Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

COM Surrogate on my laptop, please help


krazybee
 Share

Recommended Posts

Enclosing the FRST and Addition Files...  Awaiting your instructions

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014Ran by kbatchelor (administrator) on W7LT-KBACHELOR on 11-11-2014 15:17:04Running from C:\Users\kbatchelor\DesktopLoaded Profile: kbatchelor (Available profiles: Karl & kbatchelor)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe(Avaya Inc.) C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe(O2Micro International) C:\Windows\System32\drivers\o2flash.exe() C:\Windows\SysWOW64\srvany.exe(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe(Copyright 2013 SAMSUNG) C:\Program Files\SAMSUNG\Samsung Link\Samsung Link Tray Agent.exe(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptim.exe(Microsoft Corporation) C:\Windows\System32\regsvr32.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel(R) Corporation)HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG)HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files (x86)\Mobisynapse\MobisynapseSyncHelper.exeHKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [PTIM.exe] => C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [427816 2014-03-24] (Cisco WebEx LLC)HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [19752256 2014-06-15] ()HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [SpringCM Desktop Sync] => C:\Program Files (x86)\SpringCM\Business Sync\SpringCMBusinessSync.exe [1133568 2014-05-01] (SpringCM)HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [YhxcPack] => regsvr32.exe C:\Users\kbatchelor\AppData\Local\YhxcPack\dzgdefz.dll <===== ATTENTIONHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [Ajfwworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\kbatchelor\AppData\Local\Uspqmedia\CNBP401.DLLHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {24191665-2274-11e1-8502-3859f9d6b6b4} - F:\setup.exe -aHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {2ad9c194-bf85-11e2-bbd0-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant_installer.exeHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {42213bf3-cd87-11e3-b23b-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {7a96609e-b8df-11e3-830b-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {85e5e72a-b37c-11e3-aa2d-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {a9d32c1a-3d28-11e1-96c7-3859f9d6b6b4} - E:\setup.exe -aHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {f643af81-1a9f-11e3-b097-5c260a75d930} - E:\VZW_Software_upgrade_assistant_installer.exeHKU\S-1-5-21-3636288926-101227424-3182810562-6128\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!Lsa: [Authentication Packages] msv1_0 wvauthStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnkShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnkShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnkShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()Startup: C:\Users\kbatchelor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnkShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\kbatchelor\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)ShellIconOverlayIdentifiers: [0000SCMCheckedOutIcon] -> {DAF0BD62-02C7-4847-9BB9-707F9C8F9336} => C:\Program Files (x86)\SpringCM\Business Sync\OverlayShellExtension.dll (SpringCM)ShellIconOverlayIdentifiers: [0000SCMConflictedIcon] -> {773B0428-D9D7-4583-BDA4-3F07358554FB} => C:\Program Files (x86)\SpringCM\Business Sync\OverlayShellExtension.dll (SpringCM)ShellIconOverlayIdentifiers: [0000SCMDownloadingIcon] -> {4D839F91-DC20-4002-927E-68C445090353} => C:\Program Files (x86)\SpringCM\Business Sync\OverlayShellExtension.dll (SpringCM)ShellIconOverlayIdentifiers: [0000SCMFailedIcon] -> {E0E1DD72-0B24-431F-B671-AFCE23517E1F} => C:\Program Files (x86)\SpringCM\Business Sync\OverlayShellExtension.dll (SpringCM)ShellIconOverlayIdentifiers: [0000SCMSkippedIcon] -> {03A54278-DBAF-43EE-A0D8-F63430D69B3C} => C:\Program Files (x86)\SpringCM\Business Sync\OverlayShellExtension.dll (SpringCM)ShellIconOverlayIdentifiers: [0000SCMSyncedIcon] -> {9AC30552-B009-454F-8DBD-2EF900513387} => C:\Program Files (x86)\SpringCM\Business Sync\OverlayShellExtension.dll (SpringCM)ShellIconOverlayIdentifiers: [0000SCMUploadingIcon] -> {2187F837-A3BF-4CC7-9FC4-4E6A88BE24BA} => C:\Program Files (x86)\SpringCM\Business Sync\OverlayShellExtension.dll (SpringCM)ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {EF7421DA-0D6A-42B1-A875-B056B7EB399F} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {888505E5-964D-4FB3-B1EC-CAAFA8414D89} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {888505E5-964D-4FB3-B1EC-CAAFA8414D89} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {EB72C539-71FC-4497-A097-2B8FC9E9DF3C} URL = BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130116120517.dll (McAfee, Inc.)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130116120520.dll (McAfee, Inc.)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: AvayaIEHlprObj Class -> {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} -> C:\Program Files (x86)\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll (Avaya)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No FileToolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No FileDPF: HKLM-x32 {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} http://optimum.net/downloads/TNetworkScannerXControl.ocxDPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No FileFF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\kbatchelor\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF user.js: detected! => C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\kbatchelor\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)FF Extension: html persistent handler for mapi email - C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default\Extensions\{96794CD0-DA1E-1822-1779-C1CA8D576D31} [2014-10-31]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-07]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-08-25]FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCoreFF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-16]FF HKCU\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files (x86)\WebEx\Productivity ToolsFF Extension: WebEx Productivity Tools - C:\Program Files (x86)\WebEx\Productivity Tools [2011-09-12]FF Extension: No Name - {D19CA586-DD6C-4a0a-96F8-14644F340D60} [Not Found]FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]Chrome: =========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2014-08-15] () [File not signed]R2 iClarityQoSService; C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe [1649664 2011-07-19] (Avaya Inc.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-01-16] (McAfee, Inc.)R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-01-16] (McAfee, Inc.)R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel(R) Corporation) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-01-16] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-01-16] (McAfee, Inc.)U3 mfeavfk01; No ImagePathR0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-01-16] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-01-16] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-01-16] (McAfee, Inc.)S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-08-11] (Windows (R) Win 7 DDK provider)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-06] ()S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-11 15:17 - 2014-11-11 15:17 - 00029921 _____ () C:\Users\kbatchelor\Desktop\FRST.txt2014-11-11 15:16 - 2014-11-06 10:42 - 02114560 _____ (Farbar) C:\Users\kbatchelor\Desktop\FRST64.exe2014-11-11 12:58 - 2014-11-11 12:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.52014-11-11 11:47 - 2014-11-11 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-11-11 11:29 - 2014-11-11 12:45 - 00000000 ____D () C:\Users\kbatchelor\Desktop\mbar2014-11-07 10:46 - 2014-11-11 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-06 15:52 - 2014-11-06 15:52 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-11-06 15:52 - 2014-11-06 15:52 - 00000000 ____D () C:\ProgramData\RogueKiller2014-11-06 12:24 - 2014-11-06 12:24 - 00000000 ____D () C:\Windows\pss2014-11-06 11:08 - 2014-11-11 15:17 - 00000000 ____D () C:\FRST2014-11-05 23:28 - 2014-11-06 14:53 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\Seagate2014-11-05 17:54 - 2014-11-05 17:54 - 00000000 ____D () C:\Program Files\WDCSAM2014-11-05 17:48 - 2014-11-05 17:49 - 00378553 _____ () C:\Users\kbatchelor\Downloads\WD_SES_Driver_Setup_x64 (1).zip2014-11-05 16:24 - 2014-11-05 16:24 - 00378553 _____ () C:\Users\kbatchelor\Downloads\WD_SES_Driver_Setup_x64.zip2014-11-05 15:55 - 2014-11-05 15:55 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Western_Digital_Technolog2014-11-05 14:13 - 2014-11-05 14:13 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices2014-11-05 13:23 - 2014-11-05 13:23 - 00000000 ___SD () C:\ComboFix2014-11-05 12:49 - 2014-11-11 13:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-05 12:48 - 2014-11-11 11:45 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-05 12:48 - 2014-11-05 12:48 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-05 12:48 - 2014-11-05 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-05 12:48 - 2014-11-05 12:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-05 12:48 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-05 12:48 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-11-05 12:47 - 2014-11-05 12:47 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\kbatchelor\Downloads\mbam-setup-2.0.3.1025.exe2014-11-05 12:39 - 2014-11-05 12:42 - 00002396 _____ () C:\Users\kbatchelor\Desktop\Rkill.txt2014-11-05 12:39 - 2014-11-05 12:39 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\kbatchelor\Downloads\iExplore64.exe2014-11-05 12:37 - 2014-11-05 12:36 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\kbatchelor\Downloads\iExplore.exe2014-11-05 12:30 - 2014-11-05 12:30 - 00003856 _____ () C:\Windows\System32\Tasks\{E55723C3-83BA-8584-BAC0-8A70E3C2E16C}2014-11-05 12:30 - 2014-11-05 12:30 - 00000000 _____ () C:\Windows\system32\pqdvvc.dll2014-11-05 12:27 - 2014-11-05 13:23 - 00000000 ____D () C:\Qoobox2014-11-05 12:25 - 2014-11-05 12:25 - 00000000 ____D () C:\Windows\erdnt2014-11-05 10:44 - 2014-11-05 10:52 - 00002018 _____ () C:\freefallprotection.log2014-10-31 10:40 - 2014-10-31 10:41 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\YhxcPack2014-10-31 10:38 - 2014-11-05 09:32 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Uspqmedia2014-10-22 22:35 - 2014-10-22 22:36 - 00000000 ____D () C:\Users\kbatchelor\Desktop\cc2014-10-22 22:31 - 2014-10-22 22:31 - 11441642 _____ (A.I.SOFT,INC.) C:\Users\kbatchelor\Downloads\CC3up_1.30.0020.EXE2014-10-22 22:20 - 2014-10-22 22:20 - 00924173 _____ () C:\Users\kbatchelor\Downloads\BrMain480.exe2014-10-22 09:32 - 2014-10-22 09:32 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-10-22 09:32 - 2014-10-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-10-22 09:30 - 2014-10-22 09:32 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-10-22 09:30 - 2014-10-22 09:32 - 00000000 ____D () C:\Program Files\iTunes2014-10-22 09:30 - 2014-10-22 09:32 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-10-22 09:30 - 2014-10-22 09:30 - 00000000 ____D () C:\Program Files\iPod2014-10-20 20:44 - 2014-10-20 20:44 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-11 15:13 - 2011-10-05 16:23 - 00000000 ____D () C:\Users\kbatchelor\Documents\Outlook Files2014-11-11 15:13 - 2011-09-12 13:29 - 00000000 ____D () C:\Users\kbatchelor\Documents\MS Outlook Offline2014-11-11 15:11 - 2012-12-06 10:29 - 00271360 _____ () C:\Users\kbatchelor\Documents\Batchelor Filed Mail.pst2014-11-11 15:10 - 2011-09-06 13:59 - 00000000 ____D () C:\Users\kbatchelor\Documents\Thales Sales2014-11-11 15:09 - 2014-06-12 13:00 - 00000548 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-6128.job2014-11-11 14:52 - 2012-04-12 13:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-11 14:37 - 2011-08-25 12:13 - 01936051 _____ () C:\Windows\WindowsUpdate.log2014-11-11 14:27 - 2009-07-14 00:13 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-11 14:25 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-11 14:25 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-11 13:02 - 2013-01-19 00:13 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\Skype2014-11-11 13:01 - 2011-09-06 00:44 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Deployment2014-11-11 12:59 - 2011-09-21 00:19 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\CrashDumps2014-11-11 12:58 - 2014-04-14 00:32 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Backup Assistant Plus2014-11-11 12:58 - 2011-09-02 11:52 - 00000000 ____D () C:\Users\kbatchelor\Tracing2014-11-11 12:58 - 2011-08-25 09:50 - 00000000 ____D () C:\ProgramData\Sonic2014-11-11 12:50 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-11 12:50 - 2009-07-13 23:51 - 00094591 _____ () C:\Windows\setupact.log2014-11-11 11:35 - 2012-05-04 01:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-11-11 11:35 - 2010-11-20 22:47 - 00276124 _____ () C:\Windows\PFRO.log2014-11-07 22:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-11-06 14:55 - 2011-09-01 14:31 - 00000000 ____D () C:\Users\westonit2014-11-06 14:55 - 2011-08-31 16:32 - 00000000 ____D () C:\Users\Karl2014-11-06 14:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2014-11-06 11:57 - 2011-09-01 14:52 - 00000000 ____D () C:\Users\kbatchelor2014-11-06 10:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing2014-11-05 22:53 - 2014-06-12 17:30 - 00002003 _____ () C:\Users\Public\Desktop\SpringCM Business Sync.lnk2014-11-05 22:50 - 2013-08-15 03:00 - 00000000 ____D () C:\Program Files\Common Files\Western Digital2014-11-05 22:50 - 2012-03-04 19:12 - 00000000 ____D () C:\ProgramData\Western Digital2014-11-05 22:30 - 2011-08-25 09:47 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk2014-11-05 22:30 - 2011-08-25 09:47 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk2014-11-05 21:27 - 2013-08-15 03:01 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat2014-11-05 19:13 - 2012-08-07 12:07 - 00000000 ____D () C:\Quarantine2014-11-05 17:55 - 2011-08-25 09:34 - 00000000 ____D () C:\Program Files\DIFX2014-11-05 13:34 - 2011-09-06 14:03 - 00000000 ____D () C:\Windows\Sun2014-11-05 13:32 - 2014-01-02 14:42 - 00000000 ____D () C:\ProgramData\Conduit2014-11-05 12:48 - 2013-01-30 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-05 11:00 - 2013-12-11 18:13 - 00000000 ____D () C:\Program Files (x86)\SmrtX2014-11-05 10:51 - 2011-08-25 09:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-11-05 09:34 - 2014-01-15 13:01 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\{5546EB4D-9033-42C2-97A7-E893C7EDF3CD}2014-11-04 15:45 - 2011-09-12 11:55 - 00000000 ____D () C:\Users\kbatchelor\Documents\Customers2014-11-02 17:16 - 2011-12-10 13:31 - 00000000 ____D () C:\Program Files (x86)\IPCamClient2014-10-30 22:28 - 2012-06-19 14:32 - 00000000 ____D () C:\Users\kbatchelor\Documents\Expense receipts2014-10-30 14:33 - 2011-09-06 14:03 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\webex2014-10-30 13:22 - 2011-09-06 14:03 - 00000000 ____D () C:\ProgramData\WebEx2014-10-28 00:54 - 2011-09-01 14:36 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-26 23:44 - 2014-08-28 13:56 - 00000000 ____D () C:\Users\kbatchelor\Desktop\Personal2014-10-24 20:44 - 2014-06-12 13:00 - 00003576 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-61282014-10-22 22:55 - 2011-09-06 11:51 - 00000431 _____ () C:\Windows\Brpfx04a.ini2014-10-22 22:55 - 2011-09-06 11:50 - 00000000 _____ () C:\Windows\brdfxspd.dat2014-10-22 11:37 - 2011-09-12 15:58 - 00000000 ____D () C:\Users\kbatchelor\Documents\Product Files2014-10-22 09:30 - 2014-09-10 14:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-10-22 09:30 - 2013-03-25 13:17 - 00000000 ____D () C:\Program Files\Common Files\AppleSome content of TEMP:====================C:\Users\kbatchelor\AppData\Local\Temp\atgpcdec.dllC:\Users\kbatchelor\AppData\Local\Temp\dllnt_dump.dllC:\Users\kbatchelor\AppData\Local\Temp\G2MInstallerExtractor.exeC:\Users\kbatchelor\AppData\Local\Temp\SamsungAPInstaller_1398909393252.exeC:\Users\westonit\AppData\Local\Temp\vpnclient_setup.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-11-05 20:31==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014Ran by kbatchelor at 2014-11-11 15:17:42Running from C:\Users\kbatchelor\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.12 - Adobe Systems)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)Amazon Cloud Drive (HKLM-x32\...\{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}) (Version: 0.11.12.0 - Amazon.com)Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avaya one-X® Communicator (HKLM-x32\...\{846039E7-3F64-446F-8457-BC10F3E26825}) (Version: 6.1.25 - Avaya)BioAPI Framework (Version: 1.0.2 - Dell Inc.) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.55.0005 - Brother)Brother MFL-Pro Suite MFC-9320CW (HKLM-x32\...\{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}) (Version: 1.0.2.0 - Brother Industries, Ltd.)Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )CDDRV_Installer (Version: 4.60 - Logitech) HiddenCisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)Custom (Version: 01.00.00.000 - Wave Systems Corp.) HiddenCyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159 - Broadcom Corporation) HiddenDell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.001 - Dell Inc.)Dell Data Protection | Access (Version: 01.01.01.001 - Wave Systems Corp) HiddenDell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.118 - ALPS ELECTRIC CO., LTD.)Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) HiddenDirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) HiddenDownload Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTIONEMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) HiddenerLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hiddenffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) HiddenGoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel(R) Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)IP Camera (HKLM-x32\...\IP Camera) (Version:  - )IPCamClient (HKLM-x32\...\{B1534528-3E4B-4630-A06D-8115917A2B92}) (Version: 1.0.0.10 - )iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)Java(TM) 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)join.me (HKCU\...\JoinMe) (Version: 1.13.0.130 - LogMeIn Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKhalInstallWrapper (Version: 2.00.0000 - Logitech) HiddenK-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )Livescribe Connect (HKLM-x32\...\com.livescribe.LivescribeConnect) (Version: 1.2.1.58498 - Livescribe Inc)Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) HiddenLivescribe Desktop (HKLM-x32\...\Livescribe Desktop 2.8.3) (Version: 2.8.3 - Livescribe Inc)Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)McAfee Agent (HKLM-x32\...\{DE91C193-2611-4BD3-A9F9-DF589C572565}) (Version: 4.6.0.2292 - McAfee, Inc.)McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{E84D1C9D-6669-4156-992B-17557D64F1D3}) (Version: 3.5.6907.268 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) HiddenO2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hiddenocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis)ooVoo toolbar, powered by Ask.com Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTIONOptimum (HKCU\...\882624514.optimumapp.iptv.optimum.net) (Version:  - optimumapp.iptv.optimum.net)Optimum App for Laptop 2.00 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 2.00 - Cablevision)Optimum WiFi Register (HKLM-x32\...\{4267D2C3-0C04-4F50-BEEE-8EA4A5B8FDB4}) (Version: 1.0.0 - Cablevision)PC-CCID (Version: 2.0.0 - Gemalto) HiddenPhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) HiddenPreboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) HiddenPrivate Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) HiddenQuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenRoxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)Roxio File Backup (Version: 1.3.2 - Roxio) HiddenSalesforce Outlook Edition 3 (HKLM-x32\...\{F82DF41F-4A57-4679-9907-D6430C6310B0}) (Version: 3.3.114 - salesforce.com)salesforce.com Offline Edition 2.0 (HKLM-x32\...\{8F8E3F13-79E2-4045-8522-0CAE2FDDDFBC}) (Version: 1.235.228 - salesforce.com)Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenSPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) HiddenSpringCM Business Sync 2.7.4 64-bit (HKLM\...\{DDE5C3D6-2A82-4E7C-A6E9-18B3AE1624D3}) (Version: 2.7.4 - SpringCM)SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) HiddenTeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) HiddenUltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.8 - uvnc bvba)Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) HiddenVerizon Cloud (HKLM-x32\...\Verizon Cloud) (Version:  - Verizon Wireless)Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{B7C5C35E-E750-4D09-BD2E-381D10124CBB}) (Version: 2.14.0305 - Samsung Electronics Co., Ltd.)VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) HiddenWave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) HiddenWebEx Productivity Tools (HKLM-x32\...\{4F401009-3A8F-45D1-8332-4C5148D18BC7}) (Version: 2.26.2802 - Cisco WebEx LLC)WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 - WinZip Computing, S.L. )WinZipBar Toolbar (HKLM-x32\...\WinZipBar Toolbar) (Version: 6.8.5.1 - WinZipBar)Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-3636288926-101227424-3182810562-6128_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-3636288926-101227424-3182810562-6128_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?==================== Restore Points  =========================06-11-2014 03:32:15 Removed Android Sync Manager WiFi06-11-2014 03:46:49 Removed WD SmartWare06-11-2014 03:51:42 WD SmartWare Installer06-11-2014 03:52:19 WD SmartWare Installer06-11-2014 04:25:55 Installed Microsoft Visual C++ 2005 Redistributable06-11-2014 18:12:25 Windows Backup11-11-2014 17:44:48 Malwarebytes Anti-Rootkit Restore Point11-11-2014 18:02:36 Removed SpringCM Business Sync 2.7.4 64-bit11-11-2014 20:13:34 Removed SpringCM Business Sync 2.7.4 64-bit==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {3D79927E-E24E-426F-8D44-AD9777FC7B07} - System32\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-6128 => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-24] (Citrix Online, a division of Citrix Systems, Inc.)Task: {47F6BC3C-3E84-41BF-9E37-506661FFE3EC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {7B756983-4370-4710-ACA4-A2CDF619CA5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {8B058EAD-E0B6-45D4-AB1F-5B15952F3BD8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)Task: {98D2E290-E0E8-41B6-862D-A4238A88E957} - \BackgroundContainer Startup Task No Task File <==== ATTENTIONTask: {E338AFEE-2E37-494B-ACC5-F71F1F69B04D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {ECA4814E-E623-4053-BD06-2F9F10CD3AA9} - System32\Tasks\{E55723C3-83BA-8584-BAC0-8A70E3C2E16C} => C:\Windows\system32\miyzf.dll/s "C:\Windows\system32\miyzf.dll"Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-6128.job => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe==================== Loaded Modules (whitelisted) =============2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2014-09-15 15:02 - 2014-08-15 15:30 - 00099328 ____N () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe2011-08-25 09:30 - 2003-04-18 21:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe2011-08-25 10:56 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2013-09-09 15:45 - 2014-03-13 14:52 - 00013824 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniSys.dll2013-09-09 15:45 - 2014-03-13 14:52 - 00048640 _____ () C:\Program Files\SAMSUNG\Samsung Link\JniIO.dll2013-12-21 10:25 - 2013-12-21 10:25 - 00036864 _____ () C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll2013-12-21 10:26 - 2013-12-21 10:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll2013-12-21 10:27 - 2013-12-21 10:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll2013-10-22 08:52 - 2013-10-22 08:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll2013-10-22 08:52 - 2013-10-22 08:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll2013-12-21 10:27 - 2013-12-21 10:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll2013-07-23 18:19 - 2013-07-23 18:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll2013-07-23 18:19 - 2013-07-23 18:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll2013-07-23 18:19 - 2013-07-23 18:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll2013-07-23 18:19 - 2013-07-23 18:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll2011-09-19 08:11 - 2009-07-20 11:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe2011-09-19 08:11 - 2009-07-20 03:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe2011-09-06 11:50 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll2012-08-14 20:08 - 2012-08-14 20:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll2011-10-27 17:56 - 2011-10-27 17:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll2014-10-31 10:41 - 2014-10-31 10:41 - 00898560 _____ () C:\Users\kbatchelor\AppData\Local\YhxcPack\dzgdefz.dll2014-11-01 19:37 - 2014-11-01 19:37 - 00926720 _____ () C:\Users\kbatchelor\AppData\Local\Uspqmedia\CNBP401.DLL2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll2011-09-06 11:50 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42213783.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42213783.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: Amazon Cloud Drive => C:\Users\kbatchelor\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exeMSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenMSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimizedMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"========================= Accounts: ==========================admin (S-1-5-21-3127398787-1692880747-933160537-1001 - Administrator - Enabled)Administrator (S-1-5-21-3127398787-1692880747-933160537-500 - Administrator - Disabled)Guest (S-1-5-21-3127398787-1692880747-933160537-501 - Limited - Disabled)Karl (S-1-5-21-3127398787-1692880747-933160537-1000 - Administrator - Enabled) => C:\Users\Karl==================== Faulty Device Manager Devices =============Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Cisco Systems VPN Adapter for 64-bit WindowsDescription: Cisco Systems VPN Adapter for 64-bit WindowsClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: CVirtAProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (11/11/2014 03:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: POWERPNT.EXE, version: 14.0.6009.1000, time stamp: 0x4cc1a4edFaulting module name: ppcore.dll, version: 14.0.7121.5000, time stamp: 0x5321e8beException code: 0xc0000005Fault offset: 0x000194dcFaulting process id: 0x2f7cFaulting application start time: 0xPOWERPNT.EXE0Faulting application path: POWERPNT.EXE1Faulting module path: POWERPNT.EXE2Report Id: POWERPNT.EXE3Error: (11/11/2014 02:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Samsung Link.exe, version: 1.8.0.5792, time stamp: 0x52540e3eFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0000000000000000Faulting process id: 0xab0Faulting application start time: 0xSamsung Link.exe0Faulting application path: Samsung Link.exe1Faulting module path: Samsung Link.exe2Report Id: Samsung Link.exe3Error: (11/11/2014 01:02:02 PM) (Source: VSTO 4.0) (EventID: 4096) (User: )Description: Customization URI: file:///C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/PipelineSegments.storeException: Exception reading manifest from file:///C:/Program%20Files%20(x86)/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened.************** Exception Text **************System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from file:///C:/Program%20Files%20(x86)/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened. ---> System.Xml.XmlException: '', hexadecimal value 0x01, is an invalid character. Line 1, position 1.   at System.Xml.XmlTextReaderImpl.Throw(Exception e)   at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args)   at System.Xml.XmlTextReaderImpl.Throw(Int32 pos, String res, String[] args)   at System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Int32 pos, Char invChar)   at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()   at System.Xml.XmlTextReaderImpl.Read()   at System.Xml.XmlTextReader.Read()   at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()   at System.Xml.XmlCharCheckingReader.Read()   at System.Xml.XsdValidatingReader.Read()   at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)   --- End of inner exception stack trace ---   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout)   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()************** Loaded Assemblies **************mscorlib    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5477 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll----------------------------------------Microsoft.VisualStudio.Tools.Office.Runtime.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll----------------------------------------System    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll----------------------------------------System.Core    Assembly Version: 3.5.0.0    Win32 Version: 3.5.30729.5420 built by: Win7SP1    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll----------------------------------------Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll----------------------------------------System.AddIn    Assembly Version: 3.5.0.0    Win32 Version: 3.5.30729.5446 built by: Win7SP1GDR    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.AddIn/3.5.0.0__b77a5c561934e089/System.AddIn.dll----------------------------------------Microsoft.Office.Tools.Outlook.v9.0    Assembly Version: 9.0.0.0    Win32 Version: 9.0.30729.7079    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.Office.Tools.Outlook.v9.0/9.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Outlook.v9.0.dll----------------------------------------Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll----------------------------------------System.Windows.Forms    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5468 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll----------------------------------------System.Drawing    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll----------------------------------------System.Deployment    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Deployment/2.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll----------------------------------------System.Configuration    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5476 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll----------------------------------------System.Xml    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5476 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll----------------------------------------Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll----------------------------------------Error: (11/11/2014 00:59:22 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x532bdd48Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9Exception code: 0xc0000005Fault offset: 0x00056b1dFaulting process id: 0xd24Faulting application start time: 0xUA.exe0Faulting application path: UA.exe1Faulting module path: UA.exe2Report Id: UA.exe3Error: (11/11/2014 00:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/11/2014 11:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: communicator.exe, version: 3.5.6907.268, time stamp: 0x5165ca9aFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc000041dFault offset: 0x0002e066Faulting process id: 0x18bcFaulting application start time: 0xcommunicator.exe0Faulting application path: communicator.exe1Faulting module path: communicator.exe2Report Id: communicator.exe3Error: (11/11/2014 11:45:17 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x532bdd48Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9Exception code: 0xc0000005Fault offset: 0x00056b1dFaulting process id: 0x27f4Faulting application start time: 0xUA.exe0Faulting application path: UA.exe1Faulting module path: UA.exe2Report Id: UA.exe3Error: (11/11/2014 11:42:03 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Skype.exe version 6.11.0.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 14e8Start Time: 01cffdcdd048e475Termination Time: 0Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exeReport Id:Error: (11/11/2014 11:39:10 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: UA.exe, version: 1.0.0.1, time stamp: 0x532bdd48Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9Exception code: 0xc0000005Fault offset: 0x00056b1dFaulting process id: 0x1b28Faulting application start time: 0xUA.exe0Faulting application path: UA.exe1Faulting module path: UA.exe2Report Id: UA.exe3Error: (11/11/2014 11:35:22 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (11/11/2014 02:06:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Samsung Link Service service terminated unexpectedly.  It has done this 1 time(s).Error: (11/11/2014 00:58:34 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (11/11/2014 00:56:07 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: US)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.Error: (11/11/2014 00:53:42 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted..Error: (11/11/2014 00:52:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)Error: (11/11/2014 00:51:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)Error: (11/11/2014 00:50:36 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.Error: (11/11/2014 00:50:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0Error: (11/11/2014 00:50:21 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain US due to the following: %%1311This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator.ADDITIONAL INFOIf this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain.Error: (11/11/2014 11:45:16 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}Microsoft Office Sessions:=========================Error: (11/11/2014 03:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: POWERPNT.EXE14.0.6009.10004cc1a4edppcore.dll14.0.7121.50005321e8bec0000005000194dc2f7c01cffde0e3df8f95C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXEC:\Program Files (x86)\Microsoft Office\Office14\ppcore.dlld9d641a4-69de-11e4-8bee-5c260a75d930Error: (11/11/2014 02:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Samsung Link.exe1.8.0.579252540e3eunknown0.0.0.000000000c00000050000000000000000ab001cffdd7fa010486C:\Program Files\Samsung\Samsung Link\Samsung Link.exeunknowna3faba99-69d5-11e4-8bee-5c260a75d930Error: (11/11/2014 01:02:02 PM) (Source: VSTO 4.0) (EventID: 4096) (User: )Description: Customization URI: file:///C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/PipelineSegments.storeException: Exception reading manifest from file:///C:/Program%20Files%20(x86)/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened.************** Exception Text **************System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from file:///C:/Program%20Files%20(x86)/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened. ---> System.Xml.XmlException: '', hexadecimal value 0x01, is an invalid character. Line 1, position 1.   at System.Xml.XmlTextReaderImpl.Throw(Exception e)   at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args)   at System.Xml.XmlTextReaderImpl.Throw(Int32 pos, String res, String[] args)   at System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Int32 pos, Char invChar)   at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()   at System.Xml.XmlTextReaderImpl.Read()   at System.Xml.XmlTextReader.Read()   at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()   at System.Xml.XmlCharCheckingReader.Read()   at System.Xml.XsdValidatingReader.Read()   at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)   --- End of inner exception stack trace ---   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout)   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()************** Loaded Assemblies **************mscorlib    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5477 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll----------------------------------------Microsoft.VisualStudio.Tools.Office.Runtime.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll----------------------------------------System    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll----------------------------------------System.Core    Assembly Version: 3.5.0.0    Win32 Version: 3.5.30729.5420 built by: Win7SP1    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll----------------------------------------Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll----------------------------------------System.AddIn    Assembly Version: 3.5.0.0    Win32 Version: 3.5.30729.5446 built by: Win7SP1GDR    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.AddIn/3.5.0.0__b77a5c561934e089/System.AddIn.dll----------------------------------------Microsoft.Office.Tools.Outlook.v9.0    Assembly Version: 9.0.0.0    Win32 Version: 9.0.30729.7079    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.Office.Tools.Outlook.v9.0/9.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Outlook.v9.0.dll----------------------------------------Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll----------------------------------------System.Windows.Forms    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5468 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll----------------------------------------System.Drawing    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5467 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll----------------------------------------System.Deployment    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5420 (Win7SP1.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Deployment/2.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll----------------------------------------System.Configuration    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5476 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll----------------------------------------System.Xml    Assembly Version: 2.0.0.0    Win32 Version: 2.0.50727.5476 (Win7SP1GDR.050727-5400)    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll----------------------------------------Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0    Assembly Version: 10.0.0.0    Win32 Version: 10.0.50325.0    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll----------------------------------------Error: (11/11/2014 00:59:22 PM) (Source: Application Error) (EventID: 1000) (User: )Description: UA.exe1.0.0.1532bdd48MSVCR90.dll9.0.30729.61614dace5b9c000000500056b1dd2401cffdd90ba8aecfC:\Users\kbatchelor\AppData\Roaming\Verizon\UA_ar\UA.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll76e411ed-69cc-11e4-8bee-5c260a75d930Error: (11/11/2014 00:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (11/11/2014 11:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: communicator.exe3.5.6907.2685165ca9antdll.dll6.1.7601.18247521ea8e7c000041d0002e06618bc01cffdcedd326028C:\Program Files (x86)\Microsoft Office Communicator\communicator.exeC:\Windows\SysWOW64\ntdll.dll401431fb-69c2-11e4-bb93-5c260a75d930Error: (11/11/2014 11:45:17 AM) (Source: Application Error) (EventID: 1000) (User: )Description: UA.exe1.0.0.1532bdd48MSVCR90.dll9.0.30729.61614dace5b9c000000500056b1d27f401cffdcedceaf6e0C:\Users\kbatchelor\AppData\Roaming\Verizon\UA_ar\UA.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll1d0bd631-69c2-11e4-bb93-5c260a75d930Error: (11/11/2014 11:42:03 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: Skype.exe6.11.0.10214e801cffdcdd048e4750C:\Program Files (x86)\Skype\Phone\Skype.exeError: (11/11/2014 11:39:10 AM) (Source: Application Error) (EventID: 1000) (User: )Description: UA.exe1.0.0.1532bdd48MSVCR90.dll9.0.30729.61614dace5b9c000000500056b1d1b2801cffdcde6933b58C:\Users\kbatchelor\AppData\Roaming\Verizon\UA_ar\UA.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll42d15f9e-69c1-11e4-bb93-5c260a75d930Error: (11/11/2014 11:35:22 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHzPercentage of memory in use: 37%Total physical RAM: 3976.9 MBAvailable physical RAM: 2484.62 MBTotal Pagefile: 7951.98 MBAvailable Pagefile: 5046.94 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:347.52 GB) NTFSDrive e: () (Removable) (Total:7.44 GB) (Free:1.03 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31435453)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=13.3 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 7.5 GB) (Disk ID: 019A3334)Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)==================== End Of Log ============================
Link to post
Share on other sites

Welcome to the forum. (please don't put logs in quotes or code)

General P2P/Piracy Warning:
 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

 
<====><====><====><====><====><====><====><====>
 
 

Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear".


------->Your topic will be closed if you haven't replied within 3 days!<--------
If I don't respond within 24 hours, please send me a PM


=========================================

Then........Download, update and run Malwarebytes Anti-Rookit:
https://malwarebytes.app.box.com/s/xiaxsbl4cjdyyqx5wp8q <-----MBAR
Run it as Administrator! (right click..run as administrator)

========================================

Download and run this tool on every user:
http://kb.eset.com/esetkb/index?page=content&id=SOLN3587 <---Poweliks

========================================

Clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

MrC

Link to post
Share on other sites

MrC 

 

Thank you for your assistance.

 

I ran MBAR and it did find "Trojan.Powerliks.B".  Cleanup and Restore Point completed.

 

Ran the ESET tool... Threat Not Found

 

I ran the TFC and it cleared up the temp files.

 

I rebooted and COM Surrogate is no longer appearing at this point in time.  Do I need to do anything else?

 

Thank you for your assistance.

Link to post
Share on other sites

Thanks MrC

 

I've attached the files as requested.

 

One thing that concerns me is the number of instances of svchost.exe running when I check Task Manager - Processes.

 

KB

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by kbatchelor (administrator) on W7LT-KBACHELOR on 12-11-2014 19:56:10
Running from C:\Users\kbatchelor\Desktop
Loaded Profile: kbatchelor (Available profiles: Karl & kbatchelor)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\SAMSUNG\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Avaya Inc.) C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptim.exe
(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\extrac32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [intelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files (x86)\Mobisynapse\MobisynapseSyncHelper.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [PTIM.exe] => C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [427816 2014-03-24] (Cisco WebEx LLC)
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [19752256 2014-06-15] ()
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [springCM Desktop Sync] => "C:\Program Files (x86)\SpringCM\Business Sync\SpringCMBusinessSync.exe" /minimized
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [YhxcPack] => regsvr32.exe C:\Users\kbatchelor\AppData\Local\YhxcPack\dzgdefz.dll <===== ATTENTION
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\Run: [Ajfwworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\kbatchelor\AppData\Local\Uspqmedia\CNBP401.DLL
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {24191665-2274-11e1-8502-3859f9d6b6b4} - F:\setup.exe -a
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {2ad9c194-bf85-11e2-bbd0-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {42213bf3-cd87-11e3-b23b-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {7a96609e-b8df-11e3-830b-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {85e5e72a-b37c-11e3-aa2d-3859f9d6b6b4} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {a9d32c1a-3d28-11e1-96c7-3859f9d6b6b4} - E:\setup.exe -a
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\MountPoints2: {f643af81-1a9f-11e3-b097-5c260a75d930} - E:\VZW_Software_upgrade_assistant_installer.exe
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\kbatchelor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\kbatchelor\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {EF7421DA-0D6A-42B1-A875-B056B7EB399F} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {888505E5-964D-4FB3-B1EC-CAAFA8414D89} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {888505E5-964D-4FB3-B1EC-CAAFA8414D89} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {EB72C539-71FC-4497-A097-2B8FC9E9DF3C} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130116120517.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130116120520.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AvayaIEHlprObj Class -> {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} -> C:\Program Files (x86)\Avaya\Avaya one-X Communicator\AvayaIEHelper.dll (Avaya)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3636288926-101227424-3182810562-6128 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3636288926-101227424-3182810562-6128 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM-x32 {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} http://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF Plugin HKU\S-1-5-21-3636288926-101227424-3182810562-6128: @citrixonline.com/appdetectorplugin -> C:\Users\kbatchelor\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF user.js: detected! => C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\kbatchelor\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: html persistent handler for mapi email - C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default\Extensions\{96794CD0-DA1E-1822-1779-C1CA8D576D31} [2014-10-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-16]
FF Extension: No Name - {D19CA586-DD6C-4a0a-96F8-14644F340D60} [Not Found]
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [99328 2014-08-15] () [File not signed]
R2 iClarityQoSService; C:\Program Files (x86)\Avaya\Avaya one-X Communicator\QosServM.exe [1649664 2011-07-19] (Avaya Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-01-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-01-16] (McAfee, Inc.)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) [File not signed]
S2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-01-16] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-01-16] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-01-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-01-16] (McAfee, Inc.)
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-08-11] (Windows ® Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-11-06] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 19:54 - 2014-11-12 19:54 - 00000000 ____D () C:\Users\kbatchelor\Desktop\FRST-OlderVersion
2014-11-12 14:02 - 2014-11-12 14:03 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\kbatchelor\Downloads\tdsskiller(1).exe
2014-11-12 13:45 - 2014-11-12 13:45 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-11-12 13:44 - 2014-11-12 13:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-11-12 11:54 - 2014-11-12 11:54 - 00166380 _____ () C:\Users\kbatchelor\Desktop\ESETPoweliksCleaner.exe_20141112.115415.5320.log
2014-11-12 11:53 - 2014-11-12 11:54 - 00166314 _____ () C:\Users\kbatchelor\Desktop\ESETPoweliksCleaner.exe_20141112.115327.6900.log
2014-11-12 11:53 - 2014-11-12 11:53 - 00166380 _____ () C:\Users\kbatchelor\Desktop\ESETPoweliksCleaner.exe_20141112.115308.3716.log
2014-11-12 11:53 - 2014-11-12 10:56 - 00448512 _____ (OldTimer Tools) C:\Users\kbatchelor\Desktop\TFC.exe
2014-11-12 11:52 - 2014-11-12 11:49 - 00186568 _____ (ESET) C:\Users\kbatchelor\Desktop\ESETPoweliksCleaner.exe
2014-11-11 15:17 - 2014-11-12 19:57 - 00028067 _____ () C:\Users\kbatchelor\Desktop\FRST.txt
2014-11-11 15:17 - 2014-11-11 15:18 - 00055004 _____ () C:\Users\kbatchelor\Desktop\Addition.txt
2014-11-11 15:16 - 2014-11-12 19:54 - 02116096 _____ (Farbar) C:\Users\kbatchelor\Desktop\FRST64.exe
2014-11-11 13:19 - 2014-11-11 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 11:47 - 2014-11-12 11:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-11 11:29 - 2014-11-12 11:45 - 00000000 ____D () C:\Users\kbatchelor\Desktop\mbar
2014-11-06 15:52 - 2014-11-06 15:52 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-06 15:52 - 2014-11-06 15:52 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-06 12:24 - 2014-11-06 12:24 - 00000000 ____D () C:\Windows\pss
2014-11-06 11:08 - 2014-11-12 19:56 - 00000000 ____D () C:\FRST
2014-11-05 23:28 - 2014-11-06 14:53 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\Seagate
2014-11-05 17:54 - 2014-11-05 17:54 - 00000000 ____D () C:\Program Files\WDCSAM
2014-11-05 17:48 - 2014-11-05 17:49 - 00378553 _____ () C:\Users\kbatchelor\Downloads\WD_SES_Driver_Setup_x64 (1).zip
2014-11-05 16:24 - 2014-11-05 16:24 - 00378553 _____ () C:\Users\kbatchelor\Downloads\WD_SES_Driver_Setup_x64.zip
2014-11-05 15:55 - 2014-11-05 15:55 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Western_Digital_Technolog
2014-11-05 13:23 - 2014-11-05 13:23 - 00000000 ___SD () C:\ComboFix
2014-11-05 12:49 - 2014-11-12 15:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 12:48 - 2014-11-12 10:45 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-05 12:48 - 2014-11-05 12:48 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-05 12:48 - 2014-11-05 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 12:48 - 2014-11-05 12:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 12:48 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-05 12:48 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-05 12:47 - 2014-11-05 12:47 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\kbatchelor\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-05 12:39 - 2014-11-05 12:42 - 00002396 _____ () C:\Users\kbatchelor\Desktop\Rkill.txt
2014-11-05 12:39 - 2014-11-05 12:39 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\kbatchelor\Downloads\iExplore64.exe
2014-11-05 12:37 - 2014-11-05 12:36 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\kbatchelor\Downloads\iExplore.exe
2014-11-05 12:30 - 2014-11-05 12:30 - 00003856 _____ () C:\Windows\System32\Tasks\{E55723C3-83BA-8584-BAC0-8A70E3C2E16C}
2014-11-05 12:30 - 2014-11-05 12:30 - 00000000 _____ () C:\Windows\system32\pqdvvc.dll
2014-11-05 12:27 - 2014-11-05 13:23 - 00000000 ____D () C:\Qoobox
2014-11-05 12:25 - 2014-11-05 12:25 - 00000000 ____D () C:\Windows\erdnt
2014-11-05 10:44 - 2014-11-05 10:52 - 00002018 _____ () C:\freefallprotection.log
2014-10-31 10:40 - 2014-10-31 10:41 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\YhxcPack
2014-10-31 10:38 - 2014-11-05 09:32 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Uspqmedia
2014-10-22 22:35 - 2014-10-22 22:36 - 00000000 ____D () C:\Users\kbatchelor\Desktop\cc
2014-10-22 22:31 - 2014-10-22 22:31 - 11441642 _____ (A.I.SOFT,INC.) C:\Users\kbatchelor\Downloads\CC3up_1.30.0020.EXE
2014-10-22 22:20 - 2014-10-22 22:20 - 00924173 _____ () C:\Users\kbatchelor\Downloads\BrMain480.exe
2014-10-22 09:32 - 2014-10-22 09:32 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-22 09:32 - 2014-10-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-22 09:30 - 2014-10-22 09:32 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-22 09:30 - 2014-10-22 09:32 - 00000000 ____D () C:\Program Files\iTunes
2014-10-22 09:30 - 2014-10-22 09:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-22 09:30 - 2014-10-22 09:30 - 00000000 ____D () C:\Program Files\iPod
2014-10-20 20:44 - 2014-10-20 20:44 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 19:52 - 2012-04-12 13:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 19:49 - 2011-10-05 16:23 - 00000000 ____D () C:\Users\kbatchelor\Documents\Outlook Files
2014-11-12 19:49 - 2011-09-12 13:29 - 00000000 ____D () C:\Users\kbatchelor\Documents\MS Outlook Offline
2014-11-12 19:49 - 2011-08-25 12:13 - 02015978 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 19:48 - 2014-06-12 13:00 - 00000548 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-6128.job
2014-11-12 19:48 - 2012-12-06 10:29 - 00271360 _____ () C:\Users\kbatchelor\Documents\Batchelor Filed Mail.pst
2014-11-12 16:51 - 2011-09-06 13:59 - 00000000 ____D () C:\Users\kbatchelor\Documents\Thales Sales
2014-11-12 15:50 - 2011-09-12 11:55 - 00000000 ____D () C:\Users\kbatchelor\Documents\Customers
2014-11-12 14:07 - 2011-09-06 00:44 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Deployment
2014-11-12 13:50 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 13:50 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 13:47 - 2011-09-21 00:19 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\CrashDumps
2014-11-12 13:46 - 2009-07-14 00:13 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 13:45 - 2014-04-14 00:32 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Backup Assistant Plus
2014-11-12 13:45 - 2013-01-19 00:13 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\Skype
2014-11-12 13:45 - 2009-07-13 23:51 - 00095039 _____ () C:\Windows\setupact.log
2014-11-12 13:44 - 2011-09-02 11:52 - 00000000 ____D () C:\Users\kbatchelor\Tracing
2014-11-12 13:44 - 2011-08-25 09:50 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-12 13:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 11:48 - 2012-05-04 01:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 11:35 - 2010-11-20 22:47 - 00276124 _____ () C:\Windows\PFRO.log
2014-11-07 22:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-06 14:55 - 2011-09-01 14:31 - 00000000 ____D () C:\Users\westonit
2014-11-06 14:55 - 2011-08-31 16:32 - 00000000 ____D () C:\Users\Karl
2014-11-06 14:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-06 11:57 - 2011-09-01 14:52 - 00000000 ____D () C:\Users\kbatchelor
2014-11-06 10:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-11-05 22:50 - 2013-08-15 03:00 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-11-05 22:50 - 2012-03-04 19:12 - 00000000 ____D () C:\ProgramData\Western Digital
2014-11-05 22:30 - 2011-08-25 09:47 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
2014-11-05 22:30 - 2011-08-25 09:47 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-11-05 21:27 - 2013-08-15 03:01 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-05 19:13 - 2012-08-07 12:07 - 00000000 ____D () C:\Quarantine
2014-11-05 17:55 - 2011-08-25 09:34 - 00000000 ____D () C:\Program Files\DIFX
2014-11-05 13:34 - 2011-09-06 14:03 - 00000000 ____D () C:\Windows\Sun
2014-11-05 13:32 - 2014-01-02 14:42 - 00000000 ____D () C:\ProgramData\Conduit
2014-11-05 12:48 - 2013-01-30 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 11:00 - 2013-12-11 18:13 - 00000000 ____D () C:\Program Files (x86)\SmrtX
2014-11-05 10:51 - 2011-08-25 09:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-05 09:34 - 2014-01-15 13:01 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\{5546EB4D-9033-42C2-97A7-E893C7EDF3CD}
2014-11-02 17:16 - 2011-12-10 13:31 - 00000000 ____D () C:\Program Files (x86)\IPCamClient
2014-10-30 22:28 - 2012-06-19 14:32 - 00000000 ____D () C:\Users\kbatchelor\Documents\Expense receipts
2014-10-30 14:33 - 2011-09-06 14:03 - 00000000 ____D () C:\Users\kbatchelor\AppData\Roaming\webex
2014-10-30 13:22 - 2011-09-06 14:03 - 00000000 ____D () C:\ProgramData\WebEx
2014-10-28 00:54 - 2011-09-01 14:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-26 23:44 - 2014-08-28 13:56 - 00000000 ____D () C:\Users\kbatchelor\Desktop\Personal
2014-10-24 20:44 - 2014-06-12 13:00 - 00003576 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-6128
2014-10-22 22:55 - 2011-09-06 11:51 - 00000431 _____ () C:\Windows\Brpfx04a.ini
2014-10-22 22:55 - 2011-09-06 11:50 - 00000000 _____ () C:\Windows\brdfxspd.dat
2014-10-22 11:37 - 2011-09-12 15:58 - 00000000 ____D () C:\Users\kbatchelor\Documents\Product Files
2014-10-22 09:30 - 2014-09-10 14:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-22 09:30 - 2013-03-25 13:17 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 20:31

==================== End Of Log ============================

 

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by kbatchelor at 2014-11-12 19:57:45
Running from C:\Users\kbatchelor\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.12 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Amazon Cloud Drive (HKLM-x32\...\{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}) (Version: 0.11.12.0 - Amazon.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avaya one-X® Communicator (HKLM-x32\...\{846039E7-3F64-446F-8457-BC10F3E26825}) (Version: 6.1.25 - Avaya)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.55.0005 - Brother)
Brother MFL-Pro Suite MFC-9320CW (HKLM-x32\...\{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.001 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.01.001 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.118 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GoToMeeting 6.4.5.1865 (HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)
IP Camera (HKLM-x32\...\IP Camera) (Version:  - )
IPCamClient (HKLM-x32\...\{B1534528-3E4B-4630-A06D-8115917A2B92}) (Version: 1.0.0.10 - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
join.me (HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\JoinMe) (Version: 1.13.0.130 - LogMeIn Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Livescribe Connect (HKLM-x32\...\com.livescribe.LivescribeConnect) (Version: 1.2.1.58498 - Livescribe Inc)
Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) Hidden
Livescribe Desktop (HKLM-x32\...\Livescribe Desktop 2.8.3) (Version: 2.8.3 - Livescribe Inc)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{DE91C193-2611-4BD3-A9F9-DF589C572565}) (Version: 4.6.0.2292 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{E84D1C9D-6669-4156-992B-17557D64F1D3}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
ocxinstall (HKLM-x32\...\{1A2606DD-5E86-4ADA-954B-D98012A174E0}) (Version: 1.0.0.32 - apexis)
ooVoo toolbar, powered by Ask.com Updater (HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
Optimum (HKU\S-1-5-21-3636288926-101227424-3182810562-6128\...\882624514.optimumapp.iptv.optimum.net) (Version:  - optimumapp.iptv.optimum.net)
Optimum App for Laptop 2.00 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 2.00 - Cablevision)
Optimum WiFi Register (HKLM-x32\...\{4267D2C3-0C04-4F50-BEEE-8EA4A5B8FDB4}) (Version: 1.0.0 - Cablevision)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Salesforce Outlook Edition 3 (HKLM-x32\...\{F82DF41F-4A57-4679-9907-D6430C6310B0}) (Version: 3.3.114 - salesforce.com)
salesforce.com Offline Edition 2.0 (HKLM-x32\...\{8F8E3F13-79E2-4045-8522-0CAE2FDDDFBC}) (Version: 1.235.228 - salesforce.com)
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.8 - uvnc bvba)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Verizon Cloud (HKLM-x32\...\Verizon Cloud) (Version:  - Verizon Wireless)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{B7C5C35E-E750-4D09-BD2E-381D10124CBB}) (Version: 2.14.0305 - Samsung Electronics Co., Ltd.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WebEx Productivity Tools (HKLM-x32\...\{4F401009-3A8F-45D1-8332-4C5148D18BC7}) (Version: 2.26.2802 - Cisco WebEx LLC)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}) (Version: 16.0.9691 - WinZip Computing, S.L. )
WinZipBar Toolbar (HKLM-x32\...\WinZipBar Toolbar) (Version: 6.8.5.1 - WinZipBar)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3636288926-101227424-3182810562-6128_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

06-11-2014 03:32:15 Removed Android Sync Manager WiFi
06-11-2014 03:46:49 Removed WD SmartWare
06-11-2014 03:51:42 WD SmartWare Installer
06-11-2014 03:52:19 WD SmartWare Installer
06-11-2014 04:25:55 Installed Microsoft Visual C++ 2005 Redistributable
06-11-2014 18:12:25 Windows Backup
11-11-2014 17:44:48 Malwarebytes Anti-Rootkit Restore Point
11-11-2014 18:02:36 Removed SpringCM Business Sync 2.7.4 64-bit
11-11-2014 20:13:34 Removed SpringCM Business Sync 2.7.4 64-bit
12-11-2014 05:15:46 Removed SpringCM Business Sync 2.7.4 64-bit
12-11-2014 06:37:21 Malwarebytes Anti-Rootkit Restore Point
12-11-2014 15:43:03 Viral 11-12-14
12-11-2014 16:45:16 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3D79927E-E24E-426F-8D44-AD9777FC7B07} - System32\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-6128 => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {47F6BC3C-3E84-41BF-9E37-506661FFE3EC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7B756983-4370-4710-ACA4-A2CDF619CA5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {8B058EAD-E0B6-45D4-AB1F-5B15952F3BD8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {98D2E290-E0E8-41B6-862D-A4238A88E957} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {E338AFEE-2E37-494B-ACC5-F71F1F69B04D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ECA4814E-E623-4053-BD06-2F9F10CD3AA9} - System32\Tasks\{E55723C3-83BA-8584-BAC0-8A70E3C2E16C} => C:\Windows\system32\miyzf.dll/s "C:\Windows\system32\miyzf.dll"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3636288926-101227424-3182810562-6128.job => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-09-15 15:02 - 2014-08-15 15:30 - 00099328 ____N () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2011-08-25 09:30 - 2003-04-18 21:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2011-09-06 11:50 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2011-08-25 10:56 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-09-19 08:11 - 2009-07-20 11:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-09-19 08:11 - 2009-07-20 03:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-08-14 20:08 - 2012-08-14 20:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2011-10-27 17:56 - 2011-10-27 17:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2014-10-31 10:41 - 2014-10-31 10:41 - 00898560 _____ () C:\Users\kbatchelor\AppData\Local\YhxcPack\dzgdefz.dll
2014-11-01 19:37 - 2014-11-01 19:37 - 00926720 _____ () C:\Users\kbatchelor\AppData\Local\Uspqmedia\CNBP401.DLL
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-09-06 11:50 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42213783.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42213783.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Amazon Cloud Drive => C:\Users\kbatchelor\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

admin (S-1-5-21-3127398787-1692880747-933160537-1001 - Administrator - Enabled)
Administrator (S-1-5-21-3127398787-1692880747-933160537-500 - Administrator - Disabled)
Guest (S-1-5-21-3127398787-1692880747-933160537-501 - Limited - Disabled)
Karl (S-1-5-21-3127398787-1692880747-933160537-1000 - Administrator - Enabled) => C:\Users\Karl

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22339

Error: (11/12/2014 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22339

Error: (11/12/2014 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 06:06:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21325

Error: (11/12/2014 06:06:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21325

Error: (11/12/2014 06:06:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 06:06:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20311

Error: (11/12/2014 06:06:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20311

Error: (11/12/2014 06:06:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 06:06:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19281


System errors:
=============
Error: (11/12/2014 07:54:18 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/12/2014 07:51:45 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/12/2014 05:42:57 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/12/2014 01:44:55 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/12/2014 01:43:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: US)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/12/2014 01:43:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/12/2014 01:43:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (11/12/2014 01:42:51 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/12/2014 01:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (11/12/2014 01:42:36 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain US due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (11/12/2014 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22339

Error: (11/12/2014 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22339

Error: (11/12/2014 06:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 06:06:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21325

Error: (11/12/2014 06:06:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21325

Error: (11/12/2014 06:06:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 06:06:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20311

Error: (11/12/2014 06:06:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20311

Error: (11/12/2014 06:06:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 06:06:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19281


==================== Memory info ===========================

Processor: Intel® Core i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 51%
Total physical RAM: 3976.9 MB
Available physical RAM: 1944.58 MB
Total Pagefile: 7951.98 MB
Available Pagefile: 4812.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:352.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31435453)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Do you recognize this Firefox extension:

FF Extension: html persistent handler for mapi email - C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default\Extensions\{96794CD0-DA1E-1822-1779-C1CA8D576D31} [2014-10-31]

=======================================

Please uninstall these programs if possible:
Download Updater
ooVoo toolbar, powered by Ask.com Updater


=======================================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=====================================

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next.........

Please Update and run a Threat Scan (Malwarebytes)
Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
Same for PUM (Potentially Unwanted Modifications)
Quarantine All that's found

MrC

Link to post
Share on other sites

MrC,

 

Disabled extension... not familiar with it.

 

Removed Download Updater

Unable to remove oovoo toolbar

 

Ran FRST; fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by kbatchelor at 2014-11-12 23:42:42 Run:1
Running from C:\Users\kbatchelor\Desktop
Loaded Profile: kbatchelor (Available profiles: Karl & kbatchelor)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {EF7421DA-0D6A-42B1-A875-B056B7EB399F} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {888505E5-964D-4FB3-B1EC-CAAFA8414D89} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {888505E5-964D-4FB3-B1EC-CAAFA8414D89} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {EB72C539-71FC-4497-A097-2B8FC9E9DF3C} URL =
Toolbar: HKU\S-1-5-21-3636288926-101227424-3182810562-6128 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]
U3 mfeavfk01; No ImagePath
2014-11-05 12:30 - 2014-11-05 12:30 - 00000000 _____ () C:\Windows\system32\pqdvvc.dll
2014-10-31 10:40 - 2014-10-31 10:41 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\YhxcPack
2014-10-31 10:38 - 2014-11-05 09:32 - 00000000 ____D () C:\Users\kbatchelor\AppData\Local\Uspqmedia
2014-10-20 20:44 - 2014-10-20 20:44 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
Task: {98D2E290-E0E8-41B6-862D-A4238A88E957} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {ECA4814E-E623-4053-BD06-2F9F10CD3AA9} - System32\Tasks\{E55723C3-83BA-8584-BAC0-8A70E3C2E16C} => C:\Windows\system32\miyzf.dll/s "C:\Windows\system32\miyzf.dll"
C:\Windows\system32\miyzf.dll

*****************

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{888505E5-964D-4FB3-B1EC-CAAFA8414D89}" => Key deleted successfully.
"HKCR\CLSID\{888505E5-964D-4FB3-B1EC-CAAFA8414D89}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EB72C539-71FC-4497-A097-2B8FC9E9DF3C}" => Key deleted successfully.
"HKCR\CLSID\{EB72C539-71FC-4497-A097-2B8FC9E9DF3C}" => Key not found.
HKU\S-1-5-21-3636288926-101227424-3182810562-6128\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully.
"HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found.
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found] not found.
mfeavfk01 => Service deleted successfully.
C:\Windows\system32\pqdvvc.dll => Moved successfully.
C:\Users\kbatchelor\AppData\Local\YhxcPack => Moved successfully.
C:\Users\kbatchelor\AppData\Local\Uspqmedia => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98D2E290-E0E8-41B6-862D-A4238A88E957}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98D2E290-E0E8-41B6-862D-A4238A88E957}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ECA4814E-E623-4053-BD06-2F9F10CD3AA9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECA4814E-E623-4053-BD06-2F9F10CD3AA9}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E55723C3-83BA-8584-BAC0-8A70E3C2E16C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E55723C3-83BA-8584-BAC0-8A70E3C2E16C}" => Key deleted successfully.
"C:\Windows\system32\miyzf.dll" => File/Directory not found.

==== End of Fixlog ====

 

Running the rest of the instructions and will let you know when complete.

 

KB

Link to post
Share on other sites

AdwCleaner Run...

# AdwCleaner v4.101 - Report created 13/11/2014 at 00:01:29
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : kbatchelor - W7LT-KBACHELOR
# Running from : C:\Users\kbatchelor\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\kbatchelor\AppData\Local\Babylon
Folder Deleted : C:\Users\kbatchelor\AppData\Local\Conduit
Folder Deleted : C:\Users\kbatchelor\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kbatchelor\AppData\Roaming\Babylon
Folder Deleted : C:\Users\kbatchelor\AppData\Roaming\SearchProtect
File Deleted : C:\END
File Deleted : C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default\invalidprefs.js
File Deleted : C:\Users\kbatchelor\AppData\Roaming\Mozilla\Firefox\Profiles\u04vkaq2.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v33.1 (x86 en-US)

[u04vkaq2.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
[u04vkaq2.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[u04vkaq2.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[u04vkaq2.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[u04vkaq2.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[u04vkaq2.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
[u04vkaq2.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.171:26:00");

*************************

AdwCleaner[R0].txt - [9416 octets] - [12/11/2014 23:56:09]
AdwCleaner[s0].txt - [9209 octets] - [13/11/2014 00:01:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9269 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Professional x64
Ran by kbatchelor on Thu 11/13/2014 at  0:23:21.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\kbatchelor\appdata\locallow\winzipbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzipbar"
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{453D682F-EB4E-4F77-8846-09CBB110150B}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{5546EB4D-9033-42C2-97A7-E893C7EDF3CD}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{5C536754-AB29-445B-9DDC-38CC768A761B}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{73BD3B1B-1A1F-4D79-8111-26F89F926447}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{7F8D6BBA-6FC7-4ED8-AE72-5FDA346A7D13}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{8527097D-9599-4824-9314-23F7D8805D28}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{86CEB850-15F6-4F57-96EF-54F47078238E}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{9639CE77-73BF-41B4-A460-F7BDE9CE9606}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{B642839B-51CD-4301-97BB-F88B60652595}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{F7C793E1-CA7C-4B0A-8611-E17A764C6E36}
Successfully deleted: [Empty Folder] C:\Users\kbatchelor\appdata\local\{F8D75518-A144-4BAD-893C-D8E559C357E7}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\kbatchelor\AppData\Roaming\mozilla\firefox\profiles\u04vkaq2.default\sweetpackstoolbardata
Emptied folder: C:\Users\kbatchelor\AppData\Roaming\mozilla\firefox\profiles\u04vkaq2.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/13/2014 at  0:26:10.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

How is it??????

If there's no other problems..........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • If you can't post it, attach it
MrC
Link to post
Share on other sites

Everything appears to be clear MrC!

 

Thank you!!

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee VirusScan Enterprise   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 6 Update 37  
 Java 7 Update 11  
 Java version out of Date!
 Adobe Flash Player 15.0.0.152  
 Mozilla Firefox (33.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 McAfee VirusScan Enterprise VsTskMgr.exe  
 McAfee VirusScan Enterprise mfeann.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Thanks! :)

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


====================================

Please uninstall these and any other Java listed in your Programs and Features:
Java™ 6 Update 37
Java 7 Update 11


Java version out of Date! <-------Download and install the latest version (Java™ 8 Update 25) from Here. Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

==================================

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.