Jump to content

Poweliks Help


Slovo892

Recommended Posts

Hello...

 

I was hoping that an expert can help me make sure that the Poweliks malware is removed from my computer.

 

For the past few days Norton has been finding a file or two each day and quartering them.   

 

Norton Full or Quick scan didn't help.

 

Malwarebytes didn't find anything.

 

Scanned with NPE which found the Trojan.poweliks and said that it fixed it.

 

Also scanned with ADWcleaner.

 

Seems to be better... but want to make sure it's gone.

 

FRST log done after is attached.

 

Thanks in advance for any/all help.

 

 

FRST.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

Please post the addition.txt by FRST as well.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014

Ran by Renee (ATTENTION: The logged in user is not administrator) on OFFICE02 on 19-09-2014 18:21:27

Running from C:\FRST

Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Pro Softnet Corporation) C:\IBackup for Windows\IBackground_955.exe

(Pro Softnet Corporation) C:\IBackup for Windows\IBMonitor.exe

(brother) C:\Program Files\Brownie\BrStsWnd.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE

(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-06-22] (Analog Devices, Inc.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)

HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)

HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)

HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)

HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] ()

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [IBWin Background process] => C:\IBackup for Windows\IBackground_955.exe [38376 2011-01-12] (Pro Softnet Corporation)

HKLM\...\Run: [IBWin Monitor] => C:\IBackup for Windows\IBMonitor.exe [1861096 2011-01-12] (Pro Softnet Corporation)

HKLM\...\Run: [BrStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [3618104 2009-08-19] (brother)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)

HKU\S-1-5-21-1218796917-176530085-1381546619-1139\...\MountPoints2: {2d0bfc02-2a70-11e2-b816-f04da22bcc6a} - I:\TL-Bootstrap.exe

HKU\S-1-5-21-1218796917-176530085-1381546619-1139\...\MountPoints2: {49c6e9ea-0410-11e3-998c-f04da22bcc6a} - I:\TL-BootStrap.exe

HKU\S-1-5-21-1218796917-176530085-1381546619-1139\...\MountPoints2: {8ca5c454-cd8d-11e3-b69a-f04da22bcc6a} - I:\TL-Bootstrap.exe

HKU\S-1-5-21-1218796917-176530085-1381546619-1139\...\MountPoints2: {b1d6b8a7-4476-11e2-9f1c-f04da22bcc6a} - I:\TL-Bootstrap.exe

Lsa: [Authentication Packages] msv1_0 wvauth

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FTP Utility.lnk

ShortcutTarget: FTP Utility.lnk -> C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk

ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

SearchScopes: HKCU - DefaultScope {2E8CA3E2-AF61-4117-A040-0D7DD9DE1B09} URL =

SearchScopes: HKCU - {2E8CA3E2-AF61-4117-A040-0D7DD9DE1B09} URL =

SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2013&locale=en_US&gct=sb&qsrc=2869

BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.2.0.38\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.2.0.38\IPSFF [2014-04-26]

Chrome:

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

CHR CustomProfile: C:\Users\renee\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (YouTube) - C:\Users\renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-22]

CHR Extension: (Google Search) - C:\Users\renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-22]

CHR Extension: (Google Wallet) - C:\Users\renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-19]

CHR Extension: (Gmail) - C:\Users\renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IBAdminProcess; C:\IBackup for Windows\IBAdminProcess.exe [124392 2011-01-12] (Pro Softnet Corporation)

R2 IBWin Service; C:\IBackup for Windows\IBWin Service_955.exe [132584 2011-01-12] (Pro Softnet Corporation)

S2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.5.0.19\NAV.exe [262968 2014-07-31] (Symantec Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]

R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]

R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-05] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]

S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)

S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)

S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.) [File not signed]

S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]

R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20140912.003\BHDrvx86.sys [1137368 2014-09-12] (Symantec Corporation)

R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]

R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1505000.013\ccSetx86.sys [127064 2014-02-24] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)

R1 IDSVix86; C:\Program Files\Norton AntiVirus\NortonData\21.2.0.38\Definitions\IPSDefs\20140918.003\IDSvix86.sys [476888 2014-08-29] (Symantec Corporation)

S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )

R3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20140919.006\NAVENG.SYS [95704 2014-09-17] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20140919.006\NAVEX15.SYS [1636696 2014-09-17] (Symantec Corporation)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-03-19] (Microsoft Corporation)

R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)

R1 SRTSP; C:\Windows\System32\Drivers\NAV\1505000.013\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAV\1505000.013\SRTSPX.SYS [32344 2013-10-30] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NAV\1505000.013\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAV\1505000.013\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-04-26] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAV\1505000.013\Ironx86.SYS [206936 2013-10-30] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAV\1505000.013\SYMNETS.SYS [447704 2014-02-17] (Symantec Corporation)

R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 18:13 - 2014-09-19 18:20 - 00026711 _____ () C:\Users\renee\Desktop\FRST.txt

2014-09-19 18:13 - 2014-09-19 18:04 - 01097728 _____ (Farbar) C:\Users\renee\Desktop\FRST.exe

2014-09-19 11:39 - 2014-09-19 11:39 - 00000000 ____D () C:\Users\renee\AppData\Local\{699CA8F4-0516-4C80-BB0C-A77D2DF78ABA}

2014-09-19 10:45 - 2014-09-19 10:45 - 00000000 ____D () C:\Users\renee\AppData\Local\{2DE92E2D-9119-484F-8BC0-705C2DA0739A}

2014-09-19 10:41 - 2014-09-19 10:41 - 00000000 ____D () C:\Users\renee\AppData\Local\{3334B4BB-F47D-474E-A3BA-A5DC3A4427CC}

2014-09-19 07:11 - 2014-09-19 07:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5

2014-09-18 22:07 - 2014-09-18 22:09 - 00000000 ____D () C:\NBRT

2014-09-18 20:26 - 2014-09-19 18:21 - 00000000 ____D () C:\FRST

2014-09-18 20:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-09-18 20:12 - 2014-09-18 20:22 - 00000000 ____D () C:\AdwCleaner

2014-09-17 18:33 - 2014-09-17 18:33 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizard

2014-09-17 18:33 - 2014-09-17 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard

2014-09-17 18:33 - 2014-09-17 18:33 - 00000000 ____D () C:\Program Files\Norton Bootable Recovery Tool Wizard

2014-09-17 18:33 - 2012-07-26 01:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi.dll

2014-09-17 18:33 - 2012-07-26 01:32 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2014-09-17 17:34 - 2014-09-17 17:41 - 00000000 ____D () C:\NPE

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point32_01011.Wdf

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01011.Wdf

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

2014-09-17 17:29 - 2014-09-17 17:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf

2014-09-03 21:04 - 2014-09-18 20:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-09-03 21:04 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-03 21:04 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-22 08:38 - 2014-08-22 08:38 - 00002934 _____ () C:\Users\renee\Downloads\155467.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 18:22 - 2014-02-02 14:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-19 18:21 - 2014-09-18 20:26 - 00000000 ____D () C:\FRST

2014-09-19 18:20 - 2014-09-19 18:13 - 00026711 _____ () C:\Users\renee\Desktop\FRST.txt

2014-09-19 18:15 - 2011-02-02 03:55 - 00782838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-19 18:11 - 2009-07-14 00:55 - 01364977 _____ () C:\Windows\WindowsUpdate.log

2014-09-19 18:07 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-19 18:07 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-19 18:04 - 2014-09-19 18:13 - 01097728 _____ (Farbar) C:\Users\renee\Desktop\FRST.exe

2014-09-19 18:01 - 2011-12-18 12:32 - 00000328 _____ () C:\Windows\Brownie.ini

2014-09-19 18:00 - 2012-01-27 09:24 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-19 18:00 - 2011-07-31 23:15 - 00000000 _____ () C:\Users\renee\AppData\Local\WavXMapDrive.bat

2014-09-19 18:00 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-19 18:00 - 2009-07-14 00:39 - 00064062 _____ () C:\Windows\setupact.log

2014-09-19 17:45 - 2012-01-27 09:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-19 16:38 - 2011-02-20 00:28 - 00000000 ____D () C:\IBackup for Windows

2014-09-19 15:35 - 2012-01-26 16:34 - 00000000 ____D () C:\Users\renee\Documents\FAX COVERS

2014-09-19 11:53 - 2011-07-31 23:16 - 00000000 ____D () C:\Users\renee\AppData\Local\Deployment

2014-09-19 11:39 - 2014-09-19 11:39 - 00000000 ____D () C:\Users\renee\AppData\Local\{699CA8F4-0516-4C80-BB0C-A77D2DF78ABA}

2014-09-19 10:45 - 2014-09-19 10:45 - 00000000 ____D () C:\Users\renee\AppData\Local\{2DE92E2D-9119-484F-8BC0-705C2DA0739A}

2014-09-19 10:41 - 2014-09-19 10:41 - 00000000 ____D () C:\Users\renee\AppData\Local\{3334B4BB-F47D-474E-A3BA-A5DC3A4427CC}

2014-09-19 07:11 - 2014-09-19 07:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5

2014-09-18 22:13 - 2009-07-14 00:53 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-18 22:09 - 2014-09-18 22:07 - 00000000 ____D () C:\NBRT

2014-09-18 20:40 - 2014-09-03 21:04 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-18 20:35 - 2011-02-02 05:44 - 00381972 _____ () C:\Windows\PFRO.log

2014-09-18 20:22 - 2014-09-18 20:12 - 00000000 ____D () C:\AdwCleaner

2014-09-18 16:21 - 2011-09-21 15:21 - 00036711 _____ () C:\Users\renee\Documents\Autp Parts Depot Tally.xlsx

2014-09-17 18:34 - 2011-02-12 13:48 - 00000000 ____D () C:\ProgramData\Norton

2014-09-17 18:33 - 2014-09-17 18:33 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizard

2014-09-17 18:33 - 2014-09-17 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard

2014-09-17 18:33 - 2014-09-17 18:33 - 00000000 ____D () C:\Program Files\Norton Bootable Recovery Tool Wizard

2014-09-17 18:28 - 2011-02-12 14:03 - 00000000 ____D () C:\Users\Public\Downloads\Norton

2014-09-17 18:26 - 2012-06-24 11:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-09-17 18:25 - 2011-02-12 19:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-09-17 17:41 - 2014-09-17 17:34 - 00000000 ____D () C:\NPE

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point32_01011.Wdf

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01011.Wdf

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

2014-09-17 17:32 - 2014-09-17 17:32 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

2014-09-17 17:29 - 2014-09-17 17:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf

2014-09-17 16:43 - 2012-01-26 16:37 - 00000000 ____D () C:\Users\renee\Documents\BLANK ESTIMATES

2014-09-17 09:16 - 2011-10-11 14:05 - 00000000 ____D () C:\Users\renee\AppData\Local\CrashDumps

2014-09-17 08:36 - 2013-04-25 09:35 - 00000000 ____D () C:\Users\renee\Documents\CHECK LISTS

2014-09-14 23:37 - 2012-10-18 11:30 - 00000000 ____D () C:\Users\renee\AppData\Local\{5DD74C0F-4888-4B66-8571-43BE85797531}

2014-09-12 14:35 - 2012-04-27 10:47 - 00000000 ____D () C:\Users\renee\Documents\LEE

2014-09-11 09:35 - 2012-06-13 14:47 - 00000000 ____D () C:\Users\renee\Documents\WORKER'S COMP

2014-09-11 01:48 - 2012-01-27 09:25 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-10 11:22 - 2012-01-26 16:39 - 00000000 ____D () C:\Users\renee\Documents\CERTIFIED PAYROLL

2014-09-04 11:26 - 2012-04-27 10:45 - 00000000 ____D () C:\Users\renee\Documents\CONTACT LISTS

2014-09-04 08:06 - 2012-03-05 09:22 - 00708608 ___SH () C:\Users\renee\Documents\Thumbs.db

2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-09-03 21:04 - 2013-07-17 21:03 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-03 21:04 - 2013-07-17 21:03 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-08-26 14:02 - 2012-01-26 16:42 - 00000000 ____D () C:\Users\renee\Documents\LABELS

2014-08-22 08:38 - 2014-08-22 08:38 - 00002934 _____ () C:\Users\renee\Downloads\155467.htm

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014

Ran by Renee at 2014-09-19 18:22:15

Running from C:\FRST

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden

Adobe Flash Player 11 ActiveX (HKLM\...\{98616875-CF30-4BE5-AAED-36EF4AC6EE27}) (Version: 11.3.300.268 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Avantext Aircraft and Airmen CD (HKLM\...\Avantext Aircraft and Airmen CD) (Version: - )

BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden

Brother HL-5370DW (HKLM\...\{DBC40FCE-99FF-4579-B0B0-BF3DE0AB95FB}) (Version: 1.00 - Brother)

CleanUp! (HKLM\...\CleanUp!) (Version: - )

Crystal Reports for .NET Framework 2.0 (x86) (HKLM\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)

CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)

CyberLink PowerDVD 9.5 (Version: 9.5.1.3225 - CyberLink Corp.) Hidden

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)

Dell Control Point (Version: 1.6.468.86 - Broadcom Corporation) Hidden

Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)

Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)

Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002 - Wave Systems Corp) Hidden

Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.)

DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden

Document Manager Lite (Version: 06.09.00.159 - Wave Systems Corp.) Hidden

EMBASSY Security Center (Version: 04.00.00.101 - Wave Systems Corp) Hidden

EMBASSY Security Setup (Version: 04.00.00.090 - Wave Systems Corp) Hidden

ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden

FTP Utility (HKLM\...\InstallShield_{A5EC243A-AAB4-4AF0-85A5-07F9F4618353}) (Version: 1.00.0000 - KONICA MINOLTA)

FTP Utility (Version: 1.00.0000 - KONICA MINOLTA) Hidden

Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden

Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

IBackup for Windows Version - 9.0 (HKLM\...\IBackup for Windows_is1) (Version: 9.0 - Pro Softnet Corp)

Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)

Intel(R) Network Connections 15.2.89.0 (HKLM\...\PROSetDX) (Version: 15.2.89.0 - Dell)

Intel(R) Network Connections 15.2.89.0 (Version: 15.2.89.0 - Dell) Hidden

Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)

Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)

Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

KONICA MINOLTA bizhub 501/421/361 (HKLM\...\KONICA MINOLTA bizhub 501/421/361 Installer) (Version: - KONICA MINOLTA)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden

Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual Basic Power Packs 3.0 Redistributable (HKLM\...\{928BDF57-B11C-3917-8C21-7948439E49B4}) (Version: 9.0.30214 - Microsoft)

Microsoft Visual Basic PowerPacks 10.0 (HKLM\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden

MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Norton AntiVirus (HKLM\...\NAV) (Version: 21.5.0.19 - Symantec Corporation)

Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 7.0.0.18 - Symantec Corporation)

NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden

PhotoShowExpress (Version: 2.0.028 - Sonic Solutions) Hidden

Preboot Manager (Version: 03.00.00.154 - Wave Systems Corp.) Hidden

Private Information Manager (Version: 06.04.00.065 - Wave Systems Corp.) Hidden

QuickBooks (Version: 24.0.4006.2403 - Intuit Inc.) Hidden

QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4004.2403 - Intuit Inc.)

Roxio Activation Module (Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (Version: 1.3.3 - Roxio) Hidden

Roxio Burn (Version: 1.6 - Roxio) Hidden

Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)

Roxio Creator Starter (Version: 1.0.311 - Roxio) Hidden

Roxio Creator Starter (Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{083988D7-BDA9-4244-983B-409A634BBC09}) (Version: 13.0.1.220 - SAP)

Security Wizards (Version: 01.07.00.026 - Your Company Name) Hidden

Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden

SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)

Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden

Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729 - Microsoft Corporation) Hidden

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

Wave Infrastructure Installer (Version: 07.01.31.0000 - Wave Systems Corp) Hidden

Wave Support Software (Version: 05.10.00.073 - Wave Systems Corp) Hidden

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)

Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============

2010-01-19 14:44 - 2010-01-19 14:44 - 00249856 _____ () C:\Windows\system32\wxvault.dll

2011-02-20 00:28 - 2010-12-22 18:22 - 00253952 _____ () C:\IBackup for Windows\IBContextMenu.dll

2010-03-02 14:46 - 2010-03-02 14:46 - 00010752 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll

2008-11-12 15:24 - 2008-11-12 15:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

2010-09-03 03:28 - 2010-09-03 03:28 - 00518640 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2010-08-30 05:34 - 2010-08-30 05:34 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll

2014-06-05 15:30 - 2014-06-05 15:30 - 00623432 _____ () C:\Program Files\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll

2014-06-05 15:31 - 2014-06-05 15:31 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBCompressor.dll

2013-12-02 15:27 - 2013-12-02 15:27 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2014\zlib1.dll

2014-06-05 15:31 - 2014-06-05 15:31 - 00149320 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBMAPILibrary.dll

2014-06-05 15:30 - 2014-06-05 15:30 - 00247112 _____ () C:\Program Files\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll

2014-06-05 15:31 - 2014-06-05 15:31 - 00623944 _____ () C:\Program Files\Intuit\QuickBooks 2014\FtuEngine.dll

2014-06-05 15:30 - 2014-06-05 15:30 - 00582472 _____ () C:\Program Files\Intuit\QuickBooks 2014\BackupLib.dll

2014-06-05 15:31 - 2014-06-05 15:31 - 00142664 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBProActiveCore.dll

2014-06-05 15:31 - 2014-06-05 15:31 - 00791880 _____ () C:\Program Files\Intuit\QuickBooks 2014\FeaturesBridge.dll

2014-06-05 15:31 - 2014-06-05 15:31 - 00043848 _____ () C:\Program Files\Intuit\QuickBooks 2014\mbpopup.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/19/2014 00:30:50 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2014 00:30:42 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2014 10:17:22 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2014":

Got unexpected error 5 in call to NetShareGetInfo for path \\192.168.0.202\fin\QB\Park Line Asphalt Maintenance Inc.QBW

Error: (09/18/2014 10:17:14 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Pro 2014":

Got unexpected error 5 in call to NetShareGetInfo for path \\192.168.0.202\fin\QB\Park Line Asphalt Maintenance Inc.QBW

Error: (09/18/2014 00:30:57 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/18/2014 00:30:49 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (09/17/2014 05:33:09 PM) (Source: MouseKeyboardCenter) (EventID: 0) (User: )

Description: Unknown Node:#text -->

Error: (09/17/2014 05:31:38 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1218796917-176530085-1381546619-1136.bak). hr = 0x80070539, The security ID structure is invalid.

.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {c7cb822b-a161-476e-9758-eee28d8940bb}

Error: (09/17/2014 05:31:35 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1218796917-176530085-1381546619-1136.bak). hr = 0x80070539, The security ID structure is invalid.

.

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {c7cb822b-a161-476e-9758-eee28d8940bb}

Error: (09/17/2014 05:31:35 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {c623bc35-8350-4d34-8f23-933518d78ee2}

System errors:

=============

Error: (09/19/2014 06:04:09 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/19/2014 06:02:58 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

Error: (09/19/2014 06:01:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/19/2014 06:01:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/19/2014 06:00:34 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: PARKLINE)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/19/2014 06:00:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/19/2014 06:00:27 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/19/2014 06:00:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (09/19/2014 06:00:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:

%%0

Error: (09/19/2014 06:00:25 PM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain PARKLINE due to the following:

%%1311

This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.

Microsoft Office Sessions:

=========================

Error: (07/10/2014 10:09:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7421 seconds with 240 seconds of active time. This session ended with a crash.

Error: (02/17/2014 09:12:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/10/2013 11:02:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6875 seconds with 840 seconds of active time. This session ended with a crash.

Error: (12/02/2013 09:08:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 174 seconds with 120 seconds of active time. This session ended with a crash.

Error: (08/12/2013 08:05:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/10/2013 07:57:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/03/2013 08:04:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/04/2012 08:17:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 178 seconds with 60 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2011-08-01 22:09:55.084

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-08-01 22:09:55.053

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-07-31 23:13:26.326

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-31 23:13:26.295

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-07-27 10:40:47.591

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-27 10:40:47.544

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-07-27 09:43:08.493

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-27 09:43:08.446

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-07-11 22:08:15.143

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

Date: 2011-07-11 22:08:15.112

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz

Percentage of memory in use: 36%

Total physical RAM: 3547.59 MB

Available physical RAM: 2248.73 MB

Total Pagefile: 7093.48 MB

Available Pagefile: 5564.16 MB

Total Virtual: 2047.88 MB

Available Virtual: 1925.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:225.01 GB) NTFS

Drive i: (NBRT) (Removable) (Total:15.21 GB) (Free:14.18 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================

Link to post
Share on other sites

There are some issues that have to be cross checked:

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.

Link to post
Share on other sites

my apologies.   I didn't realize that you wouldn't reply on the weekend.

 

After doing much reading on the forum about my problem I decided to restore from an original disk image.   It seemed easier and all I needed to do was move my documents.  It only took an hour or so.

 

Thank you so much for your time and effort.

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.