Jump to content

Chrome look-a-like pop ups wont go away


Recommended Posts

Hello, I am having pop ups of something that looks like google chrome, but is not.

 

I have run trend micro, Kaspersky and now Malwarebytes. Only Malwarebytes found anything. I quarantiend the files and restarted. Sadly the pop ups keep returning.

 

Here is my FRST Log====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
Ran by KAM (administrator) on KAM-PC on 22-08-2014 16:26:59
Running from C:\Users\KAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JVWRSKXU
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intuit Canada ULC.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Intuit Canada ULC.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\hh.exe
(Google Inc.) C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe
(Google Inc.) C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe
(Google Inc.) C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe
(Google Inc.) C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [91432 2008-03-21] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-09] (Intuit Inc. All rights reserved.)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctOTM1MjA4Nzk1LUZMKzktWE8zNisxLUY5TTEwQisyLVhPOSsxLUY5TTIrMS1ERFQrMC1ERDkwRisxLVNUOTBGQVBQKzEtRjkwTTEyRFQrMS1UQisxLVU5NSsxLUY5MFVEKzEtU1QxMkZPSSsxLVNUMTJGQVBQKzEtU1RGOTBNMTJETSsxLVNUMTJPSSsxLUVVTEErMQ"&"prod=90"&"ver=2012.0.1834"&"mid=a45f2df962436ac58ecda667bfb23399-95a8665384ce1bb95d15985e229b48a9044e6fe8
HKLM-x32\...\RunOnce: [1] => C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\mbam-chameleon.exe [750392 2014-05-12] (MalwareBytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1341268868-2381364082-2725639120-1000\...\Run: [CottonAssistant] => C:\Windows\system32\rundll32.exe "C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-1341268868-2381364082-2725639120-1000\...\MountPoints2: {ffb2feb4-acc7-11e2-8bd4-20cf30c87435} - J:\Setup.exe
HKU\S-1-5-21-1341268868-2381364082-2725639120-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CottonAssistant] => C:\Windows\system32\rundll32.exe "C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-1341268868-2381364082-2725639120-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ffb2feb4-acc7-11e2-8bd4-20cf30c87435} - J:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Canada ULC.)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orders.creeksidefoods.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://businesspoint.chevron.com/sm/login.fcc?TYPE=33554433&REALMOID=06-08975578-cc93-44e9-a3c7-56edf86c628c&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-yHlvTnjNw2Lurw%2bLUe0ndtIJUYrzBI9%2fVyLIQTefZhKSDGbh0415rlXFff%2fWo3DJ&TARGET=-SM-https%3a%2f%2fbusinesspoint%2echevron%2ecom%2fCBPWebApp%2fappmanager%2fCBPPortal%2fCBPDesktop
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
DPF: HKLM-x32 {76CA9E30-5094-46F9-BE90-D47AD59C2C2C} https://chevron.bluecubesoft.com/pe/clientdownloads/SuperCab.cab
DPF: HKLM-x32 {95D85D77-B200-40A4-BF6A-999E9B1D3B26} https://ips.chevron.com/scripts/tlist8.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://chevronsupport.webex.com/client/T28L/support/ieatgpc1.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{A0E62281-84A8-44C5-AAB8-397F25C7EBDA}: [NameServer] 208.67.220.220,208.67.222.222

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2014-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-02-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-22]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-22]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-22]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-25]
CHR Extension: (Google Drive) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-06-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-25]
CHR Extension: (Google Search) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-25]
CHR Extension: (Kaspersky Protection) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-22]
CHR Extension: (Google Wallet) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\KAM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-25]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-10-06] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-02-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130322.001\IDSvia64.sys [513184 2013-02-20] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-07-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-07-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-08-22] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\26266034.sys [122584 2014-08-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130323.008\ENG64.SYS [126192 2013-02-21] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130323.008\EX64.SYS [2087664 2013-02-21] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [32240 2008-02-01] (Cyberlink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 16:26 - 2014-08-22 16:27 - 00000000 ____D () C:\FRST
2014-08-22 16:19 - 2014-08-22 16:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\26266034.sys
2014-08-22 15:56 - 2014-08-22 15:56 - 00000000 ____D () C:\mbam-chameleon-3.1.4.0
2014-08-22 15:45 - 2014-08-22 16:21 - 00000002 _____ () C:\Users\KAM\Desktop\Rkill.txt
2014-08-22 15:43 - 2014-08-22 15:43 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 15:43 - 2014-08-22 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-22 15:41 - 2014-08-22 15:46 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 15:41 - 2014-08-22 15:46 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 15:41 - 2014-08-22 15:41 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-22 15:41 - 2014-08-22 15:41 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-22 15:38 - 2014-08-22 15:38 - 00000000 ___RD () C:\Users\KAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-08-22 15:17 - 2014-08-22 15:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 15:16 - 2014-08-22 16:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 15:16 - 2014-08-22 15:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 15:16 - 2014-08-22 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 15:16 - 2014-08-22 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 15:16 - 2014-08-22 15:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 15:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-22 15:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-22 15:05 - 2014-08-22 15:05 - 00000000 _____ () C:\Windows\system32\MSVBVM60.DLL
2014-08-22 08:43 - 2014-08-22 08:43 - 00262144 _____ () C:\Windows\system32\config\elam
2014-08-22 08:33 - 2014-08-22 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-08-22 08:33 - 2014-08-22 08:32 - 00001139 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-08-22 08:32 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-08-22 08:30 - 2014-08-22 15:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-22 08:30 - 2014-08-22 08:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-22 08:30 - 2014-08-22 08:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-22 08:29 - 2014-07-26 03:22 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-22 08:29 - 2014-07-26 03:22 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-22 08:29 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-08-22 08:06 - 2014-08-22 15:23 - 00285052 _____ () C:\Users\KAM\AppData\Local\census.cache
2014-08-22 08:06 - 2014-08-22 15:22 - 00152896 _____ () C:\Users\KAM\AppData\Local\ars.cache
2014-08-22 08:03 - 2014-08-22 08:24 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-08-22 07:52 - 2014-08-22 07:52 - 00000010 _____ () C:\Users\KAM\AppData\Local\sponge.last.runtime.cache
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\InetClnt.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-08-22 07:42 - 2014-08-22 07:46 - 113631992 _____ (Microsoft Corporation) C:\Users\KAM\Downloads\msert.exe
2014-08-22 07:42 - 2014-08-22 07:42 - 00000036 _____ () C:\Users\KAM\AppData\Local\housecall.guid.cache
2014-08-22 07:42 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-08-22 07:41 - 2014-08-22 07:42 - 02473936 _____ (Trend Micro Inc.) C:\Users\KAM\Downloads\HousecallLauncher64.exe
2014-08-21 15:11 - 2014-08-21 15:11 - 00017344 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140820_20140821_143105.IIF
2014-08-21 11:36 - 2014-08-21 11:36 - 00003436 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task
2014-08-21 11:36 - 2014-08-21 11:36 - 00000000 ____D () C:\Users\KAM\AppData\Local\CottonAssistant
2014-08-21 11:30 - 2014-08-22 08:47 - 00000000 ____D () C:\Users\KAM\AppData\Roaming\Opulados
2014-08-21 11:26 - 2014-08-22 08:10 - 00000000 ____D () C:\ProgramData\UssoRobd
2014-08-21 11:26 - 2014-08-21 11:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-20 14:26 - 2014-08-20 14:26 - 00019775 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140818_20140819_140747.IIF
2014-08-20 14:26 - 2014-08-20 14:26 - 00017075 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140819_20140820_130223.IIF
2014-08-20 12:12 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-20 12:12 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-20 12:12 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-20 12:12 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-20 12:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-20 12:12 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-20 12:12 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-20 12:12 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-20 12:12 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-20 12:12 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-20 12:12 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-20 12:12 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 12:12 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-20 12:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 13:46 - 2014-08-19 13:46 - 00019571 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140813_20140814_145522.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00016855 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140817_20140818_114330.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00015682 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140814_20140815_154336.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00014075 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140815_20140818_081457.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00013100 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140816_20140818_085619.IIF
2014-07-23 09:54 - 2014-07-23 09:54 - 00000000 ____D () C:\Users\KAM\AppData\Roaming\webex

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 16:27 - 2014-08-22 16:26 - 00000000 ____D () C:\FRST
2014-08-22 16:21 - 2014-08-22 15:45 - 00000002 _____ () C:\Users\KAM\Desktop\Rkill.txt
2014-08-22 16:19 - 2014-08-22 16:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\26266034.sys
2014-08-22 16:03 - 2014-08-22 15:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 15:56 - 2014-08-22 15:56 - 00000000 ____D () C:\mbam-chameleon-3.1.4.0
2014-08-22 15:46 - 2014-08-22 15:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-22 15:46 - 2014-08-22 15:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-22 15:44 - 2009-07-13 21:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 15:44 - 2009-07-13 21:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 15:43 - 2014-08-22 15:43 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 15:43 - 2014-08-22 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-22 15:43 - 2010-12-16 18:31 - 01440446 _____ () C:\Windows\WindowsUpdate.log
2014-08-22 15:42 - 2013-02-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-22 15:42 - 2009-07-13 22:13 - 00783310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 15:41 - 2014-08-22 15:41 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-22 15:41 - 2014-08-22 15:41 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-22 15:41 - 2013-02-25 13:22 - 00000000 ____D () C:\Users\KAM\AppData\Local\Deployment
2014-08-22 15:38 - 2014-08-22 15:38 - 00000000 ___RD () C:\Users\KAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-08-22 15:38 - 2014-08-22 15:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 15:36 - 2014-08-22 08:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-22 15:35 - 2010-12-17 11:12 - 00180950 _____ () C:\Windows\PFRO.log
2014-08-22 15:35 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-22 15:35 - 2009-07-13 21:51 - 00049068 _____ () C:\Windows\setupact.log
2014-08-22 15:23 - 2014-08-22 08:06 - 00285052 _____ () C:\Users\KAM\AppData\Local\census.cache
2014-08-22 15:22 - 2014-08-22 08:06 - 00152896 _____ () C:\Users\KAM\AppData\Local\ars.cache
2014-08-22 15:16 - 2014-08-22 15:16 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 15:16 - 2014-08-22 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 15:16 - 2014-08-22 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 15:16 - 2014-08-22 15:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 15:05 - 2014-08-22 15:05 - 00000000 _____ () C:\Windows\system32\MSVBVM60.DLL
2014-08-22 14:55 - 2010-12-18 12:53 - 00000000 ____D () C:\Users\KAM\Documents\Outlook Files
2014-08-22 13:40 - 2010-12-18 13:02 - 00000000 ____D () C:\Users\KAM\Desktop\Work
2014-08-22 13:12 - 2010-12-17 10:41 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F03514B0-0764-415B-90F0-138F4C47658D}
2014-08-22 08:47 - 2014-08-21 11:30 - 00000000 ____D () C:\Users\KAM\AppData\Roaming\Opulados
2014-08-22 08:43 - 2014-08-22 08:43 - 00262144 _____ () C:\Windows\system32\config\elam
2014-08-22 08:33 - 2014-08-22 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-08-22 08:32 - 2014-08-22 08:33 - 00001139 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-08-22 08:30 - 2014-08-22 08:30 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-08-22 08:30 - 2014-08-22 08:30 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-08-22 08:24 - 2014-08-22 08:03 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-08-22 08:10 - 2014-08-21 11:26 - 00000000 ____D () C:\ProgramData\UssoRobd
2014-08-22 07:52 - 2014-08-22 07:52 - 00000010 _____ () C:\Users\KAM\AppData\Local\sponge.last.runtime.cache
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\InetClnt.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-08-22 07:46 - 2014-08-22 07:42 - 113631992 _____ (Microsoft Corporation) C:\Users\KAM\Downloads\msert.exe
2014-08-22 07:42 - 2014-08-22 07:42 - 00000036 _____ () C:\Users\KAM\AppData\Local\housecall.guid.cache
2014-08-22 07:42 - 2014-08-22 07:41 - 02473936 _____ (Trend Micro Inc.) C:\Users\KAM\Downloads\HousecallLauncher64.exe
2014-08-21 20:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-21 17:47 - 2014-01-20 09:28 - 00000000 ____D () C:\Users\KAM\AppData\Local\CrashDumps
2014-08-21 15:11 - 2014-08-21 15:11 - 00017344 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140820_20140821_143105.IIF
2014-08-21 11:36 - 2014-08-21 11:36 - 00003436 _____ () C:\Windows\System32\Tasks\Time Trigger Test Task
2014-08-21 11:36 - 2014-08-21 11:36 - 00000000 ____D () C:\Users\KAM\AppData\Local\CottonAssistant
2014-08-21 11:26 - 2014-08-21 11:26 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-20 14:26 - 2014-08-20 14:26 - 00019775 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140818_20140819_140747.IIF
2014-08-20 14:26 - 2014-08-20 14:26 - 00017075 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140819_20140820_130223.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00019571 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140813_20140814_145522.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00016855 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140817_20140818_114330.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00015682 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140814_20140815_154336.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00014075 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140815_20140818_081457.IIF
2014-08-19 13:46 - 2014-08-19 13:46 - 00013100 _____ () C:\Users\KAM\Downloads\AP_GL_991554_20140816_20140818_085619.IIF
2014-08-13 15:27 - 2012-08-15 14:48 - 00000000 ____D () C:\Users\KAM\Desktop\QB Back-up
2014-08-13 11:22 - 2013-01-30 11:09 - 00745400 _____ () C:\Users\KAM\Desktop\BCLC Inventory - Triangle (2013-2014).xlsm
2014-08-06 12:44 - 2010-12-18 12:51 - 00000000 ____D () C:\Users\KAM\Documents\forms
2014-08-05 09:20 - 2010-12-16 18:43 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-26 03:22 - 2014-08-22 08:29 - 00792128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-26 03:22 - 2014-08-22 08:29 - 00140352 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-23 09:54 - 2014-07-23 09:54 - 00000000 ____D () C:\Users\KAM\AppData\Roaming\webex
2014-07-23 09:54 - 2010-12-20 15:37 - 00000000 ____D () C:\ProgramData\WebEx

Some content of TEMP:
====================
C:\Users\KAM\AppData\Local\Temp\hxgafcw.dll
C:\Users\KAM\AppData\Local\Temp\ose00000.exe
C:\Users\KAM\AppData\Local\Temp\pmnwfnu.dll
C:\Users\KAM\AppData\Local\Temp\rbdauiy.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-17 00:06

==================== End Of Log ============================

 

 

Here is my Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
Ran by KAM at 2014-08-22 16:28:21
Running from C:\Users\KAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JVWRSKXU
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.270 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1531 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.1531 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}) (Version:  - Microsoft)
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Color LaserJet CM1312 MFP Series 5.1 (HKLM\...\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}) (Version: 5.1 - HP)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
hppCLJCM1312 (x32 Version: 005.001.00142 - Hewlett-Packard) Hidden
hppFaxDrvCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM1312 (x32 Version: 005.001.00137 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden
hppManualsCM1312 (x32 Version: 005.001.00145 - Hewlett-Packard) Hidden
hppQFolderCM1312 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM1312 (x32 Version: 005.001.00140 - Hewlett-Packard) Hidden
hppSendFaxCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden
hppusgCM1312 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}) (Version: 8.0.6362.201 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
Norton 360 (HKLM-x32\...\N360) (Version: 20.5.0.28 - Symantec Corporation)
QuickBooks (x32 Version: 19.0.4007.1091 - Intuit Canada Limited) Hidden
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Canada ULC) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4003.2305 - Intuit Canada ULC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2B7EA7DF-B822-4C58-B90A-961B6BAF454B}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

29-07-2014 11:44:20 Windows Update
05-08-2014 11:43:25 Windows Update
12-08-2014 11:42:43 Windows Update
15-08-2014 11:43:32 Windows Update
19-08-2014 11:43:33 Windows Update
20-08-2014 19:11:56 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {183B2A94-C661-48EF-894D-88C17080EF73} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {49EB8A74-12BB-4857-96A2-276E3B48096C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {6B76040B-7F9D-49FD-9FAD-CDD9941719DA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {6FAECB52-3281-4ADA-8559-6E1614D15856} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {9CFE6FC9-DC09-4195-B43A-B615424595DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22] (Google Inc.)
Task: {C29C244A-0545-4D72-8DDD-9F1799AF1506} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\KAM\AppData\Local\Temp\rbdauiy.dll",DllRegisterServer
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-05-01 13:41 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.5.0.28\wincfi39.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\InetClnt.dll
2014-08-21 11:36 - 2014-08-21 11:36 - 00287744 _____ () C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll
2014-01-10 02:22 - 2014-01-10 02:22 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2014-01-10 02:23 - 2014-01-10 02:23 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2014-01-10 02:24 - 2014-01-10 02:24 - 00066376 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2014-01-10 02:23 - 2014-01-10 02:23 - 00142152 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2014-01-10 02:22 - 2014-01-10 02:22 - 00174240 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2014-01-10 02:23 - 2014-01-10 02:23 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2014-01-10 02:22 - 2014-01-10 02:22 - 00530760 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2014-01-10 02:24 - 2014-01-10 02:24 - 00487752 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\UpgradeCenter.dll
2014-01-10 02:23 - 2014-01-10 02:23 - 00128328 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2014-01-10 02:23 - 2014-01-10 02:23 - 00518472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2014-08-22 15:05 - 2014-08-22 15:05 - 00000000 _____ () C:\Windows\system32\MSVBVM60.DLL
2014-01-10 02:23 - 2014-01-10 02:23 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-08-22 07:52 - 2014-08-22 07:52 - 00000000 _____ () C:\Windows\system32\MSVCR71.dll
2014-08-21 11:41 - 2014-08-21 11:41 - 00718152 _____ () C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\36.0.1985.143\libglesv2.dll
2014-08-21 11:41 - 2014-08-21 11:41 - 00126280 _____ () C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\36.0.1985.143\libegl.dll
2014-08-21 11:41 - 2014-08-21 11:41 - 08537928 _____ () C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\36.0.1985.143\pdf.dll
2014-08-21 11:41 - 2014-08-21 11:41 - 00353096 _____ () C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-21 11:41 - 2014-08-21 11:41 - 01732936 _____ () C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\36.0.1985.143\ffmpegsumo.dll
2014-08-21 11:41 - 2014-08-21 11:41 - 14669128 _____ () C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2014 08:46:55 AM) (Source: Winlogon) (EventID: 4004) (User: )
Description: The Windows logon process has failed to terminate the currently logged on user's processes.

Error: (08/22/2014 00:30:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/21/2014 05:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: abnum.exe, version: 128.0.60036.25165, time stamp: 0x4c060b58
Faulting module name: abnum.exe, version: 128.0.60036.25165, time stamp: 0x4c060b58
Exception code: 0x80000003
Fault offset: 0x0000d46e
Faulting process id: 0x27ac
Faulting application start time: 0xabnum.exe0
Faulting application path: abnum.exe1
Faulting module path: abnum.exe2
Report Id: abnum.exe3

Error: (08/21/2014 11:36:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: abnum.exe, version: 128.0.60036.25165, time stamp: 0x53d75949
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x516e331f
Faulting process id: 0x6e8
Faulting application start time: 0xabnum.exe0
Faulting application path: abnum.exe1
Faulting module path: abnum.exe2
Report Id: abnum.exe3

Error: (08/21/2014 00:30:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/20/2014 00:30:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/16/2014 00:30:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/13/2014 03:19:51 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBSUBSTORAGE

Error: (08/13/2014 03:19:51 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro":
ExcelHelper::WriteExcelVariable Com Error#: 800a03ec

Error: (08/13/2014 03:19:51 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro":
ExcelHelper::GetCustomPropertyLong - Variable not available : QBROWHEADERS

System errors:
=============
Error: (08/22/2014 03:37:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (08/22/2014 08:54:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/22/2014 08:49:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (08/22/2014 08:47:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:46:05 AM on ‎8/‎22/‎2014 was unexpected.

Error: (08/22/2014 08:17:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (08/22/2014 08:11:50 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (08/21/2014 00:03:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (08/21/2014 00:01:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:58:43 AM on ‎8/‎21/‎2014 was unexpected.

Error: (06/18/2014 00:22:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (04/30/2014 10:03:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (08/22/2014 08:46:55 AM) (Source: Winlogon) (EventID: 4004) (User: )
Description:

Error: (08/22/2014 00:30:33 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/21/2014 05:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: abnum.exe128.0.60036.251654c060b58abnum.exe128.0.60036.251654c060b58800000030000d46e27ac01cfbda2a84e9ddbC:\Users\KAM\AppData\Roaming\Opulados\abnum.exeC:\Users\KAM\AppData\Roaming\Opulados\abnum.exee6f0e69e-2995-11e4-8b1a-20cf30c87435

Error: (08/21/2014 11:36:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: abnum.exe128.0.60036.2516553d75949unknown0.0.0.000000000c0000005516e331f6e801cfbd6e914ac0fcC:\Users\KAM\AppData\Roaming\Opulados\abnum.exeunknown1105a831-2962-11e4-8be8-20cf30c87435

Error: (08/21/2014 00:30:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/20/2014 00:30:20 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/16/2014 00:30:21 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/13/2014 03:19:51 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks ProExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBSUBSTORAGE

Error: (08/13/2014 03:19:51 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks ProExcelHelper::WriteExcelVariable Com Error#: 800a03ec

Error: (08/13/2014 03:19:51 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks ProExcelHelper::GetCustomPropertyLong - Variable not available : QBROWHEADERS

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 62%
Total physical RAM: 4086.18 MB
Available physical RAM: 1542.26 MB
Total Pagefile: 8170.54 MB
Available Pagefile: 5239.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:356.72 GB) NTFS
Drive d: (Mar 12 2014) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 624F2728)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

first log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/22/2014

Scan Time: 7:53:49 PM

Logfile:

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.22.10

Rootkit Database: v2014.08.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: KAM

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 304288

Time Elapsed: 18 min, 38 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

Second log

 

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : KAM [Admin rights]
Mode : Scan -- Date : 08/22/2014  20:22:35

¤¤¤ Bad processes : 8 ¤¤¤
[suspicious.Path] browser.exe -- C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe[7] -> KILLED [TermProc]
[suspicious.Path] browser.exe -- C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe[7] -> KILLED [TermThr]
[suspicious.Path] browser.exe -- C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe[7] -> KILLED [TermThr]
[suspicious.Path] browser.exe -- C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe[7] -> KILLED [TermThr]
[suspicious.Path] rundll32.exe -- C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll[-] -> UNLOADED
[suspicious.Path] rundll32.exe -- C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll[-] -> UNLOADED
[suspicious.Path] (SVC) BHDrvx64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys[7] -> ERROR [41c]
[suspicious.Path] (SVC) IDSVia64 -- \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130322.001\IDSvia64.sys[7] -> ERROR [41c]

¤¤¤ Registry Entries : 16 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1341268868-2381364082-2725639120-1000\Software\Microsoft\Windows\CurrentVersion\Run | CottonAssistant : C:\Windows\system32\rundll32.exe "C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll",DllRegisterServer  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1341268868-2381364082-2725639120-1000\Software\Microsoft\Windows\CurrentVersion\Run | CottonAssistant : C:\Windows\system32\rundll32.exe "C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll",DllRegisterServer  -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BHDrvx64 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IDSVia64 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx64 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSVia64 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BHDrvx64 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDSVia64 -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1341268868-2381364082-2725639120-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1341268868-2381364082-2725639120-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1341268868-2381364082-2725639120-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://orders.creeksidefoods.com/  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1341268868-2381364082-2725639120-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://orders.creeksidefoods.com/  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] \\Time Trigger Test Task -- C:\Windows\SysWOW64\rundll32.exe ("C:\Users\KAM\AppData\Local\Temp\rbdauiy.dll",DllRegisterServer) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 18 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) WSOCK32.dll - BeginFileMapEnumeration : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4cc0
[EAT:Addr] (explorer.exe) WSOCK32.dll - CloseFileMapEnumeration : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4dd8
[EAT:Addr] (explorer.exe) WSOCK32.dll - GetNextFileMapContent : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4d1c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SRSetRestorePointA : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4e3c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SRSetRestorePointW : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4ecc
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcClose : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f331c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcConnectToServer : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4f5c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcFileException : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4f5c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcGetNextProtectedFile : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4c40
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcInitProt : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4e08
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcInitiateScan : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4f5c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcInstallProtectedFiles : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4f5c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f16f0
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcIsKeyProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f1110
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfcTerminateWatcherThread : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f331c
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfpDeleteCatalog : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4e08
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfpInstallCatalog : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4e08
[EAT:Addr] (explorer.exe) WSOCK32.dll - SfpVerifyFile : C:\Windows\system32\sfc_os.DLL @ 0x7fef90f4e20

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] c57b147d6b933b81db33f97c30839a56
[bSP] 4bcd403cbe7f03abde407dedd9102ff2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HP CM1312nfi MFP USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

I should note that I booted to safe mode with networking and no pop ups appeared.

Link to post
Share on other sites

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AV: Norton 360 (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton 360 (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton 360 (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

Please permanently disable Windows Defender, you have Kaspersky running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

You also have Norton on the system and it's still running.

Please uninstall it and run the removal tool:

https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

-------------------------------------------------

Please upload these files to VirusTotal for a free scan.

Let me know the results...just copy back the URLS.

C:\Users\KAM\AppData\LocalLow\ToolVisual\PolyesterModel\browser.exe

C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll

MrC

Link to post
Share on other sites

Stoped Windows Defender.

Removed Norton.

first link for C;\users\KAM\LocalLow\ToolVisual\PolyesterModel\browser.exe

https://www.virustotal.com/en/file/70010eba09129858af32f03079e70e974ebff8700f5f93dca2ec8a6b0991e2ac/analysis/

Second link for C:\Users\KAM\AppData\Local\CottonAssistant\CottonAssistant.dll

https://www.virustotal.com/en/file/6f9df395fc6405b29b7fff9d59492d4dd18ba36b9e85ee4b9ddaceef2738fd2d/analysis/

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ============================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ============================

    Make sure you have created that system restore point before you continue!

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      tds2.jpg

    • Put a checkmark beside loaded modules.

      13040712472913819.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg

    • Click the Start Scan button.

      tds2.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      tdsskiller_guide_5.gif

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      tdsskiller_guide_3.gif

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

Link to post
Share on other sites

Good........

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Threat Scan

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

Let me know how it is, MrC

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by KAM on Mon 08/25/2014 at  7:51:07.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/25/2014 at  7:56:13.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/25/2014
Scan Time: 7:59:23 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.25.03
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KAM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308189
Time Elapsed: 7 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

How is it???

If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Seems to be fine.

 Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Kaspersky Anti-Virus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 36.0.1985.143 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avp.exe 
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avpui.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


========================

Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

========================

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.