22 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2014-08-14 16:22 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll2014-08-14 16:22 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2014-08-14 16:22 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2014-08-14 16:22 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe2014-08-14 16:22 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll2014-08-14 16:21 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe2014-08-14 16:21 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2014-08-13 08:03 - 2014-07-24 08:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-08-13 08:03 - 2014-07-24 08:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-08-13 08:03 - 2014-07-24 08:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-08-13 08:03 - 2014-07-24 08:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-08-13 08:03 - 2014-07-24 08:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-08-13 08:03 - 2014-07-24 08:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-08-13 08:03 - 2014-07-24 08:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-08-13 08:03 - 2014-07-24 08:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-08-13 08:03 - 2014-07-24 08:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-08-13 08:03 - 2014-07-24 08:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-08-13 08:03 - 2014-07-24 06:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-08-13 08:03 - 2014-07-24 06:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-08-13 08:03 - 2014-07-24 06:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-08-13 08:03 - 2014-07-24 06:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-08-13 08:03 - 2014-07-24 06:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-08-13 08:03 - 2014-07-24 06:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-08-13 08:03 - 2014-07-24 06:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-08-13 08:03 - 2014-07-24 06:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-08-13 08:03 - 2014-07-24 06:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-08-13 08:03 - 2014-07-24 06:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-08-13 08:03 - 2014-07-24 06:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-08-13 08:03 - 2014-07-24 05:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2014-08-13 08:03 - 2014-07-24 05:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2014-08-13 08:03 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-08-13 08:03 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-08-13 08:03 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-08-13 08:03 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-08-13 08:03 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-08-13 08:03 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-08-13 08:03 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-08-13 08:03 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-08-13 08:03 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-08-13 08:03 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-08-13 08:03 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-08-13 08:03 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-08-13 08:02 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-13 08:02 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-13 08:02 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-08-13 08:02 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-08-13 08:02 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-08-13 08:02 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-08-13 08:02 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-13 08:02 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2014-08-13 08:02 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2014-08-13 08:02 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-08-13 08:02 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-08-13 08:02 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-08-13 08:02 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-08-13 08:02 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-08-13 08:02 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-08-13 08:02 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-08-13 08:02 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-08-13 08:02 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-08-13 08:02 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-08-05 13:55 - 2014-08-05 13:55 - 00000028 _____ () C:\Windows\SysWOW64\u2014-08-05 13:54 - 2014-08-05 13:54 - 00003972 _____ () C:\Windows\System32\Tasks\{AD5DB80A-6B2C-EAB3-C0A3-9EFD2A4735C4}2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 _____ () C:\Windows\system32\xgbvtsd.dll2014-08-05 10:56 - 2014-08-07 10:33 - 00031232 _____ () C:\Users\Owner\NetHood\Documents\Barilla Radio PM's.xls2014-07-30 08:46 - 2014-07-30 08:46 - 00787076 _____ () C:\Users\Owner\NetHood\Documents\Narrowband confirmation for Highland Hospital.mht2014-07-28 08:53 - 2014-07-28 08:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7996433B-DA4C-4185-B746-4A4E3A20B647}2014-07-28 08:52 - 2014-07-28 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B14B3C85-A010-4C50-A3D2-8457816C9354}2014-07-28 08:47 - 2014-07-28 08:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{6332D1B9-3A36-4226-9849-D08F2FD7EFBB} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 14:27 - 2014-08-22 14:27 - 00000000 ____D () C:\FRST2014-08-22 14:25 - 2012-08-31 07:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-22 14:10 - 2014-05-19 08:42 - 00033792 _____ () C:\Users\Owner\NetHood\Documents\Installs and Work to be done 2014.xls2014-08-22 12:33 - 2012-03-13 13:57 - 00000000 ____D () C:\Transfer2014-08-22 12:02 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-22 12:02 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-22 12:00 - 2009-07-14 01:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-22 11:58 - 2012-01-30 00:58 - 01939271 _____ () C:\Windows\WindowsUpdate.log2014-08-22 11:55 - 2014-05-08 07:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-22 11:55 - 2013-08-02 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-08-22 11:54 - 2014-07-11 11:43 - 00001658 _____ () C:\Windows\setupact.log2014-08-22 11:54 - 2012-03-13 14:45 - 00000000 ____D () C:\Windows\Intuit2014-08-22 11:54 - 2010-11-20 23:47 - 00905022 _____ () C:\Windows\PFRO.log2014-08-22 11:54 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-22 11:54 - 2009-07-14 00:45 - 00390576 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-22 11:53 - 2014-08-22 11:09 - 00000000 ____D () C:\Users\Owner\Desktop\mbar2014-08-22 11:09 - 2014-05-07 16:34 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-22 08:57 - 2013-04-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Google2014-08-22 08:23 - 2012-03-15 09:24 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google2014-08-21 11:56 - 2014-08-21 11:56 - 00022889 _____ () C:\Users\Owner\Desktop\hs_err_pid12124.log2014-08-21 11:56 - 2014-08-21 11:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\ToolPale2014-08-20 16:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-08-20 07:55 - 2012-03-13 13:33 - 00095832 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT2014-08-19 16:01 - 2012-03-15 10:02 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-08-19 15:29 - 2012-03-15 11:42 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps2014-08-18 13:23 - 2014-08-18 13:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\{F8947412-34EE-4E7C-BCDF-A6A5E8E1A1B6}2014-08-18 09:43 - 2013-03-11 13:33 - 00053760 _____ () C:\Users\Owner\Desktop\Wegmans Break down prices.xls2014-08-14 16:30 - 2013-07-25 03:04 - 00000000 ____D () C:\Windows\system32\MRT2014-08-14 16:26 - 2012-03-14 13:06 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-08-14 16:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-08-14 16:21 - 2014-05-06 16:18 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-08-12 13:44 - 2014-06-17 10:17 - 00000000 ____D () C:\Users\Owner\Desktop\Iberdrola WIMAX Folder2014-08-07 10:33 - 2014-08-05 10:56 - 00031232 _____ () C:\Users\Owner\NetHood\Documents\Barilla Radio PM's.xls2014-08-06 22:06 - 2014-08-13 08:02 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-06 22:01 - 2014-08-13 08:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-05 13:55 - 2014-08-05 13:55 - 00000028 _____ () C:\Windows\SysWOW64\u2014-08-05 13:54 - 2014-08-05 13:54 - 00003972 _____ () C:\Windows\System32\Tasks\{AD5DB80A-6B2C-EAB3-C0A3-9EFD2A4735C4}2014-08-05 13:54 - 2014-08-05 13:54 - 00000000 _____ () C:\Windows\system32\xgbvtsd.dll2014-08-05 13:14 - 2014-06-25 14:36 - 00034578 _____ () C:\Users\Owner\NetHood\Documents\Motorola Warranty Replacement.xlsx2014-07-30 08:46 - 2014-07-30 08:46 - 00787076 _____ () C:\Users\Owner\NetHood\Documents\Narrowband confirmation for Highland Hospital.mht2014-07-29 07:46 - 2013-12-04 12:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-29 07:45 - 2013-12-04 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-28 08:54 - 2014-07-28 08:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\{7996433B-DA4C-4185-B746-4A4E3A20B647}2014-07-28 08:52 - 2014-07-28 08:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\{B14B3C85-A010-4C50-A3D2-8457816C9354}2014-07-28 08:47 - 2014-07-28 08:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\{6332D1B9-3A36-4226-9849-D08F2FD7EFBB}2014-07-24 08:11 - 2014-08-13 08:03 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-24 08:10 - 2014-08-13 08:03 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-24 08:10 - 2014-08-13 08:03 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-24 08:09 - 2014-08-13 08:03 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-24 08:09 - 2014-08-13 08:03 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-24 08:09 - 2014-08-13 08:03 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-24 08:09 - 2014-08-13 08:03 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-24 08:09 - 2014-08-13 08:03 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-24 08:09 - 2014-08-13 08:03 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-24 08:09 - 2014-08-13 08:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-24 06:52 - 2014-08-13 08:03 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-24 06:52 - 2014-08-13 08:03 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-24 06:51 - 2014-08-13 08:03 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-24 06:51 - 2014-08-13 08:03 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-24 06:51 - 2014-08-13 08:03 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-24 06:51 - 2014-08-13 08:03 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-24 06:51 - 2014-08-13 08:03 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-24 06:51 - 2014-08-13 08:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-24 06:51 - 2014-08-13 08:03 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-24 06:33 - 2014-08-13 08:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-24 06:29 - 2014-08-13 08:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-24 05:37 - 2014-08-13 08:03 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2014-07-24 05:32 - 2014-08-13 08:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe Some content of TEMP:====================C:\Users\Owner\AppData\Local\Temp\Abspdf.exeC:\Users\Owner\AppData\Local\Temp\acfpdfu.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Owner\AppData\Local\Temp\acfpdfui.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Owner\AppData\Local\Temp\cdintf.dllC:\Users\Owner\AppData\Local\Temp\MSIZAP.EXEC:\Users\Owner\AppData\Local\Temp\PDFPRT400.exeC:\Users\Owner\AppData\Local\Temp\stlport_r50.dllC:\Users\Owner\AppData\Local\Temp\xmllite.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-20 10:46 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2014Ran by Owner at 2014-08-22 14:28:17Running from J:\Installers\AV & SecurityBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Best Buy pc app (Version: 3.3.0.0 - Best Buy) HiddenBest Buy pc app (x32 Version: 3.3.0.0 - Best Buy) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)CyberLink PowerDVD 10 (x32 Version: 10.0.2531.52 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenEtron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) HiddenEvernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGalerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Gateway Incorporated)GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)Java 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle)JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11000.8.100 - Nero AG)Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) HiddenNero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) HiddenNero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) HiddenNero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) HiddenNero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) HiddenNero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) HiddenNero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10300 - Nero AG)Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) HiddenNero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) HiddenNero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)QuickBooks (x32 Version: 24.0.4005.2403 - Intuit Inc.) HiddenQuickBooks Enterprise Solutions 14.0 (HKLM-x32\...\{48FF40D4-2071-4EC0-8BD5-2E7D69A38CE2}) (Version: 24.0.4005.2403 - Intuit Inc.)QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) HiddenVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1607760843-250622856-4008182566-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-1607760843-250622856-4008182566-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\Windows\system32\SHELL32.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-08-2014 20:20:54 Windows Update18-08-2014 12:08:10 Windows Update19-08-2014 14:14:44 Configured Microsoft Office Home and Student 200719-08-2014 19:57:03 Configured Microsoft Office Home and Student 200721-08-2014 20:12:13 Configured Microsoft Office Home and Student 200722-08-2014 12:21:42 Removed Google Drive22-08-2014 13:14:52 Windows Update22-08-2014 15:52:59 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {3ACBF538-95BF-4962-AD49-9FD4C6316A88} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {47F7DFC9-2EE4-4514-ABBD-A96672DD926E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)Task: {B5773821-D95C-47C5-AEEC-8D28FE1D0024} - System32\Tasks\{AD5DB80A-6B2C-EAB3-C0A3-9EFD2A4735C4} => C:\Windows\system32\ssaylw.dll/s "C:\Windows\system32\ssaylw.dll"Task: {CE4612D6-865E-46E6-A8C8-E78BF08ACC3D} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-05] (Nero AG)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-20 12:34 - 2013-08-20 12:34 - 00057344 _____ () C:\Windows\ntrtm.exe2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-08-15 08:11 - 2014-08-15 08:11 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d6b17ed342f72bdf559a51f37ca929\IsdiInterop.ni.dll2011-11-08 04:24 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2009-08-05 10:45 - 2009-08-05 10:45 - 00106312 _____ () C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLCTL.DLL2014-08-21 11:57 - 2014-08-21 11:57 - 00718152 _____ () C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\36.0.1985.143\libglesv2.dll2014-08-21 11:57 - 2014-08-21 11:57 - 00126280 _____ () C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\36.0.1985.143\libegl.dll2014-08-21 11:57 - 2014-08-21 11:57 - 08537928 _____ () C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\36.0.1985.143\pdf.dll2014-08-21 11:57 - 2014-08-21 11:57 - 00353096 _____ () C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\36.0.1985.143\ppGoogleNaClPluginChrome.dll2014-08-21 11:57 - 2014-08-21 11:57 - 01732936 _____ () C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\36.0.1985.143\ffmpegsumo.dll2014-08-21 11:57 - 2014-08-21 11:57 - 14669128 _____ () C:\Users\Owner\AppData\LocalLow\UtilityGravity\ToolAssistant\36.0.1985.143\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartupMSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: Best Buy pc app => C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-msMSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartMSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exeMSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startupMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: njoxvqne => "C:\Users\Owner\AppData\Local\aemigxsq.exe"MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sMSCONFIG\startupreg: Ypxydyyxkah => "C:\Users\Owner\AppData\Roaming\Emyzhade\usvaxu.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/22/2014 11:56:27 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2014 11:10:25 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2014 09:40:54 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2014 09:13:48 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions 14.0":Got unexpected error 5 in call to NetShareGetInfo for path \\QB-HOST\QB Company Files\Enterprise\Flower City LLC.QBW Error: (08/22/2014 09:13:31 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions 14.0":Got unexpected error 5 in call to NetShareGetInfo for path \\QB-HOST\QB Company Files\Enterprise\Flower City LLC.QBW Error: (08/22/2014 09:13:30 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions 14.0":Got unexpected error 5 in call to NetShareGetInfo for path \\QB-HOST\QB Company Files\Enterprise\Flower City LLC.QBW Error: (08/22/2014 09:13:24 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Got unexpected error 5 in call to NetShareGetInfo for path \\QB-HOST\QB Company Files\Enterprise\Flower City LLC.QBW Error: (08/22/2014 09:05:02 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2014 08:50:49 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions 14.0":Got unexpected error 5 in call to NetShareGetInfo for path \\QB-HOST\QB Company Files\Enterprise\Flower City LLC.QBW Error: (08/22/2014 08:50:11 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions 14.0":Got unexpected error 5 in call to NetShareGetInfo for path \\QB-HOST\QB Company Files\Enterprise\Flower City LLC.QBW System errors:=============Error: (08/22/2014 11:09:54 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/22/2014 09:39:32 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (08/22/2014 09:39:32 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (08/22/2014 09:39:30 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/22/2014 09:39:23 AM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/22/2014 09:39:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: discacheMpFilterspldrWanarpv6 Error: (08/22/2014 09:39:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: %%31 Error: (08/22/2014 09:37:48 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (08/22/2014 09:04:23 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/22/2014 09:02:15 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA} Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Core i5-2320 CPU @ 3.00GHzPercentage of memory in use: 32%Total physical RAM: 8096.28 MBAvailable physical RAM: 5483.13 MBTotal Pagefile: 16190.73 MBAvailable Pagefile: 13655.48 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Local Disk) (Fixed) (Total:918.41 GB) (Free:851.01 GB) NTFSDrive j: (SHOP FLASH) (Removable) (Total:29.67 GB) (Free:6.94 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 05676CE6)Partition 1: (Not Active) - (Size=13 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS) ========================================================Disk: 6 (MBR Code: Windows XP) (Size: 29.7 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=29.7 GB) - (Type=0C) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted August 22, 2014 ID:870061 Share Posted August 22, 2014 Welcome to the forum. (Do what you can) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. 2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. Please run a Threat Scan with Malwarebytes Start Malwarebytes 2.0.......... Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine all that's found Post the log Then....... Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Wait for the Prescan to finish Click Scan to scan the system. When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here. Don't run any other options, they're not all bad!!!!!!! RogueKiller logs will also be located here: %programdata%/RogueKiller/Logs <-------W7 C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running. Create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear". ------->Your topic will be closed if you haven't replied within 3 days!<-------- If I don't respond within 24 hours, please send me a PM Link to post Share on other sites More sharing options...
Sarge Posted August 22, 2014 Author ID:870094 Share Posted August 22, 2014 Thank you. Don't close me up. I'll get back to you on Monday. Link to post Share on other sites More sharing options...
MrCharlie Posted August 22, 2014 ID:870107 Share Posted August 22, 2014 OK..MrC Link to post Share on other sites More sharing options...
MrCharlie Posted August 26, 2014 ID:871582 Share Posted August 26, 2014 How are we doing?????? MrC Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 29, 2014 Root Admin ID:872679 Share Posted August 29, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts